-
Aviation Advisory
Our dedicated Aviation Advisory team bring best-in-class expertise across modelling, lease management, financial accounting and transaction execution as well as technical services completed by certified engineers.
-
Consulting
Our Consulting team guarantees quick turnarounds and superior results delivered on a range of services.
-
Business Risk Services
Our Business Risk Services team deliver practical and pragmatic solutions that support clients in growing and protecting the inherent value of their businesses.
-
Deal Advisory
Our experienced Deal Advisory team has provided a range of transaction, valuation, deal advisory and restructuring services to clients for the past two decades.
-
Forensic Accounting
Our Forensic and Investigation Services team have targeted solutions to solve difficult challenges - making the difference between finding the truth or being left in the dark.
-
Financial Accounting and Advisory
Our FAAS team designs and implements creative solutions for organisations expanding into new markets or undertaking functional financial transformations.
-
Restructuring
Grant Thornton is Ireland’s leading provider of insolvency and corporate recovery solutions.
-
Risk Advisory
Our Risk Advisory team delivers innovative solutions and strategic insights for the Financial Services sector, addressing disruptive forces, regulatory changes, and emerging trends to enhance risk management and foster competitive advantage.
-
Sustainability Advisory
Our Sustainability Advisory team works with clients to accelerate their sustainability journey through innovative and pragmatic solutions.
-
Corporate Accounting and Outsourcing
At Grant Thornton we have extensive knowledge and experience in providing tailored solutions to our clients, whether on a short-term or long-term basis.
-
Financial Services Audit
Our Financial Services Audit team offers expertise and knowledge along with a horizontal approach to solving clients’ problems and queries.
-
Global Statutory Audit
Our Global Statutory Audit team ensures your statutory audit process follows a well-defined project plan, with no surprises, to maintain compliance across multiple jurisdictions. We invest time to understand your finance function and develop bespoke solutions built on the premise of central effort to remove duplication.
-
Pension Audit
The Grant Thornton Pension Audit team has vast experience in managing schemes and preparing annual reports on them for clients.
-
Corporate Tax
Our Corporate Tax team is made up of more than 40 highly experienced senior partners and directors who work directly with a wide range of domestic and international clients; covering Corporation Tax, Company Secretarial, Employer Solutions, Global Mobility and Tax Incentives.
-
Financial Services Tax
The Grant Thornton team is made up of experts who are fully up to date in terms of changing and evolving tax legislation. This is combined with industry expertise and an in-depth knowledge of the evolving financial services regulatory landscape.
-
Indirect Tax Advisory & Compliance
Grant Thornton’s team of indirect tax specialists helps a range of clients across a variety of sectors including pharmaceuticals, financial services, construction and property and food to navigate these complexities.
-
International Tax
We develop close relationships with clients in order to gain a deep understanding of their businesses to ensure they make the right operational decisions. The wrong decision on how a company sells into a new market or establishes a new subsidiary can have major tax implications.
-
Private Client
Grant Thornton’s Private Client Services team can advise you on all areas of financial, pension, investment, succession and inheritance planning. We understand that each individual’s circumstances are different to the next and we tailor our services to suit your specific needs.
Receive the latest insights, news and more direct to your inbox.
The Evolution of DORA
On December 8, 2023, the European Supervisory Authorities (the ESAs) launched a public consultation on the second batch of policy mandates under the Digital Operational Resilience Act (DORA). On July 17, 2024, the ESAs published the final reports on these policy mandates. The most noteworthy changes for in-scope financial entities emerged across the following areas:
- Regulatory Technical Standards (RTS) and Implementing Technical Standards (ITS) on the content, format, templates and timelines for reporting major ICT-related incidents and significant cyber threats.
- RTS on threat-led penetration testing (TLPT).
- Guidelines on the estimation of aggregated costs/losses caused by major ICT-related incidents.
The final report on the RTS on subcontracting ICT services supporting critical functions has not yet been published. Given that this area lacks clarity and continuously presents challenges for financial entities, all are eagerly awaiting the report’s release.
Key DORA Updates
With the looming compliance deadline of January 17, 2025, financial entities are keen to understand the changes between draft and final reports, especially as they progress their assessment and implementation efforts to meet DORA requirements. The below information outlines the most important changes for in-scope entities from the July 2024 reports.
The key changes to DORA regarding TLPT relate to testing criteria, the conducting of testing and the requirements for testers.
- Testing criteria: The ESAs revised and updated the selection criteria for financial entities. The criteria now includes impact-related factors, potential financial stability concerns, ICT risk profiles and levels of ICT maturity. They also increased the threshold for payment institutions to 150 billion euro.
- Conducting of testing: The report clarifies aspects of pooled testing and joint TLPT and when purple team testing should take place.
- Requirements for testers: The ESAs reviewed and eased requirements for testers, introducing flexibility by broadening tester experience criteria from experience in TLPT to experience in penetration testing and red teaming.For internal testers, they have reduced criteria about the required tenure length for holding a role within the financial entity from two years to one. The second batch of DORA mandates also contain a provision making it possible for financial entities to choose TLPT providers that do not meet all requirements in the case of exceptional circumstances.
The changes introduced to the ICT-related incident-reporting regime for financial entities relate to the scope of incidents that require reporting, the timelines for reporting major incidents and the data points for major incident reporting.
- Scope of incidents to be reported: The changes reduce the scope for mandatory weekend and bank holiday reporting by excusing smaller entities from reporting the initial notification in relation to incidents. Not all financial entities are obliged to maintain a 24/7 incident reporting support function. The updates also introduce aggregated incident reporting for instances where a single incident has impacted multiple financial entities.
- Timelines for major incident reporting: The updates extend reporting timelines for financial entities: rather than begin from the moment when the incident is classified, the 24 hour / 72 hour reporting windows will begin when the prior notification or report is submitted. Regarding weekend and bank holiday reporting, the previous time limit of one hour for submitting notifications and reports has been extended, and financial entities now have until noon on the first working day to do so.
- Data points for major incident reporting: To reduce the workload for financial entities dealing with an incident, the ESAs;
- Reduced the number of reporting fields in the reporting template from 84 to 59,
- Reduced the number of reporting fields in the initial notification from 17 to 10, and
- Reduced the number of mandatory fields required across all three reports (initial, intermediate and final). For example, the initial notification was reduced from nine to seven. Overall across the three reports, the total number of mandatory fields has gone from 37 to 28.
The final report introduces two major changes for the estimation of costs and losses. These changes will allow for additional flexibility and seek to further reduce the reporting burden on financial entities.
Financial entities can now choose which reference year they want to use, either the accounting year or the calendar year, and they are no longer required to include and report the net costs and losses.
How Grant Thornton can help you reach DORA compliance
Our team of subject matter experts supports institutions of all sizes in their ongoing journey to DORA compliance. We can provide a different combination of service offerings, depending on your organisation’s specific requirements, to create a best-fit model for DORA implementation that ensures compliance by the January 2025 deadline.
Our first-hand experience, bolstered by our involvement with our EU network of firms, brings strength and depth to our service offerings. Our clients attest that by clarifying the scope and key dependencies, we have helped them avoid potential pitfalls and ensured compliance to the standard required.