Our dedicated Aviation Advisory team bring best-in-class expertise across modelling, lease management, financial accounting and transaction execution as well as technical services completed by certified engineers.
Our Business Risk Services team deliver practical and pragmatic solutions that support clients in growing and protecting the inherent value of their businesses.
Our experienced Deal Advisory team has provided a range of transaction, valuation, deal advisory and restructuring services to clients for the past two decades.
Our Forensic and Investigation Services team have targeted solutions to solve difficult challenges - making the difference between finding the truth or being left in the dark.
Our FAAS team designs and implements creative solutions for organisations expanding into new markets or undertaking functional financial transformations.
Our Risk Advisory team delivers innovative solutions and strategic insights for the Financial Services sector, addressing disruptive forces, regulatory changes, and emerging trends to enhance risk management and foster competitive advantage.
Explore key updates from the ESA report on the Digital Operational Resilience Act (DORA), highlighting crucial changes for financial entities to ensure compliance by January 2025.
Our audit services can strengthen your business and stakeholders' confidence. You'll receive professionally verified results and insights that help you grow.
In today’s global asset management landscape, there is an almost constant onslaught of change and complexity. To combat such complex change, asset managers need a consolidated approach. Read our publication and find out more about what you can achieve by choosing to work with us.
On 28 April 2021, the Irish Government transposed IORP II (Institution for Occupational Retirement Provision), an EU directive on the activities and supervision of pension schemes, into law.
Appointing new auditors may seem like a daunting task that will be disruptive to your business and a drain on the finance function. Nevertheless, there are a multitude of reasons to consider a change, including simply seeking a ‘fresh look’ at the business.
Our Corporate Tax team is made up of more than 40 highly experienced senior partners and directors who work directly with a wide range of domestic and international clients; covering Corporation Tax, Company Secretarial, Employer Solutions, Global Mobility and Tax Incentives.
The Grant Thornton team is made up of experts who are fully up to date in terms of changing and evolving tax legislation. This is combined with industry expertise and an in-depth knowledge of the evolving financial services regulatory landscape.
Grant Thornton’s team of indirect tax specialists helps a range of clients across a variety of sectors including pharmaceuticals, financial services, construction and property and food to navigate these complexities.
We develop close relationships with clients in order to gain a deep understanding of their businesses to ensure they make the right operational decisions. The wrong decision on how a company sells into a new market or establishes a new subsidiary can have major tax implications.
Grant Thornton’s Private Client Services team can advise you on all areas of financial, pension, investment, succession and inheritance planning. We understand that each individual’s circumstances are different to the next and we tailor our services to suit your specific needs.
The Minister for Finance, Jack Chambers, and the Minister for Public Expenditure, Paschal Donohoe, today published the government’s Summer Economic Statement 2024 outlining the fiscal parameters within which discussions will take place ahead of Budget 2025.
Looking for a more fulfilling role in professional services? One where fresh thinking, collaboration and diversity are valued? At Grant Thornton we do things...
We offer a range of graduate programmes to help you thrive in your career. Work with and learn from the best in the business, make a difference and excel by...
Grant Thornton Ireland is rapidly approaching 3,000 people, in 9 offices across Ireland, Isle of Man, Gibraltar and Bermuda, and a presence in over 149...
We believe in a connected world — so we created an industry-leading online Alumni Network that focuses on what matters most at Grant Thornton — our people.
On December 8, 2023, the European Supervisory Authorities (the ESAs) launched a public consultation on the second batch of policy mandates under the Digital Operational Resilience Act (DORA). On July 17, 2024, the ESAs published the final reports on these policy mandates. The most noteworthy changes for in-scope financial entities emerged across the following areas:
Regulatory Technical Standards (RTS) and Implementing Technical Standards (ITS) on the content, format, templates and timelines for reporting major ICT-related incidents and significant cyber threats.
RTS on threat-led penetration testing (TLPT).
Guidelines on the estimation of aggregated costs/losses caused by major ICT-related incidents.
The final report on the RTS on subcontracting ICT services supporting critical functions has not yet been published. Given that this area lacks clarity and continuously presents challenges for financial entities, all are eagerly awaiting the report’s release.
Key DORA Updates
With the looming compliance deadline of January 17, 2025, financial entities are keen to understand the changes between draft and final reports, especially as they progress their assessment and implementation efforts to meet DORA requirements. The below information outlines the most important changes for in-scope entities from the July 2024 reports.
The key changes to DORA regarding TLPT relate to testing criteria, the conducting of testing and the requirements for testers.
Testing criteria: The ESAs revised and updated the selection criteria for financial entities. The criteria now includes impact-related factors, potential financial stability concerns, ICT risk profiles and levels of ICT maturity. They also increased the threshold for payment institutions to 150 billion euro.
Conducting of testing: The report clarifies aspects of pooled testing and joint TLPT and when purple team testing should take place.
Requirements for testers: The ESAs reviewed and eased requirements for testers, introducing flexibility by broadening tester experience criteria from experience in TLPT to experience in penetration testing and red teaming.For internal testers, they have reduced criteria about the required tenure length for holding a role within the financial entity from two years to one. The second batch of DORA mandates also contain a provision making it possible for financial entities to choose TLPT providers that do not meet all requirements in the case of exceptional circumstances.
The changes introduced to the ICT-related incident-reporting regime for financial entities relate to the scope of incidents that require reporting, the timelines for reporting major incidents and the data points for major incident reporting.
Scope of incidents to be reported: The changes reduce the scope for mandatory weekend and bank holiday reporting by excusing smaller entities from reporting the initial notification in relation to incidents. Not all financial entities are obliged to maintain a 24/7 incident reporting support function. The updates also introduce aggregated incident reporting for instances where a single incident has impacted multiple financial entities.
Timelines for major incident reporting: The updates extend reporting timelines for financial entities: rather than begin from the moment when the incident is classified, the 24 hour / 72 hour reporting windows will begin when the prior notification or report is submitted. Regarding weekend and bank holiday reporting, the previous time limit of one hour for submitting notifications and reports has been extended, and financial entities now have until noon on the first working day to do so.
Data points for major incident reporting: To reduce the workload for financial entities dealing with an incident, the ESAs;
Reduced the number of reporting fields in the reporting template from 84 to 59,
Reduced the number of reporting fields in the initial notification from 17 to 10, and
Reduced the number of mandatory fields required across all three reports (initial, intermediate and final). For example, the initial notification was reduced from nine to seven. Overall across the three reports, the total number of mandatory fields has gone from 37 to 28.
The final report introduces two major changes for the estimation of costs and losses. These changes will allow for additional flexibility and seek to further reduce the reporting burden on financial entities.
Financial entities can now choose which reference year they want to use, either the accounting year or the calendar year, and they are no longer required to include and report the net costs and losses.
How Grant Thornton can help you reach DORA compliance
Our team of subject matter experts supports institutions of all sizes in their ongoing journey to DORA compliance. We can provide a different combination of service offerings, depending on your organisation’s specific requirements, to create a best-fit model for DORA implementation that ensures compliance by the January 2025 deadline.
Our first-hand experience, bolstered by our involvement with our EU network of firms, brings strength and depth to our service offerings. Our clients attest that by clarifying the scope and key dependencies, we have helped them avoid potential pitfalls and ensured compliance to the standard required.
