Session Details
Mission Possible: Agentic AI and the DORA Compliance Frontier

Start: at 13:00

Presenting Speakers

About the Session

With SREP’s ICT risk framework, NIS2, Cloud guidelines, EU Data act, EU AI act, DORA and their global counterparts setting new technology and operational resilience standards, the financial sector is under mounting pressure to fortify every layer of its digital ecosystem – including an estimated 40,000 suppliers. The challenge isn’t just scale – it’s achieving clarity, coordination, and control across a sprawling, complex environment. Enter agentic AI.

This panel explores the overlaps and requirements of these new non-financial risk controls and how financial institutions are turning to next-gen AI technologies to make the impossible, possible. From mapping regulatory obligations to streamlining policy reviews and identifying supply chain risks, AI is pushing compliance from reactive to proactive, from fragmented to unified and comparable to common control models (e.g., Finos CCC).

As the regulatory spotlight shifts toward AI governance itself, panelists will examine how firms secure the “seaworthiness” of the financial sector amid accelerating digital risk?

Regulatory Challenges
  • NIST Quantum Capabilities to NIST Cybersecurity Framework 2.0 here
  • CFTC Withdrawal of Proposed OpRes rules here
  • NIST Guidelines for API Protection for Cloud-Native Systems here 
    ECB Guide on outsourcing cloud services to cloud service providers here
  • FIRE (Format for Incident Reporting Exchange): Final format here
  • BoJ use of cloud in FS survey results here UK Containerization guidance here, BIS managing cloud risk here
  • EC Digital Operational Resilience 01/24 standards hearing here rules here ESA DORA technical advice here
  • UK  ICO Generative AI data protection and GenAI here and HMG framework here
  • Netherlands AI masterplan here
  • Singapore model AI governance framework for generative AI here
  • FSI Insights on policy implementation No 53; Managing cloud risk 
  • US AI 012/24 fact sheet here strategic plan here and Whitehouse blueprint for AI bill of rights here 
  • EU Cyber resilience act here cybersecurity certification MRA here and background  here
  • APRA operational risk management – CPS 230 here PRA PS6/21 OpRes here
  • HMT Critical third parties here PRA DP3/22 CTP here / PRA SS2/21 Outsourcing and TPRM here
  • US  Interagency Guidance on Third-Party Relationships: Risk Management here
  • EU Artificial Intelligence Act leaked copies here and here original texts here and here
  • UK National AI action plan here ICO guidance on AI and data  here
  • EU  deforestation regulation here
  • EU Corporate sustainability due diligence (CSDDD) here 
New RegTech/SupTech drivers
  • Premium – The OpRes Crackdown Starts: AI Is the Only Defence here
  • Premium – Cloud Control Begins: The EU Data Act’s First Step here
  • Premium – Data access disrupted: the EU Data Act here
  • Premium Newsletter – Proving control in the age of DORA here
  • Premium Newsletter – Digitalizing the FS backbone here
  • GFMA White Paper on Public Cloud Portability here 
  • Legal assessment of draft EU AI act text here
  • Analysis: Decoding DORA standards: what it means here
  • Analysis: Accountability for GenAI here
  • Forbes: New Financial Services Regs Will Require Comprehensive Action By Boards here
  • Research report ‘Managing Digital Infrastructure Risk: a collaborative path to financial services safety’ here