Fill out the form to stay updated on ecosystem innovation topics, activities and opportunities Cetif
More than 30,000 professionals make up the ecosystem of Cetif: we facilitate the meeting and exchange between banks, insurers and companies in an academic Center, competent and independent environment to share knowledge, experience and strategies on the most innovative drivers of change.
16 Research Hubs focused on dynamics of strategic evolution, regulatory updates, organizational and process practices, and the effects of digitization: we study innovation trends and best practices and share them with our communities.
Over 60 events including Main events (Workshop and Summit) and Community events (related to research activities) and Webinar: we bring together banks, insurance companies and businesses for shared growth on trends and challenges to outline innovative development strategies.
More than 40 Executive Education tracks, 4 Master's programs and numerous Company Specific Programs: we transfer innovative financial-oriented content with a scientific approach.
An experimental spin off combining academic research and entrepreneurial approach: we turn innovation and digitization into a concrete business advantage.
The Digital Operational Resilience Act (DORA), introduced by Regulation (EU) 2022/2554 and recently implemented in Italy by Legislative Decree No. 23 of March 10, 2025, represents a breakthrough in the management of digital operational resilience in the financial sector, including insurance and reinsurance companies and insurance and reinsurance intermediaries. The main objective is to ensure that financial entities have robust governance arrangements in place to manage ICT risks arising from third parties.
A key aspect of the regulations is the implementation and continuous updating of the Information Registry, which summarizes in detail-according to precise standards prescribed by the regulations-data and information on contractual arrangements with ICT suppliers. The Registry is an essential tool for monitoring and managing the risks involved in outsourcing ICT services that impact the institution's core or important functions.
In this regard,Ivass, in its recent Letters to the Market dated March 7, 2025, provided the procedures and timelines for reporting the Register, which must be submitted by April 11 through the Infostat platform.
Adapting to DORA brings a number of challenges for insurance companies, reinsurance companies, and intermediaries. On the compliance and governance front, companies are required to strengthen their ICT governance and implement specific risk management strategies to ensure digital operational resilience.
Another crucial aspect relates to the monitoring of ICT outsourcing: the Information Registry in fact mandates greater transparency on contracts with third-party vendors, requiring constant updates and regular reporting to supervisors.
Finally, the penalties for noncompliance should not be underestimated: the Legislative Decree provides penalties for both legal entities and individuals, with fines of up to 10 percent of turnover for the most serious violations, and individual fines of up to 5 million euros for directors and managers.
These issues require insurance operators to rethink operational risk management strategies as well as strengthen internal control processes.
In response to these new requirements, Cetif Advisory - a spin-off ofCattolicaUniversità - has developed an innovative solution to support companies in complying with the Information Registry regulations: DORA IS Platform.
Starting with recent emblematic data: during the Dry-Run Exercise, only 7% of Financial Entities successfully passed all compliance checks. More than 50%, on the other hand, failed more than 5 RoI-related checks. Further complicating the picture, it should be pointed out that there are no formal templates in Excel format provided by ESAs for RoI, thus increasing the risk of errors.
In this context, the platform proves to be an invaluable tool, because it allows for the continuous implementation, management and updating of the Information Registry through an intuitive, simple, accessible and user-friendly web app. In addition, it allows for robust data collection processes and automation and validation mechanisms, thanks to the integration of both internal and external data sources. Finally, it supports the creation of reporting in the formats required by the relevant authorities for reporting activities.
DORA represents a paradigm shift for the insurance industry, requiring new approaches to digital operational resilience. Effective implementation of the Information Registry will be crucial to ensure compliance and avoid penalties. Technology solutions can offer concrete support to companies, reducing operational burdens and improving risk management.