DORA, 8 Months in: How resilient are Europe’s banks and insurers?

October 28, 2025 · News

In brief

On October 14, 2025, we brought together banks and insurance companies to review DORA, eight months after its entry into force. The discussions highlighted significant progress in compliance and incident management, while persistent challenges remain around resilience testing and third-party management. The event underscored that resilience must now become a true collective reflex.

An evening of discussions on DORA

On October 14, we hosted an event around DORA, the European regulation aimed at strengthening operational resilience in banks and insurance companies. Eight months after it went into effect, it was the perfect moment to take stock and share best practices.

Key takeaways:

  • Banks and insurers have made real progress on DORA compliance.
  • Incident and technology risk management are improving, with the first major incidents reported since January 2025.
  • Resilience testing and third-party management remain challenging.

The event was also an opportunity to hold a roundtable discussion with Xavier Neal (Head of Operational Resilience and Third-Party Oversight at CNP) and Xavier Lofficial (Group Operational Resilience Lead at Société Générale). The discussion focused on three key themes:

  • Third-Party Risk Management (TPRM)
  • Resilience testing
  • DORA run-phase implementation

Allowing participants to exchange insights on progress and challenges.

Operational resilience is no longer just a regulatory requirement, it needs to become a reflex, embedded in the daily routines and culture of organizations. In short, the journey toward full operational resilience is underway. This event highlighted concrete ways to keep progressing and strengthen the stability of Europe’s financial sector.