UNIQA: DORA regulatory compliance roadmap
Accenture helped the insurer identify the steps it must take to meet the new DORA requirements.
Managing ICT governance and risk
Insurance businesses operate in a highly regulated environment. They must continuously adapt to new regulatory requirements such as the Digital Operational Resilience Act (DORA), which is expected to become effective in the second half of 2022.
This new EU regulation is within the context of existing Information and Communication Technology (ICT) guidelines from the European Insurance and Occupational Pensions Authority (EIOPA) and respective local regulations. It aims to harmonize existing rules on managing ICT governance, ICT risks and incident reporting—enhancing resilience against cyber-attacks for financial institutions.
UNIQA, a leading insurance group operating in 18 countries and serving approximately 15.5 million customers, wanted to align its existing processes and controls to the new DORA requirements. It sought Accenture’s help to create a roadmap so it could comply with the new regulations within 12 months of anticipated enforcement.
Targeting gaps and recommendations
Accenture continuously monitors the regulatory landscape, so our team of security strategy and risk consultants had an already-prepared DORA assessment catalog ready when the project started. This meant that within only a few weeks, we could analyze the company’s security policies and processes, compare them to existing and proposed regulations and identify gaps.
In collaborative workshops with UNIQA’s employees, we defined ways to fill these gaps and made recommendations for their implementation.
We also developed a roadmap of what the company needs to do to address the required documented policies and reports and enhance its control landscape. Plus we recommended which measures should be prioritized.
"Without the assistance of the Accenture team, it would have taken us significantly longer to identify the gaps we need to fill to be compliant. Now we know precisely what's required and we can move ahead with confidence."
– FLORIAN POLT, Head of Group Security at Uniqa
The effective collaboration between our team and UNIQA’s stakeholders enabled the work to be carried out in a highly targeted manner over a few weeks. UNIQA now has a clear understanding of its current state related to the guidelines and a list of concrete next steps to ensure it will be compliant. It is well-positioned to meet the DORA requirements within twelve months after enforcement begins.
Relevant stakeholders, including board members, have a detailed view of the company’s existing pain points and how to address them. They report being extremely satisfied with Accenture’s efficient assessment—which has paved the way for them to put the necessary governance and process changes in place ahead of the deadline.