I hope people found the webinar we at Cosegic did with Clear Junction last month useful and interesting. If you missed it, or would like to remind yourself of what was said, a recording is still available here.
One of the things we did in the webinar was to poll attendees on their own firms’ level of preparedness for the implementation deadline of 17 January 2025. The results of the polls make interesting reading.
Almost half of the attendees felt that their firms were, at best, partly prepared with significant work still to do as at the implementation date. Interestingly, over 60% were at least “fairly confident” that their firms were compliant by the date of the webinar, 12 February, suggesting that a lot of time and effort was put in in the four weeks following the implementation date.
Poll 3 covered what firms see as the greatest challenges in meeting the DORA requirements, with almost 40% saying this was “understanding and applying the critical functions of DORA.” There was a fairly even split between the options of “managing third-party service providers effectively” and “managing vendors and third-party relationships which, combined made over 50% of responses.
Dependencies on third-party suppliers in our sector and the discrepancy between the size and bargaining power of some of the bigger providers and the regulated payments firms to which they provide services means this should not come as too great a surprise to anyone with knowledge of the market, but it is something that regulators and legislators need to take into consideration.
Over a quarter of attendees said that their firms would need more than 3 months from the date of the webinar (which, remember was almost a month after the implementation date) to be compliant.
In honestly, I do not find these poll results terribly surprising although, as a former regulator, I can imagine my ex-colleagues being aghast. What this makes clear to me is the importance of horizon scanning by management boards and senior executives, to enable proper planning and resourcing ahead of time for the implementation of new regulatory requirements. Here in the UK the FCA is very focused on governance and, in particular, on being able to evidence an understanding of the risks facing the business and how they can be addressed. Regulatory risk is a significant element of this risk assessment.
Making sure that this is a standing agenda for boards and/or risk committees and ensuring someone suitable experienced can look at what is coming down the line and explain the potential impact on the firm, so that proper preparations can be made is a must.
The FCA publish a Regulatory Initiatives Grid and firms can sign up for Cosegic’s Regulatory Updates to ensure that major changes are not missed, or spotted too late.
Related resources
All resources
Ensuring fair treatment: Vulnerable Customers and the Vulnerability Registration Service
Payment Services Newsletter - March 2025
Talking Regulation: Cosegic's response to FCA CP 24/28
Firms' treatment of customers in vulnerable circumstances – FCA review