Situation

One of the world’s top global banks was preparing to implement the EU’s Digital Operational Resilience Act (DORA), which had cross-border implications for its existing governance, compliance, and IT risk management systems in Asia and Germany.

Complication

The existing structures did not meet the standards for operational resilience, IT governance or regulatory audit readiness. Processess lacked consistency across technical and organisational implementation of DORA requirements within the set deadline of January 2025.

Solution

GRM conducted structured gap analyses, maturity assessments and control tests along the DORA review categories: Test of Design (ToD), Test of Implementation (ToI), and Test of Effectiveness (ToE). This ensured regulatory alignment, international harmonisation, and audit-ready implementation at group and entity level.