4th – 5th December 2025
Dusit Thani Hotel, Dubai – U.A.E.
Course Overview:
In today’s rapidly evolving regulatory and technological environment, building operational resilience is no longer optional—it’s a strategic imperative and a regulatory priority. This two-day course provides a practical and comprehensive guide to embedding operational resilience across financial services firms, and drills down on ICT resilience and the Digital Operational Resilience Act (DORA).
Participants will gain a clear understanding of resilience fundamentals, including how to define important business services/ critical operations, set tolerances, map critical dependencies, and develop scenario tests for severe but plausible disruptions.
On Day 1, participants will learn how to build and embed a resilience framework that meets regulatory expectations while aligning with internal governance, risk appetite, and business continuity planning. Day 2 provides a deep dive into DORA’s requirements—covering ICT risk management, incident reporting, threat-led testing, and third-party oversight.
The course demystifies the regulation and offers actionable guidance from experienced former regulators and risk and resilience practitioners on gap assessments, policy integration, and supervisory expectations both globally, at BCBS and across the Middle East Region.
Learning Outcomes:
By the end of this course, participants will be able to:
- Define and apply the principles of operational resilience in the context of financial services, including identifying important business services/ critical operations and setting impact tolerances/ tolerance for disruption.
- Design and execute scenario testing for severe but plausible disruptions, including cyber incidents, third-party failures, and technology outages.
- Develop a comprehensive operational resilience framework aligned with governance structures, business continuity, and risk management practices.
- Understand the scope and regulatory requirements of DORA, including key obligations around ICT risk management, incident reporting, and threat-led penetration testing.
- Assess and manage ICT third-party risk in line with DORA, including oversight of critical third-party providers and contractual safeguards.
- Engage senior management and business units in embedding a resilience culture and ensuring cross-functional accountability for regulatory compliance and business continuity.