The European arm of an international banking corporation faced serious compliance risks due to new financial legislation.

The Digital Operational Resilience Act (DORA)—an EU initiative aimed at addressing the gap in digital resilience in the finance sector—came into force in January 2023, and was applied in its entirety two years later, in January 2025.

The new legislation requires all banks, financial institutions, and financial sector suppliers to follow strict guidelines for safeguarding against ICT-related incidents, including protection, detection, containment, recovery, and repair. DORA predominantly targets ICT risks, introducing clear rules for ICT risk management, incident reporting, operational resilience testing, and oversight of ICT third-party risks.

To ensure compliance with this new legislation, our client urgently needed to carry out gap analysis of the business to establish which areas met with new guidelines and where changes needed to be.

They sought talent skilled in Microsoft, SQL, Power BI, and more, but they were hindered by a long recruitment process and a limited budget.

Recognising the need for immediate support, FDM was approached to provide pre-skilled Risk, Regulation & Compliance Consultants in a short timeframe.

Due to the urgency and scale of the project, FDM sought ready-to-assign talent from the consultant bench. Already trained in the Risk, Regulation & Compliance Practice, these consultants had been utilising their skills within FDM as part of our office model.

Following their Risk, Regulation & Compliance training, consultants have expertise in data analysis, risk management, compliance, team management, Power BI, and process improvement. They are adept at delivering support across first and second lines of defense, whilst also being proficient in transactional customer operations.

As no additional upskilling was required prior to assignment, FDM was able to deliver 10 consultants to the client site within two and a half weeks from the initial scoping session.

The FDM Consultants joined the client’s Third-Party Risk Management Team, working on risk assessment and contract remediation in preparation for DORA.

Thanks to their prior training and hands-on experience within FDM, the consultants integrated quickly within the team, demonstrating their skills by streamlining processes, using Power BI, managing contract trackers, and undertaking quality control.

One consultant described their experience so far:

“I’m currently running a pilot, using a template to gather data in Excel which will generate a document of issues and improvements. Having those automatic fixes built into the business’s strategic solution will minimise workload for the team.

“I’m also working on due diligence questioning to establish contingency plans for critical ICT services.”

The initial cohort of 10 consultants have since been internalised by the client on 12-month FTCs, with an additional three consultants assigned to support with workload.