Expanding regulatory expectations are the one certainty in the world.
The European Union has kept up the pace in introducing new regulatory frameworks and with the Digital Operational Resilience Act (DORA), a new regulatory push has been made by Brussels. This comes on top of other, wide-ranging legislation, from the General Data Protection Regulation (GDPR) to the various guidelines published by the European Banking Authority (EBA), constantly adding to the single rulebook.
At the same time, national regulatory bodies often add a little spice to these regulations. In Germany, BaFin has added to the regulatory landscape with minimal requirements for risk management (MaRisk) and IT (BAIT/KAIT/VAIT/ZAIT). And so have other national regulatory bodies from the UK (FCA/PRA) to Singapore (MAS).
It is our job to make sure that corporate compliance walks in lockstep with these changes and that information security management systems and internal control systems are kept in line with regulatory expectations. With our excellent political connections, we often understand well before any new law enters into effect what directions regulatory trends will take.