DORA Register of Information (ROI)

Between 1 April 2025 and 15 April 2025, financial entities are required to submit a detailed document outlining all contractual arrangements with ICT third-party service providers to their competent authority. This requirement is applicable across Europe; however, the format of the document varies by country, compounding the complexity for organisations. Thomas Murray is offering ROI as a service. Our service ensures the regulatory deadlines and the explicit data quality requirements.

Annual disclosure requirements for financial institutions

Financial institutions must submit annual reports to their regulatory authorities, detailing key information such as:

The number of new agreements established
Categories of ICT third-party service providers engaged
Types of contractual arrangements in place
The specific ICT services and functions provided

ROI data requirements and the relationships between them (simplified)

ROI data requirements and the relationships between them

Meet your DORA RoI reporting deadline

We’ll support you by providing:

Clear guidance on your regulatory obligations
Tech-enabled support to rapidly build your ICT third-party register
Comprehensive review of your existing register
Compliance checks and support to enable you to meet the reporting deadline

Simplifying your regulatory obligations

We will provide comprehensive and concise guidance on your organisation's regulatory obligations for the specific jurisdictions in which you operate, incorporating the requirements for reporting the RoI.

Accelerated through our use of technology

Through our compliance partner Formalize, you will have access to their reporting module for simple and flexible management of digital compliance.

Migrate existing RoI data, details of CIF, mapped assets and systems
Extract metadata from contracts to populate required information for RoI
Centralised repository for contract, critical and important functions, ICT assets and systems
Generate RoI at individual level or consolidated level
Generate RoI in csv, xlsx or XBRL-csv

Consolidation and enhancement of existing efforts

We will seamlessly integrate your existing register, or the one created during the dry run, into our platform, efficiently migrating the relevant information to ensure comprehensive RoI reporting readiness, all while adhering to the standardised RoI Data model and taxonomy, thereby streamlining the reporting process and minimising potential errors.

Compliance verification and submission assistance

Our solution is equipped with a robust suite of 100 automated validation checks, which meticulously reviews the RoI reporting data to proactively identify potential issues, allowing for swift and effective rectification, and ultimately ensuring accurate and timely submission of reports, thereby minimising the risk of errors and delays.

Insights

Featured

Understanding supply chain and concentration risks in cloud services 

Featured

Thomas Murray launches OrbitAI

Thomas Murray, a global leader in risk management, due diligence, and cyber security services, is proud to announce the launch of OrbitAI. This…

Cyber Risk Advisory Press Release Thumbnail

Featured

Thomas Murray launches Cyber Risk practice with key strategic hire

Leading global risk intelligence firm Thomas Murray has announced the launch of its Cyber Risk advisory practice today with the key strategic…

A golden chessboard: Where to start with tabletop exercises

Featured

DORA Register of Information (ROI)

Annual disclosure requirements for financial institutions