Compliance Library Blog Product Sign In
EU-DORA-28-16 Risk Management 28 — General principles

Identify and assess conflicts of interest from contractual arrangement

Description

Before entering into contractual arrangements for ICT services, financial entities must identify and assess conflicts of interest that the contractual arrangement may cause.

Full Analysis & Evidence Requirements

Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.

Sign In to View

Related Obligations

EU-DORA-28-01 Risk Management

Manage ICT third-party risk as integral component of ICT risk management
EU-DORA-28-02 Requirement

Remain fully responsible for compliance despite third-party arrangements
EU-DORA-28-03 Risk Management

Implement ICT third-party risk management proportionally
EU-DORA-28-04 Requirement

Adopt and regularly review ICT third-party risk strategy
EU-DORA-28-05 Documentation

Include policy on critical/important ICT services in third-party risk strategy
EU-DORA-28-06 Monitoring

Management body regular risk review for critical/important functions
EU-DORA-28-07 Documentation

Maintain and update register of ICT service contractual arrangements
EU-DORA-28-08 Documentation

Appropriately document contractual arrangements with distinction
EU-DORA-28-09 Reporting

Report yearly on new ICT service arrangements
EU-DORA-28-10 Transparency

Make register available to competent authority upon request

Map this obligation to your AI systems

ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.

Get Started

Start your compliance assessment

Map obligations to your AI systems, identify gaps, and generate board-ready reports. Plans start at $149/mo.

Get Started