Financial Services Cloud Council and Forum

Now that the DORA is in effect, the practical issues come: Suppose you have a supplier that is neatly compliant and has a EUID. What if that supplier is acquired by a large company that does not have an EUID or LEI? 
Should you then include that large company's data in the information register and thus ask that large company to apply for an LEI number? Or are you allowed to maintain the original registration, i.e. with that compliant smaller company?
What do you think?

Hi Aschwin:

My first suggestions is seek and apply advice from your organization's legal and compliance teams considering the specifics of the acquisition and contractual obligations, as well as monitoring updates and guidance from regulatory authorities. 

The next step might be to engage in open communication with the supplier to understand their plans and any changes in their compliance status post-acquisition. This can help you make informed decisions regarding the information register and LEI number application.

Overall, and given the requirements of the Digital Operational Resilience Act (DORA), it's important to ensure that all entities involved in providing ICT services are properly identified and compliant with the regulations. If a supplier that is neatly compliant and has an EUID (Entity Unique Identification) is acquired by a large company that does not have an EUID or LEI (Legal Entity Identifier), it would seem prudent to include the large company's data in the information register and potentially ask them to apply for an LEI number. Maintaining the original registration with the smaller, compliant company alone might not be sufficient, as the larger company now encompasses the supplier and its operations.

Let me know if you have any other questions.