Gerhard Guenther


Metafinanz GmbH

Gerhard Guenther structures and oversees the changes induced by regulatory IT requirements for its customers. He translates regulatory requirements into viable and efficient binding rules and designs the hierarchical and the process structure of the respective IT accordingly.
He analyses regulatory requirements towards the IT as well as the status quo of customer organisations. As soon as control gaps appear, he develops innovative and lean solutions together with customers stakeholder. These solutions encompass organisational structures as well as processes, internal rules (policies, guidelines, procedures), roles & responsibilities and concrete business requirements for GRC tools.
After completing studies of mechanical engineering, he got into consulting business 25 years ago, starting with IT Service Management (ITIL: V2 Service Manager, V3 Expert, V4 Managing Professional) moved to IT Governance (COBIT Practitioner) and gained some IT Audit- and IT Risk Management- Experience (Isaca: CISA, CGEIT, CRISC). Currently working for Metafinanz (Allianz owned inhouse consulting company) for the main customer Group IT Function of the Allianz Holding.

Thursday, April 28th, 2022 13:55 Munich

DORA - a new European regulation for the IT sector in the financial system

On 24 September 2020, the European Commission published its draft regulation “Digital Operational Resilience Act (DORA)” as part of its digital finance strategy. The proposed legislation aims to create a regulatory framework on digital operational resilience to ensure that all participants in the financial system have the necessary safeguards in place to mitigate risk of cyber-attacks and other risks in the area of Information and Communication Technology (ICT).
In December 2021 the negotiations in the course of informal trialogues between European Parliament, European Council and the European Commission have started. Thus, we expect a final version of the regulation to come into force at the end of 1st quarter 2022, immediately after publication. We assume an implementation period of approx. 12 months.

Friday, April 29th, 2022 11:00 Munich

DEUTSCHE SITZUNG - DORA - eine neue europäische Regelung für den IT-Sektor im Finanzsystem

Am 24. September 2020 veröffentlichte die Europäische Kommission ihren Verordnungsentwurf “Digital Operational Resilience Act (DORA)” als Teil ihrer digitalen Finanzstrategie. Die vorgeschlagene Gesetzgebung zielt darauf ab, einen Regelungsrahmen für die digitale operationelle Widerstandsfähigkeit zu schaffen, um sicherzustellen, dass alle Teilnehmer des Finanzsystems über die notwendigen Sicherheitsvorkehrungen verfügen, um das Risiko von Cyberangriffen und anderen Risiken im Bereich der Informations- und Kommunikationstechnologie (IKT) zu mindern.
Im Dezember 2021 haben die Verhandlungen im Rahmen eines informellen Trialogs zwischen dem Europäischen Parlament, dem Europäischen Rat und der Europäischen Kommission begonnen. Wir erwarten daher, daß eine endgültige Fassung der Verordnung unmittelbar nach ihrer Veröffentlichung Ende des 2. Quartals 2022 in Kraft treten wird. Wir gehen von einer Umsetzung von ca. 12 Monaten aus.