GDV Dienstleistungs-GmbH third-party service provider portal: Lower compliance costs, higher efficiency – why we at adesso are committed to widespread adoption

The EU's Digital Operational Resilience Act (DORA) has been in force since January 2025 and requires financial companies to actively exercise governance over their third-party ICT service providers: from due diligence and continuous monitoring to minimum contractual requirements and a complete information register. This is technically correct, but for us it means a measurable increase in compliance effort in our projects. More questionnaires, more evidence, more contract updates. In a situation where we need to reduce costs and increase efficiency, the third-party service provider portal of GDV Dienstleistungs-GmbH is a key lever: standardisation and central availability instead of redundant individual queries. The more financial companies and service providers use the portal, the more our internal efforts and those of our customers are reduced.

What DORA means for our cost structure

In many projects, compliance activities have become the dominant cost driver. A single, individually designed questionnaire from a bank or insurer generates a complete process for us:

• Distribution to the specialist departments,
• Coordination of responses,
• Obtaining evidence,
• Consolidation,
• Queries, repeat runs – often via email and Excel.

Much of this effort does not add value and can only be invoiced to a limited extent. It ties up resources in information security, data protection and legal matters, delays decisions and increases indirect project costs. Under DORA, the frequency of these cycles is increasing: initial assessments, reassessments, updates and stricter requirements for subcontracting chains and evidence. In short: more loops, more coordination, higher costs – for adesso and for our customers.

Why the third-party service provider portal addresses our cost levers

The portal breaks down the logic of redundant individual communication. Service providers maintain their information and certificates centrally once; financial companies access this standardised content.

For us, this means:

• fewer parallel questionnaires with different formats,
• fewer individual verification requirements,
• fewer media breaks.

Reusable answers reduce the number of internal coordination loops. Standardised fields create comparability and reduce the effort required for interpretation. APIs allow data to be integrated into TPRM/GRC workflows and register maintenance, saving copying work and follow-up maintenance. Every loop avoided reduces our project costs, stabilises schedules and increases the proportion of value-adding activities.

Concrete impact in practice

In projects, we see that a ‘portal-first’ approach significantly reduces the turnaround time for assessments. Instead of responding to several nearly identical catalogues separately, we use the portal information as a common basis and only clarify genuine gaps bilaterally. Updated certificates and reports are available centrally – we check the content, not the receipt. The effect is twofold: our teams spend less time collecting, copying and formatting, and customer teams at banks and insurers save themselves the trouble of consolidating differently structured responses. The result: lower internal costs, fewer delays and more predictable milestones.

What the portal does not replace and why it still saves costs

Governance decisions remain with the institutions: criticality, concentration risks, contractual minimum requirements. We still need in-depth reviews for critical services. But the groundwork of procuring, structuring and keeping data up to date can be organised much more efficiently with the third-party service provider portal. It is precisely this groundwork that currently generates the greatest coordination effort and thus costs. If we standardise and centralise it, everyone wins: service providers and financial companies.

Why we should focus on adoption now

The network effect is real: with every additional financial company and every additional service provider, coverage and thus benefits grow. More participants mean fewer redundant individual queries, higher data quality and faster decisions. For us, this means less non-value-adding coordination, more stable budgets and better planning. At a time when we want to reduce costs, the third-party service provider portal is one of the most effective levers we as an industry have at our disposal.

Conclusion

DORA will be with us for the long term. The key is how we organise the resulting workload: not in countless bilateral loops, but on a shared, central database. If financial companies and service providers consistently use the third-party service provider portal together, redundant queries will decrease, assessments will be faster, and compliance costs will be noticeably lower on both sides. The network effect is created through cooperation. Let's work together and establish portal use as the new standard. In this way, we will make compliance more efficient and create speed and quality in our collaboration, which will benefit all involved.