Under the EU’s Digital Operational Resilience Act (DORA), NAV has been recast as a resilience capability. That shift framed a recent webinar hosted by A-Team Group’s RegTech Insight and sponsored by FundGuard, which brought together a panel of senior experts to examine what “recoverable NAV” now means in practice.
NAV Resilience focus is not about how it is calculated, but how firms demonstrate that it can be restored – accurately, defensibly and within tolerance – when a disruption occurs.
Defining a Recoverable NAV: Beyond System Uptime
A recoverable NAV, as one speaker put it, is the ability “to re-establish a timely and accurate NAV under disruption that’s defensible, repeatable and auditable” . Restarting systems is insufficient. What matters is whether the integrity of the end-to-end process can be demonstrated under stress.
Another panellist sharpened the point: recovery is not about estimation or approximation. It requires a NAV that is “fully accurate, fully complete, fully validated within our standard processes and controls” . That emphasis on documentation and auditability reflects DORA’s core premise: supervisors will assess not only outcomes, but the decision trail that produced them.A third contributor widened the lens. NAV resilience is not solely a regulatory exercise; it is a commercial one. Regulation sets a minimum standard but client expectations, shaped by real-time technology and transparency in other sectors, go beyond this. In that context, resilience becomes part of the value proposition.
An initial audience poll underscored the transitional state of the market. While 38% of respondents described themselves as demonstrably resilient, a combined 50% characterised their position as partially prepared or dependent on third parties.
Mapping Dependencies Beyond Third Parties
DORA’s most material intervention lies in dependency mapping. It requires firms to look beyond direct providers to “fourth, fifth, six-party dependencies” and to understand where infrastructure resides, how data flows and where single points of failure sit.
One panellist described this as creating “an operational blueprint of how our NAV is actually delivered” . Firms must be able to articulate how the outage of a pricing feed, a cloud region or a key workflow would affect tomorrow’s NAV.
A second poll revealed where participants see fragility. Pricing and valuation data providers and fund administrators or accounting platforms topped the list at 86%, followed by market data 71%, cloud and internal workflow 43%. The concentration risk in both pricing and cloud infrastructure was implicit.
This highlights a tension at the heart of DORA: regulators demand substitutability, yet commercial reality limits the number of viable alternatives in pricing and cloud markets. The result is a focus on enhanced oversight and contractual leverage rather than wholesale duplication.The First 72 Hours: Classification, Communication, Control
When disruption hits, speed alone is not the objective. The most important early decision, according to one expert, is recognising whether the firm is “actually in a resilience event” . A NAV issue may be symptomatic of deeper infrastructure or vendor failure. Misclassification can lead to under-reporting or delayed escalation.
Another speaker argued that communication strategy is paramount. Who must be informed? In what sequence? Regulators, boards, management companies, clients across time zones? The window for determining materiality has narrowed under multiple regimes. “Communication strategy and sequencing is absolutely key.”
From a control perspective, boards and supervisors expect evidence across impact, integrity and governance. What critical service was affected? Were tolerances breached? Can the firm prove that the recovered NAV used correct, traceable data? Who authorised decisions, were escalation protocols followed and was everything documented?
Firms often struggle not because controls are absent, but because evidence is fragmented across systems, geographies and email chains. The regulatory question is increasingly: can you reconstruct the incident in a single, coherent narrative?
Speed, Accuracy and Transparency: No Trade-Off
The panel rejected the notion that speed and accuracy are competing objectives. They just operate on different timelines. Speed relates to containment; accuracy to calculation; transparency to governance.
“The real risk under DORA isn’t the speed to recovery… it’s more how we’re documenting that journey to recovery” . Another speaker cautioned that over-reporting driven by panic can be as problematic as under-reporting. “Measure twice and cut once” captured the balance required.
Poll 3 provided a sobering counterpoint. While 40% test end-to-end at least annually, 20% rely solely on tabletop exercises. Several panellists warned that tabletop scenarios validate governance familiarity, not operational robustness. Real stress testing exposes hidden dependencies, manual bottlenecks and key-person risk.
From Incident Response to Everyday Discipline
A recurring theme was that resilience must be embedded into daily NAV oversight. “Operational resilience is not about incident management. It’s an everyday thing.” Firms that monitor exceptions and anomalies continuously are not starting from zero when disruption occurs.
Technology featured prominently in proposed improvements. Moving away from “fragmented systems and siloed processes” towards unified, real-time cores with embedded controls was described as the single most material change firms could make. Independent, provider-agnostic oversight tools were framed not as optional enhancements but as emerging market standard for multi-administrator environments.
The strategic implication is clear: NAV oversight is evolving from periodic control to continuous assurance. In a landscape of cyber risk and geopolitical volatility, resilience is less about recovery from rare shocks and more about managing persistent instability.
The Next 12 Months: Structural, Not Technical, Resilience
Over the next 12–18 months, firms need to move decisively from technical compliance to structural resilience. The starting point is governance. NAV must be formally embedded as a critical resilience capability, with board-approved impact tolerances that are specific, measurable and defensible. That requires a forensic mapping of the full NAV ecosystem. If a firm cannot clearly articulate how a disruption at any point on the map would affect tomorrow’s NAV, it is not yet ready for supervisory scrutiny.
The prescriptive nature of the DORA regulation provides a detailed playbook for firms’ resilience obligations. The objective is not simply to recover faster, but to operate in a state of proactive awareness – where exceptions are monitored daily, dependencies are understood structurally, and disruption is managed as a controlled event rather than a reputational crisis.
Firms that understand their dependencies, document their decisions and embed resilience into daily workflows will not only satisfy supervisors; they will protect the commercial asset that underpins NAV itself – investor trust.
Subscribe to our newsletter
