A top tier European bank with operations across twelve countries received a $34M RISE with SAP proposal carrying five year term commitments. The proposal landed two months after DORA enforcement began. The bank operational risk team flagged nine clauses that conflicted with the bank exit plan testing requirements. The engagement closed with the nine clauses rewritten, a 64 percent reduction in committed contract value, and DORA aligned exit protections built into the agreement.
The bank operated a mature SAP estate across retail banking, commercial banking, treasury, and a separately regulated asset management subsidiary. The on premise ECC environment was approaching the SAP mainstream maintenance horizon, and the SAP account team had been pushing a RISE with SAP Cloud Private Edition migration for eighteen months. The bank board had asked for a final commercial proposal in advance of the annual technology planning cycle.
The proposal arrived in March 2026, two months after DORA enforcement began for in scope European financial entities. The bank operational risk team reviewed the proposal against the DORA exit plan testing requirements, the substitutability analysis expectations, and the third party concentration risk framework that the bank ICT supervisor had communicated in the prior six months. Nine clauses inside the SAP proposal conflicted directly with what the bank had committed to its supervisor.
The engagement was scoped at eighteen weeks. The work split into four streams running in parallel. Commercial modelling and benchmarking. Contract review against DORA scope. Operational continuity and exit plan testing design. Hyperscaler selection against the bank existing infrastructure relationships.
Nine clauses inside the SAP proposal failed the DORA alignment review. The exit plan testing clause limited the bank to one annual test of two business days, conducted under SAP supervision, with output limited to a written report. The bank exit plan committed to quarterly tests, including data extraction validation, integration cutover rehearsal, and parallel operating capacity demonstration. The proposal language could not support the commitment.
The subcontractor disclosure clause limited SAP obligations to disclosure of named subcontractors at the time of contract signature, with no ongoing obligation to disclose changes. DORA expects continuous awareness of the subcontractor chain for material ICT services, with prior notice of material changes. The proposal language did not meet that standard.
The incident reporting clause aligned SAP reporting timelines to internal SAP processes rather than the DORA major incident classification framework. The bank supervisor had communicated specific expectations on incident classification, escalation timing, and the contractual underpinnings that should support those expectations. The proposal language was silent on those expectations.
The audit rights clause limited the bank to one annual audit conducted under SAP supervision, with audit scope limited to controls already certified under SAP standard frameworks. DORA contemplates expanded audit rights for material ICT service providers, including the right to conduct unannounced audits in defined circumstances. The proposal language did not include the expanded rights.
The nine clauses were not theoretical risk points. They were direct conflicts between the SAP proposal language and commitments the bank had already made to its ICT supervisor. The negotiation was not about commercial terms. It was about regulatory alignment.
All nine clauses were rewritten. The exit plan testing clause now supports quarterly tests with defined cooperation obligations, data extraction validation, and parallel access during the test window. The subcontractor disclosure clause includes ongoing disclosure obligations and prior notice of material changes. The incident reporting clause aligns to the DORA major incident classification framework with defined escalation timing. The audit rights clause includes expanded audit rights aligned to supervisor expectations.
The commercial reduction came from three sources. The first was the standard discount stack rebuild, with software subscription, infrastructure subscription, BTP credits, and Digital Access components negotiated separately. The second was the rescoping of the deal around the actually deployed bank user population rather than the original SAP proposed FUE count. The third was the unbundling of services that the bank could source from its existing systems integrator at lower rates than SAP standard professional services rates.
The exit credits worth $3.6M were tied to a defined regulatory exit trigger. If the bank ICT supervisor required exit from the RISE environment, the credit would be paid in cash on a defined schedule rather than applied against future SAP commitments. The trigger was narrow enough that SAP could accept it without rewriting standard contract templates. It was broad enough to give the bank meaningful recovery if regulatory direction changed.
| Clause | Initial language | Final language | Driver |
|---|---|---|---|
| Total contract value | $34.0M | $12.2M | Commercial reset, scope rebase |
| Exit plan testing | 1 annual, SAP supervised | Quarterly with cooperation obligations | DORA exit plan alignment |
| Subcontractor disclosure | Static at signature | Ongoing with prior notice | DORA concentration risk |
| Incident reporting | SAP internal timing | DORA major incident timing | Supervisor expectation |
| Audit rights | Annual, supervised, scoped | Expanded with unannounced rights | DORA supervisor expectation |
| Regulatory exit credit | None | $3.6M cash recoverable | Regulatory exit trigger |
| Data extraction | Proprietary format | Open format with parallel access | Operational continuity |
| Change in control | SAP consent broad | Carve outs for intra group | Bank restructuring optionality |
| Service level remedies | Credits only | Credits plus termination right | DORA service performance scope |
Financial services buyers under DORA, banking supervisors, or other regulated frameworks face a different RISE negotiation than unregulated buyers. Our team has handled engagements across European banks, insurers, and asset managers. Request a confidential briefing to model your proposal against active engagement benchmarks.
Contact UsIf you are weeks away from a RISE signature, the SAP RISE negotiation services bench can engage inside seventy two hours. We work on retainer or fixed scope and we never sell software.
Request engagement scope Contact Us