Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Finance

Exploring DORA: What the Digital Operational Resilience Act spells for financial services

iStock 1308836134 - Global Banking | Finance

Exploring DORA: What the Digital Operational Resilience Act spells for financial services

Over the course of the last decade, technology adoption has accelerated across the financial services sector. From investments, to banking and tax, many services are now delivered digitally or are supported by ICT infrastructure.

For all the benefits this brings – efficiency and cost savings amongst them – the sheer scale and speed of this digital transformation has multiplied operational risks across the industry. Should a critical part of ICT infrastructure fail – say, a bank’s cloud provider goes offline for 24 hours – the consequences could be vast.

In the face of these evolving technology-based risks, the operational resilience of the financial services sector has been a key focus for regulators. One of the most comprehensive examples of this comes in the form of the Digital Operational Resilience Act (DORA), officially adopted by the European Union in January 2023.

Affected firms have until January 2025 to be fully compliant with DORA. Though it is EU legislation, given that many affected UK organisations work within the EU, DORA will likely apply. UK organisations will therefore need to prepare to comply with its guidance.

So, what does the act involve, and how can affected organisations prepare?

What is DORA?

DORA has been established to ensure digital resilience is embedded throughout the financial services sector. Its focus is on addressing risks posed by the industry’s reliance on third party ICT providers, and making sure affected organisations can withstand digital disruption.

The act is far-reaching. It applies to credit, payment and e-money institutions, investment firms, crypto-asset providers, central securities depositories, crowdfunding providers and ICT third-party providers, to name a few.

It essentially encourages a uniform approach to the security of network and IT systems that are involved in the operation of financial services.  This includes:

  1. ICT risk management: DORA mandates that affected organisations must have an internal framework in place to properly manage ICT risk. This will be overseen by management, responsible for approving
  2. Managing ICT third parties: The act was introduced to account for the financial services sectors’ reliance on third party providers of ICT services. It therefore strongly encourages those who are responsible for ICT risk management to review and account for third party risks.
  3. Reporting major incidents: Though DORA’s focus is on mitigating risk, it also mandates guidance for when incidents, such as cyber attacks, occur. This includes having specific incident reporting processes, which covers how to respond to, identify, document and action said incidents, to help increase resilience.
  4. Resilience testing: The act emphasises the importance of digital resilience testing for key ICT systems and processes to ensure they can withstand threats or disruption. As part of DORA’s mandate, affected organisations will need to create and embed a comprehensive resilience testing framework, that covers how to identify risks and deficiencies, and the measures to take to address these.

DORA represents a significant step change for how many organisations across financial services will approach ICT risk management – so it’s important to prepare. This is particularly crucial when you consider the impact of non-compliance. Regulators may order organisations to cease specific activities or discontinue using certain third-party ICT providers, disrupting operations further. Non-compliant organisations may also face financial penalties, depending on the local regulatory body: potentially fines valued at 1% of the average daily worldwide turnover in the preceding business year.

How can organisations ensure DORA compliance?

A pragmatic first step? Gather relevant people and teams from across the organisation – whether CISO, CIO, IT or risk management leads – to pull together a plan for implementing any new infrastructure.

Organisations will likely have to undertake a comprehensive review of existing infrastructure and processes – whether that’s for incident reporting, resilience testing or third party services – to map out where improvements should be made in line with DORA’s requirements. This includes how to identify, classify and document all potential ICT risks, and compiling comprehensive business continuity plans, including ICT disaster recovery and communication plans. These will need to be regularly tested, with risk assessments performed at least once a year – or in response to incidents, resilience testing, audit findings, supervisory instructions, or significant changes to ICT systems.

As the industry strives to comply with DORA and fortify their operational resilience, technology itself emerges as a key enabler of this: whether cloud computing, backup and disaster recovery systems, or cyber security software. By adopting secure and flexible technology solutions, affected organisations can protect critical data and systems, and navigate disruptions with confidence.

Though DORA compliance is a major undertaking, it is a necessary – and legislatively enforced – one. By having a laser focus on digital resilience, we can build a financial services sector that is built to withstand modern, evolving risks and be fit for the future.

Jack Bennett SysGroup - Global Banking | Finance

Jack Bennett

Sales Leader, SysGroup

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!

By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post