Community
The Digital Operational Resilience Act (DORA) will enter into force on the 17th January 2025. After this point, banks, other financial institutions, and all organisations providing services and products in the financial sector in the EU will be required by law to adhere to the regulation.
This includes explicit rules around areas including incident reporting, ICT risk management, operational resilience testing and ICT third party risk monitoring. Operational resilience in particular, or rather a lack of, has been specifically acknowledged as having the potential to put the whole financial system at risk in the context of a serious incident.
Why should the UK take note?
While the fundamental goal of DORA is to apply a set of uniform requirements for the security of the IT infrastructure of companies and organisations in the financial sector across the EU, critically it also applies to any third parties providing ICT related services to them. This could include data analytics or cloud provision services for example.
As a result, all firms will need to ensure that they can mitigate, respond to and recover from the myriad of potential IT related disruptions and threats they could face. This encompasses the entire financial sector from asset management, credit, crypto-asset service providers, banking and insurance to investment firms.
How can firms best prepare?
Traditionally, the capabilities of financial institutions to detect, respond, recover and protect themselves from breaches, cyber-attacks, data compromise and other serious IT incidents has varied substantially from organisation to organisation.
A key area organisations may want to consider exploring as they embark on their preparations to meeting compliance with DORA is to ensure they are armed with the necessary skills and capabilities. There are a number of avenues to explore here, including:
Time to act
While 2025 may seem like a long away, the reality is that taking the necessary steps to ensure compliance with DORA needs to start happening now. Any organisation operating in or providing IT related services to the financial sector within the EU should start strategically and operationally planning before it is too late. It is also vital to be aware that while DORA officially comes into force on the 17th January 2025, the regulation will start to apply from late 2024, which is less than 18 months from now.
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Roman Eloshvili Founder and CEO at XData Group
02 August
Konstantin Rabin Head of Marketing at Kontomatik
Denys Boiko Founder at Erglis
01 August
Michael Zetser CEO at Flyfish
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.