Operational Resilience
DORA
What is DORA?
The Digital Operational Resilience Act (DORA) is an EU regulation aimed at strengthening the operational resilience of the financial sector against a range of disruptions stemming from Information and Communication Technology (ICT) risks. DORA mandates that banks, insurers, investment firms, and other financial entities establish robust ICT risk management frameworks, report major incidents, conduct rigorous resilience testing, manage risks from third-party service providers, and participate in sector-wide information sharing. Additionally, DORA extends its scope to critical ICT third-parties, such as cloud providers, that serve the financial sector. You can find official information on DORA directly from the European Parliament and Council or the European Banking Authority (EBA).
DOWNLOAD DORA GUIDELINE
Get your free copy of DORA Guideline
DORA Enforcement and Applicability: Key Dates for Financial Sector Resilience
DORA was enforced on 16 January 2023 and will be applicable from 17 January 2025 onwards. The primary objective is to enhance the IT security of financial entities to ensure that the financial sector remains resilient during severe operational disruptions.
This regulation is set to harmonize the rules related to operational resilience for the financial sector, extending its application to 20 different types of financial entities as well as Information and Communication Technology (ICT) third-party service providers.
What are ICTs?
ICTs broadly refer to the technologies, systems, and processes that enable the creation, processing, storage, transmission, and exchange of information. This includes:
- Algorithmic Trading Platforms: Systems executing trades based on pre-defined algorithms and high-frequency strategies.
- Anti-Money Laundering (AML) Solutions: Systems to screen customers, identify high-risk clients, and flag potential money laundering activities.
- Enterprise Resource Planning (ERP): Integrated systems managing supply chain, HR, finance, and other back-office functions.
- Data: The raw information, structured databases, and the analytics tools to extract insights from data.
Why are ICTs Important?
ICTs have revolutionized virtually every aspect of modern life and business, leading to:
- Enhanced Productivity: Automation, streamlining workflows, and enabling real-time collaboration.
- Innovation: Fueling new products, services, and business models across industries.
- Global Connectivity: Facilitating communication, commerce, and knowledge sharing beyond geographic borders.
- Improved Decision-Making: Providing access to vast amounts of data and analytical tools.
- Social Change: Empowering individuals and fostering new forms of community and social action.
DORA establishes a binding, comprehensive ICT risk management framework specifically for the EU financial sector. This framework is aimed at creating a single regulatory environment at the European level to manage risks stemming from ICT and suppliers.
It’s designed to improve cybersecurity and operational resiliency in the financial services sector, complementing existing laws like the Network and Information Security Directive (NISD) and the General Data Protection Regulation (GDPR).
The regulation also seeks to harmonize existing rules on managing ICT governance, risks, and incident reporting for all financial institutions, ensuring operational resilience against cyber-attacks. This applies to all EU and non-EU companies operating in mainland Europe.