How to comply with EU’s Digital Operational Resilience Act (DORA)

How to comply with EU’s Digital Operational Resilience Act

The 2008 financial crisis pushed many firms in the EU to strengthen their financial resilience. However, as more and more businesses have been embracing digitalization and found themselves relying more on third party technology providers, particularly to overcome the challenges brought by the pandemic, cyber threats have also increased and become a growing concern to regulators.

So much so that in September 2020 the European Commission announced the Digital Operational Resilience Act (DORA), an initiative that falls into the new Digital Finance Strategy with the specific focus of addressing how financial firms should manage digital risk and ensure they have processes in place to raise supply chain resilience.

Going a step further, DORA’s five key requirements will be:

  1. ICT Risk Management
  2. ICT Incident Management and Reporting
  3. Digital Operational Resilience Testing
  4. Information and Intelligence Sharing
  5. Sound management of ICT Third-Party Risk

Financial entities impacted by this new regulation are wide-ranging – from credit institutions to payment institutions, crypto-asset providers, alternative investment funds, crowdfunding service providers, and, of course, technology third-party service providers.

Why should non-EU banks care about DORA?

Frequent disruptive changes are the new normal. This means that every business needs a platform for resilience right now.

Although there is currently no similar regulation being developed in APAC or in the North America region, resilience is a relevant theme for financial services (and other industries) globally. Financial stability should be a driver for every firm.

What can the financial services industry do?

According to Bain and Company, financial institutions have three options to comply with DORA requirements:

  1. Do nothing and wait for the new guidelines to come into effect. The idea here being that this can help minimize the current spending and limit distractions but also with the possibility of incurring higher operational risk and greater exposure to regulatory fines later.
  2. Implement some limited tactical changes where gaps are known. Thus, helping to get ahead in some areas and already improving operational resilience.
  3. See these implementations and regulatory requirements as an opportunity to address deeper strategic improvements. In turn, building a stronger, more efficient, and resilient organization.

How can Orbus help?

If there is one lesson we have learned from the last 24 months, it is that businesses need to be agile and resilient in order to survive volatile markets.

When it comes to compliance with new regulations, firms should see this as an opportunity to check their business meets all the criteria. After all, the requirements of having a resilient cyber security risk program in place should be a given.   

Orbus iServer365 is the next generation platform for business resilience and can help financial services institutions comply with DORA’s new requirements:

  • It can help set the degree of risk and impact tolerance for disruptions,
  • It can design and deploy business continuity strategies,
  • It can support the development and implementation of disaster recovery plans as a central source of truth,
  • It can specify security controls for all critical assets.

With iServer365, compliance and security risks are revealed within a shared dashboard. This allows firms to anticipate and prevent threats. It also provides insights into security threats and compliance risks, ensuring business resilience.

Regulations and audits are only going to increase. The level of diligence firms must show for cyber and privacy concerns will extend to climate risk and sustainability. With iServer365 you can prepare your business for whatever the future brings.

Contact us to see how iServer365 can help you build a more resilient firm.