DORA The Digital Operational Resilience Act

Written by

(

)

Published on

December 13, 2024

The Digital Operational Resilience Act (DORA)

– Enhancing Financial Sector Resilience

The Digital Operational Resilience Act is a significant European regulation aimed at bolstering the digital operational resilience of the financial sector. It was conceived to address the challenges posed by rapid digital advancements and the escalating threat of cyber risks. This article delves into the critical points of DORA from the perspectives of both banks and companies providing banking software.

Bank Perspective

Challenges

Banks face several challenges in aligning with the regulatory approach outlined in DORA. Understanding the intricacies of the regulation is the first step. DORA is comprehensive and mandates banks to overhaul their existing practices to meet its stringent requirements. This involves adapting governance practices to ensure that digital operational resilience is ingrained in the institution's culture and operations.

A crucial aspect of this adaptation is involving the right stakeholders. Banks must engage not only their IT departments but also executives, compliance officers,and risk managers to ensure a cohesive and effective implementation strategy. Regular testing of resilience capabilities is another challenge. DORA requires banks to conduct periodic assessments and simulations to test their ability to withstand and recover from various digital disruptions and cyber-attacks.

Risk Management

With the increasing reliance on digital technologies, banks are exposed to heightened cyber risks. DORA provides a structured framework to manage these risks effectively. It emphasizes the need for robust risk management strategies that encompass identification, assessment, and mitigation of cyber threats. Banks are required to implement advanced monitoring systems, develop comprehensive incident response plans, and ensure continuous improvement of their cyber defenses.

Compliance Deadline

One of the pressing aspects for banks is the compliance deadline. DORA mandates that all relevant financial institutions must comply with its requirements by January 17, 2025.

ICT Company Perspective

Critical Third Parties

Companies that offer banking software are also impacted by DORA as they are considered critical third parties. These companies supply essential IT services to the financial sector, making their role pivotal in the overall digital resilience of financial institutions. Under DORA, these companies must adhere to the same stringent standards as banks to ensure that their products and services do not become weak links in the resilience chain.

Holistic Framework

DORA introduces a harmonized regulatory framework that consolidates various regulations related to information and communication technology (ICT). For companies providing banking software, this means they must ensure their systems are robust, secure, and capable of supporting their clients’ compliance efforts. The regulation demands a thorough understanding of the operational environment of their banking clients and necessitates a proactive approach to managing their own digital resilience.

Operational Resilience

The act of harmonizing regulations under DORA aims to enhance the overall operational resilience of the financial sector. For software companies, this means investing in advanced technologies,regular security updates, and continuous improvement of their software solutions. They must also engage in regular risk assessments and collaborate closely with their banking clients to ensure seamless integration and compliance.

Crosskey perspectives

At Crosskey, we are proud to serve over 30 banking and financial customers across the Nordics. Given our significant responsibility for socially critical financial functions, we have long been committed to ensuring the security of our developments and the infrastructure we manage.

DORA further strengthens our focus on minimizing various risks, including technical and cyber-related threats, as well as those associated with third parties. This regulation aligns with our ongoing efforts to enhance the resilience and security of our services, ensuring we continue to support our clients effectively and securely.

Conclusion

DORA is a transformative regulation that requires proactive action from both banks and software providers. For banks, it necessitates a thorough understanding and adaptation of governance practices, risk management strategies, and resilience testing.

For suppliers like Crosskey providing banking software, it means adhering to stringent standards and ensuring our products support the clients' compliance efforts.

By embracing the principles of DORA, the financial sector can fortify its digital resilience, mitigate cyber risks, and thrive in an increasingly digital and interconnected landscape. This regulation represents a significant step towards ensuring the stability and security of the financial system in the face of evolving technological challenges.

“The EU goal with DORA is to reduce regulatory complexity, which is currently spread over regulations such as CRD IV, PSD2, Solvency II, EMIR and MIFID plus local requirements and overseen by a number of different legal entities. DORA can help us to raise the security level as well as lower the financial and administrative burdens caused by the current patchwork of regulations.” René Engman Chief Security Officer, Crosskey

For more information contact:

‍security@crosskey.fi

‍

Banking

August 31, 2023

Open Finance

Open finance is a broader term than open banking, which refers specifically to the sharing of financial data and services between banks and other financial institutions.

Technology

January 7, 2021

Blue sky thinking? The pros and cons of the cloud revolution…

Let’s be clear. Digital transformation is a ‘fait accompli’ and any business still considering whether or not to prioritise a transformation strategy has got to act fast to avoid being left behind. But an integral part of that strategy is the move to cloud computing.