EU approves Digital Operational Resilience Act (DORA). Here’s what it means for financial services firms.
Earlier this week EU lawmakers formally approved the DORA package, which forms part of a trend towards increasingly stringent operational resilience regulations for financial services firms and the technology service providers who supply them.
Digital Operational Resilience is a major concern to regulators, as growing technological complexity poses systemic risks to the financial system.
Financial institutions will face enhanced requirements around:
- Reporting of major ICT-related incidents
- Business continuity
- Disaster recovery
- The role of third-party service providers in critical ICT.
Major technology providers, for example cloud providers, also come under scrutiny. DORA includes provisions for European supervisory authorities to designate these third-party providers as subject to regulation, and to oversee their compliance with regulation.
To learn more about what DORA will change, check out our blog on the technical agreement reached earlier this year.
Now DORA has been formally approved, there is an aggressive timeline for implementation. Regulated firms will be expected to comply by Q4 2024.
The compliance timeline
The regulation and directive will come into force 20 days after they are published in the Official Journal of the EU (OJEU), but regulated firms have two years to comply.
However, for regulated firms conducting business in the EU and the UK, DORA is not the only resilience regulation they should have in mind. The UK Financial Conduct Authority (FCA) is also introducing new rules governing the digital operational resilience of the UK banking sector.
Read more about the UK FCA rules here.
The FCA has set a hard deadline of March 2025, by which time firms “must have performed mapping and testing so that they are able to remain within impact tolerances for each important business service. Firms must also have made the necessary investments to enable them to operate consistently within their impact tolerances”.
Getting ready for DORA (and other resilience regulation)
Regulators see the overall continuity of your Important Business Services as paramount, and there could be hefty fines for non-compliance.
Our Resilience Readiness Assessment is designed to highlight accelerated routes to greater resilience maturity and help you comply with regulation, fast.
How will it help?
The Resilience Readiness Assessment will help your organisation in 4 key areas:
- Understand why resilience is now a strategic priority.
- Understand your maturity level aligned to regulatory requirements.
- Understand what you need to do NOW to meet regulatory requirements.
- Understand how you can move beyond resilience to anti-fragility.
Get started & book your readiness assessment today
Complete the form and a member of our team will be in touch to discuss your needs and arrange your Readiness Assessment.