DORA
The Digital Operational Resilience Act (DORA) is a new European regulation aimed at strengthening the resilience of the EU financial sector to digital risks. Adopted on November 23, 2022, DORA enters into force on January 17, 2025.
Goals of DORA
DORA has three main goals:
- Reduce disruption to financial services due to digital incidents: DORA sets out strict ICT risk management requirements for financial entities and critical third party service providers (CTPPs).
- Improve resistance to digital threats: DORA requires financial entities to assess their digital risks, implement risk mitigation measures and conduct regular resilience testing.
- Encourage collaboration and information sharing: DORA establishes a framework for cooperation between financial entities, supervisory authorities and CTPP to share information on digital risks and incidents.
Who is DORA intended for:
DORA applies to all financial entities in the EU, including:
- Banking institutions
- Investment companies
- Insurance
- Securities trading platforms
- Payment processing systems
DORA also applies to CTPPs that provide critical services to financial entities, such as IT infrastructure services, cyber security services and cloud services.
Key provisions of DORA
DORA introduces a number of key provisions for ICT risk management, including:
- Requirements for ICT risk management: Financial entities must establish and maintain a robust ICT risk management framework.
- Risk evaluation: Financial entities must regularly assess their digital risks.
- Risk mitigation measures: Financial entities must implement appropriate risk mitigation measures for their digital risks.
- Resistance testing: Financial entities must conduct regular resilience testing to verify their ability to deal with digital incidents.
- Reporting and monitoring: Financial entities must report their digital risks to supervisory authorities. Supervisory authorities are responsible for monitoring the application of DORA by financial entities.
Importance of DORA
DORA is a significant step forward in strengthening the resilience of the EU financial sector to digital risks.
Regulation will help protect financial systems from disruptions caused by digital incidents, such as hacking attacks, power outages and data accidents. DORA will also help improve cooperation and information sharing between financial entities, supervisory authorities and CTPP, which will lead to more efficient digital risk management.
Conclusion
DORA is a comprehensive ICT risk management framework that will help protect the EU’s financial sector from digital risks. Regulation will help maintain financial stability and protect consumers.