What now, DORA? 

The European Union's Digital Operational Resilience Act (DORA) is a significant piece of legislation aimed at enhancing the resilience and security of the financial sector against cyber threats and operational disruptions. As technology continues to play an increasingly vital role in in business and personal life, the need for a robust regulatory framework has become paramount. The Digital Operational Resilience Act (DORA) is a European Union regulation that entered into force during 2023 and will apply as of 17 January 2025. Whilst is may be geographically restricted to the European Union, like many other acts of legislation or regulation, it provides some good common-sense advice for organisations. 

DORA sets out several key priorities and requirements such as:
 

1. Strengthening cyber resilience: DORA aims to enhance the cyber security capabilities of financial entities by mandating robust risk management practices, incident reporting mechanisms, and rigorous testing of ICT systems and tools.
2. Establishing a comprehensive risk management framework: Financial institutions will be required to implement a comprehensive operational resilience framework that covers aspects such as incident response, business continuity planning, and third-party risk management.
3. Promoting information sharing and collaboration: DORA emphasizes the importance of sharing cybersecurity-related information and intelligence among financial entities, supervisory authorities, and other relevant stakeholders to facilitate coordinated responses to cyber threats.
4. Harmonising rules and standards: DORA seeks to establish a harmonised and consistent set of rules and standards for operational resilience across the European Union, ensuring a level playing field and facilitating cross-border supervision.
5. Enhancing oversight and accountability: The regulation introduces stricter oversight and accountability measures, including regular testing and auditing requirements, as well as penalties for non-compliance, to ensure financial institutions maintain high standards of operational resilience.
    

So, really good advice for any organisation in any industry in any country in any part of the world, not only financial institutions, to follow for safeguarding financial stability, and protecting consumers from the potential consequences of operational disruptions and cyber threats.

As always, employing good preventative, protective and responsive measures also presents challenges. The need to invest in advanced technologies, staff training, and robust governance structures could strain budgets and potentially hamper innovation and competitiveness. The rapid pace of technological advancement poses a challenge for regulators and organisations alike.

However, regulations like DORA represent a significant step towards enhancing the digital resilience of not only the financial sector but other sectors too. Its successful implementation will require a delicate balance between regulatory oversight, resource allocation, and the fostering of innovation. By carefully weighing the potential benefits against the challenges, organisations and policymakers can work together to create a more secure and resilient digital landscape for the not only the financial services industry, but across the spectrum of all industries too.

Written By:

Michael Davies

Managing Director: Pax Resilience