Fejléc

DORA: effective and consistent risk management practices for the financial sector

Szerző ikon Péter Hüvelyes

Dátum ikon 2023.02.14

The Digital Operational Resilience Act (DORA) mandates financial institutions and their ICT service providers to integrate digital resilience across operations, requiring immediate gap assessments and a roadmap for compliance.

Background

With increasing digitization, financial institutions face growing ICT risks. DORA, a regulation established under EU Regulation 2022/2554, standardizes ICT risk management for financial institutions and ICT service providers, enforcing binding EU-level requirements.

Key Features of DORA

  • Detailed Requirements: Unlike principle-based cybersecurity laws, DORA specifies actionable steps to enhance operational security.
  • Collaboration: Compliance is a shared responsibility between financial institutions and ICT service providers.
  • Supervision: ICT service providers will be semi-supervised, with oversight by European Supervisory Authorities.


Timeline

DORA was enacted on January 16, 2023, with full application by January 17, 2025. The two-year transition includes finalizing regulatory details and compliance preparation.

Scope and Obligations

DORA applies to all financial entities, from banks to insurers, and critical ICT providers like cloud services. Main obligations include:

  • ICT Risk Management: Institutions must maintain a robust ICT risk management framework.
  • Incident Management: Incidents are to be classified and reported as per defined criteria.
  • Resilience Testing: Mandatory annual tests, including advanced penetration testing for some institutions.
  • Third-Party Risk: Regular review of ICT service providers, with specific contract provisions and risk assessments.
  • Information Sharing: Encourages secure sharing of cyber threat intelligence among institutions.


Preparation

Organizations should monitor regulatory updates and prepare for compliance through robust planning and collaboration with ICT providers.

How EURO ONE Can Assist

EURO ONE offers expertise in ICT risk management, compliance, and resilience planning, supporting organizations in aligning with DORA requirements through tailored services like gap analyses, incident management, and third-party risk management.

For further details or a consultation, contact EURO ONE.

Read the full article on our International subsidiary’s website by clicking on the image.