Digital Operational Resilience for the Financial Sector Act (DORA)

The Digital Operational Resilience Act (DORA) entered into force on 16th  January 2023. It outlines EU regulations for information systems security for financial entities.

The requirements cover several key areas, including: ICT risk management, ICT-related incident reporting, resilience testing, information and intelligence sharing and third-party ICT risk.

The Regulation covers most financial services entities, including third parties. While there are some organisations to which the Regulation does not apply, in time most organisations will aspire to comply with the guidelines.

ICT has gained a pivotal role in the provision of financial services, to the point where it has now become critical in the operation of daily functions of financial entities. In introducing this Act, the European Union is attempting to both upgrade the ICT requirements and consolidate them into one Union-wide Act. This will help reduce regulatory complexity, foster supervisory convergence and increases legal certainty. It will also reduce compliance costs, especially for financial entities operating across borders.

The regulation will become applicable in Jan 2025, so organisations must now begin to plan and implement the changes that will be required.

Begin with a DORA strategy that is in line with organisational goals.:

  • Explain how the framework supports the entity’s strategy and objectives.
  • Establish risk appetite /risk tolerance for ICT risks
  • Set out information security objectives and Key Performance Indicators (KPIs)
  • Establish Key Risk metrics / Key Risk Indicators (KRIs)
  • Articulate what, if any, changes are required in the existing ICT architecture/infrastructure
  • Be able to outline what’s in place to protect assets, detect incidents and mitigate their impact
  • Be able to demonstrate the effectiveness of controls based on incidents reported
  • Implement resilience testing, including; pen tests, open source analyses, source code reviews, scenario-based exercises and compatibility testing.
  • Communications strategy in the event of an incident.

There is much to be done and just 18 months left to do it. Organisations need to make a start now to ensure they are fully compliant by Jan 2025.

You can contact us directly to avail of a free tailored demo to see how CalQRisk can streamline risk management processes with these regulations.



Recent News

CalQRisk Wins Best RegTech Solution at National Fintech Awards

CalQRisk, a leading provider of Governance, Risk & Compliance solutions has won the ‘Best Regtech Solution Award’ at ...
Read More

CalQRisk shortlisted in National Fintech Awards

The CalQRisk solution is shortlisted for ‘Best Regtech Solution Award’ at the inaugural National Fintech Awards. The National ...
Read More

CalQRisk shortlisted in 2023 CIR Risk Awards

Having won ‘Risk Management Product of the Year’ at the 2022 CIR Risk Management Awards, CalQRisk is now ...
Read More

From Risk Capacity to Risk Appetite

Risk Capacity is the maximum amount of risk that an organisation is technically able to assume before breaching ...
Read More

SMT automates their approach to Risk Management with CalQRisk

SuMi TRUST Global Asset Services (“SMT”), a subsidiary of Sumitomo Mitsui Trust Bank Limited, one of the largest ...
Read More

Digital Operational Resilience for the Financial Sector Act (DORA)

The Digital Operational Resilience Act (DORA) entered into force on 16th  January 2023. It outlines EU regulations for information ...
Read More

8 Things to Consider in a Data Breach Response

A data breach can lead to reputational damage, financial losses and much more. By effectively preventing and investigating ...
Read More

The Golden Thread – Governance, Risk & Compliance

A joined-up approach to governance, risk and compliance (GRC) is something all GRC practitioners aspire to – but, ...
Read More

Dark Patterns, Hidden in Plain Sight

If you’ve spent any time on the internet, chances are you will have experienced ‘Dark Patterns’ and may ...
Read More

Over 100 Credit Unions Now Using CalQRisk

CalQRisk now has over 100 credit unions actively using their Governance, Risk Management and Compliance solution across the ...
Read More