Digital Operational Resilience for the Financial Sector Act (DORA)

The Digital Operational Resilience Act (DORA) entered into force on 16th  January 2023. It outlines EU regulations for information systems security for financial entities.

The requirements cover several key areas, including: ICT risk management, ICT-related incident reporting, resilience testing, information and intelligence sharing and third-party ICT risk.

The Regulation covers most financial services entities, including third parties. While there are some organisations to which the Regulation does not apply, in time most organisations will aspire to comply with the guidelines.

ICT has gained a pivotal role in the provision of financial services, to the point where it has now become critical in the operation of daily functions of financial entities. In introducing this Act, the European Union is attempting to both upgrade the ICT requirements and consolidate them into one Union-wide Act. This will help reduce regulatory complexity, foster supervisory convergence and increases legal certainty. It will also reduce compliance costs, especially for financial entities operating across borders.

The regulation will become applicable in Jan 2025, so organisations must now begin to plan and implement the changes that will be required.

Begin with a DORA strategy that is in line with organisational goals.:

  • Explain how the framework supports the entity’s strategy and objectives.
  • Establish risk appetite /risk tolerance for ICT risks
  • Set out information security objectives and Key Performance Indicators (KPIs)
  • Establish Key Risk metrics / Key Risk Indicators (KRIs)
  • Articulate what, if any, changes are required in the existing ICT architecture/infrastructure
  • Be able to outline what’s in place to protect assets, detect incidents and mitigate their impact
  • Be able to demonstrate the effectiveness of controls based on incidents reported
  • Implement resilience testing, including; pen tests, open source analyses, source code reviews, scenario-based exercises and compatibility testing.
  • Communications strategy in the event of an incident.

There is much to be done and just 18 months left to do it. Organisations need to make a start now to ensure they are fully compliant by Jan 2025.

You can contact us directly to avail of a free tailored demo to see how CalQRisk can streamline risk management processes with these regulations.

 

 

Recent News

Navigating Risk: A Strategic Approach to Risk Management 

In the vast ocean of business, navigating through turbulent waters demands more than just a sturdy ship; it ...
Read More

Challenges of Reporting Risk and Compliance in Multi-Academy Trusts 

In the intricate tapestry of educational governance, Multi-Academy Trusts (MATs) have emerged as model offering collaboration and shared ...
Read More

Navigating Delegate Oversight – A Balancing Act

In the fast-paced world of fund management, delegate oversight is paramount. However, this oversight comes with its fair ...
Read More

Tennis Ireland implements CalQRisk to streamline their approach to governance

Tennis Ireland have recently implemented the CalQRisk solution to transform their approach to board and committee meetings and ...
Read More

Regulatory & Supervisory Outlook Report – 5 Key Risk Topics for Credit Unions

The Central Bank of Ireland has published its Regulatory & Supervisory Outlook Report 2024 which includes the Central ...
Read More

CalQRisk shortlisted in RegTech Insight Awards

The CalQRisk solution has been shortlisted for two awards at the upcoming RegTech Insight Awards – Best Solution ...
Read More

Footprint Underwriting onboards CalQRisk for risk management and compliance

Footprint Underwriting, a leading underwriting agency in Ireland, has recently implemented the CalQRisk solution in order to enhance ...
Read More

Climate-Related & Environmental Risk Assessment Guide

A Climate & Environmental Risk Assessment Guide was issued to Risk Advisory Service subscribers in Dec 2023 following ...
Read More

Loan Product Risk Assessment Guide

The Risk Advisory Service Loan Product Risk Assessment Guide circulated recently provides a framework for conducting risk assessments ...
Read More

Risk Today – Strategic Planning

Last quarter’s Risk Today e-zine for CalQRisk’s Risk Advisory Service subscribers, focusses on how Risk Management Officers can ...
Read More