Digital Operational Resilience for the Financial Sector Act (DORA)

The Digital Operational Resilience Act (DORA) entered into force on 16th  January 2023. It outlines EU regulations for information systems security for financial entities.

The requirements cover several key areas, including: ICT risk management, ICT-related incident reporting, resilience testing, information and intelligence sharing and third-party ICT risk.

The Regulation covers most financial services entities, including third parties. While there are some organisations to which the Regulation does not apply, in time most organisations will aspire to comply with the guidelines.

ICT has gained a pivotal role in the provision of financial services, to the point where it has now become critical in the operation of daily functions of financial entities. In introducing this Act, the European Union is attempting to both upgrade the ICT requirements and consolidate them into one Union-wide Act. This will help reduce regulatory complexity, foster supervisory convergence and increases legal certainty. It will also reduce compliance costs, especially for financial entities operating across borders.

The regulation will become applicable in Jan 2025, so organisations must now begin to plan and implement the changes that will be required.

Begin with a DORA strategy that is in line with organisational goals.:

  • Explain how the framework supports the entity’s strategy and objectives.
  • Establish risk appetite /risk tolerance for ICT risks
  • Set out information security objectives and Key Performance Indicators (KPIs)
  • Establish Key Risk metrics / Key Risk Indicators (KRIs)
  • Articulate what, if any, changes are required in the existing ICT architecture/infrastructure
  • Be able to outline what’s in place to protect assets, detect incidents and mitigate their impact
  • Be able to demonstrate the effectiveness of controls based on incidents reported
  • Implement resilience testing, including; pen tests, open source analyses, source code reviews, scenario-based exercises and compatibility testing.
  • Communications strategy in the event of an incident.

There is much to be done and just 18 months left to do it. Organisations need to make a start now to ensure they are fully compliant by Jan 2025.

You can contact us directly to avail of a free tailored demo to see how CalQRisk can streamline risk management processes with these regulations.

 

 

Recent News

Footprint Underwriting onboards CalQRisk for risk management and compliance

Footprint Underwriting, a leading underwriting agency in Ireland, has recently implemented the CalQRisk solution in order to enhance ...
Read More

Climate-Related & Environmental Risk Assessment Guide

A Climate & Environmental Risk Assessment Guide was issued to Risk Advisory Service subscribers in Dec 2023 following ...
Read More

Loan Product Risk Assessment Guide

The Risk Advisory Service Loan Product Risk Assessment Guide circulated recently provides a framework for conducting risk assessments ...
Read More

Risk Today – Strategic Planning

Last quarter’s Risk Today e-zine for CalQRisk’s Risk Advisory Service subscribers, focusses on how Risk Management Officers can ...
Read More

Learning Lessons from Incidents

All organisations experience “Incidents”. Some call them by other names: “Near Misses”, “Mistakes”, “Errors & Omissions”, “Operational Errors”.  ...
Read More

CalQRisk included on RegTech100 list for 2024

CalQRisk was named as part of the RegTech100 list for 2024. The RegTech100 is an annual list of ...
Read More

6 things you need to know about the Individual Accountability Framework (IAF)

The Central Bank of Ireland has recently released regulations and guidance on the Individual Accountability Framework (IAF). Here ...
Read More

Paysend chooses CalQRisk as their Risk Management Solution

Paysend, a next generation integrated global payment ecosystem, has recently implemented the CalQRisk solution in order to enhance ...
Read More

ESG and Sustainability Reporting

The practice of businesses promoting sustainability and social responsibility in their operations can be traced back to the ...
Read More

CalQRisk Wins Best RegTech Solution at National Fintech Awards

CalQRisk, a leading provider of Governance, Risk & Compliance solutions has won the ‘Best Regtech Solution Award’ at ...
Read More