Banks, insurance companies, investment funds, credit rating agencies, securities dealers and many other entities in the financial sector will be affected by the upcoming DORA regulation, or Digital Operational Resilience Act.
The DORA Regulation was adopted by the European Parliament and the Council of the European Union on 14 December 2022, Regulation (EU) 2022/2554, and aims to harmonise and streamline regulations relating to ICT risk management and ensure consistency and coherence across the EU. It requires financial sector entities to ensure that they are able to withstand, respond to and recover from all types of ICT-related incidents, risks and threats. It also takes into account the size, risk profile and complexity of their operations.
Main aspects of DORA:
- Establishes a comprehensive framework for digital risk management: financial institutions must put in place robust strategies and processes to identify, assess, mitigate and respond to digital threats.
- Specifies requirements for ICT infrastructure and services: this includes resilience testing, data backup and disaster recovery planning.
- Strengthens cybersecurity oversight: national supervisory authorities will have the power to oversee compliance with DORA and to implement sanctions in case of breaches.
- Introduces incident reporting requirements: financial institutions must report significant cyber incidents to supervisors.
- It encourages cooperation: DORA promotes cooperation between financial institutions and supervisors in sharing information on cyber threats and best practices.
As of 17 January 2025, financial entities will be required to ensure compliance with DORA requirements.
Benefits of DORA for the organisation
- Enhancing cybersecurity and resilience in the financial sector
- Better consumer protection
- Strengthening the stability of the financial system
- Support for innovation
- Increasing trust in digital finance
- Improving the operational efficiency of financial institutions
- Reducing the cost of cyber security
- Promoting the sustainability of the financial system
How can we help you with DORA?
The PECB Certified DORA Lead Manager training course equips you with the necessary skills to lead and oversee the implementation of digital operational resilience strategies in financial entities to help them ensure compliance with the European Union’s Digital Operational Resilience Act (DORA).
As part of our consulting services in the area of information and cyber security and business continuity, we will support you with the implementation of relevant processes and measures from their design to their automation using advanced GRC applications.