How Financial Services Organisations Should Deal with DORA
- Rinesh Patel, Global Head of Financial Services Industry at Snowflake
- 03.07.2024 10:00 am #DORA #Regulation
The Digital Operational Resilience Act (DORA) is an EU regulation which aims to boost resilience against ICT-related incidents in the financial services sector. Coming into force on the 17th of January 2025, the regulation will impact operational resilience across five pillars: ICT risk management, ICT-related incident management, digital operational resilience testing, ICT third-party risk management and information sharing. Once in place, it is expected that DORA will influence future regulations in the financial sector, globally.
Business leaders must engage with the regulation before it comes into force and adapt their practices as quickly as possible to reap the opportunities when implemented, and uphold regulatory compliance.
Challenges and benefits of the regulation
The challenges of DORA are clear. In the short term, they will involve investing in technology and resources and upskilling team members. Organisations will also face stricter requirements around managing risk with third-party ICT service providers, which will require further due diligence.
The benefits are significant and likely to be longer-term. Taking a proactive approach to ICT risk can reduce the negative impact of cyber incidents and strengthen investor and customer confidence. Dealing with the complexities of DORA will require collaboration and information-sharing across the sector, forming a secure foundation for potential future innovations.
Getting ready for implementation
As a first step, business leaders should perform an internal gap analysis to highlight areas that need attention. They must also conduct regular risk assessments around business functions while building contingency plans for any resiliency problems that emerge.
When it comes to third-party providers, organisations should review current partnerships and the processes around signing new providers. Businesses should only work with third parties that have taken steps to address pain points across all five DORA pillars. Reliable service providers will offer near-unlimited scale, concurrency and performance when it comes to mobilising data, while also having robust security measures implemented around data. For leaders in the financial sector, DORA offers a chance to rethink cloud and data strategies, improve resilience and ensure they can reliably move workloads and data to avoid downtime.
DORA should be seen as a positive step for the industry. Leaders in the sector should work with providers and maintain an open dialogue with regulators to meet DORA’s requirements in a compliant and secure way. Getting ahead of the regulation and reaping its benefits will require business leaders to prioritise actions, create timelines and assign resources in a compliance roadmap.
The future of financial services
To be in a strong position to navigate these wide-ranging changes, business leaders must ensure they use the next few months to get ahead. Once DORA is in place, all regulated customers will need to conduct regular penetration testing and vulnerability assessments, have an ICT risk management framework in place and maintain business continuity plans.
The financial sector must see DORA as an opportunity. Now is the time to engage with the challenges of the regulation and take a proactive approach to build a more efficient, safer global financial system.