• Marios Joannou, Head of Digital Risk and Privacy at payabl.


• 20.01.2025 01:00 pm
#DORACompliance #FintechRegulation

As the first regulation explicitly addressing cyber resilience in the financial sector, DORA signals that the industry has reached a fundamental moment in its evolution.

While its foundation lies in enhancing cyber resilience, it also addresses broader aspects of operational risk, such as service availability and market stability. By including issues like hostile takeovers, business insolvency, and loss of service, DORA demonstrates a complete and practical approach to safeguarding the financial sector against disruptions of any kind—not just those stemming from malicious cyber threats.

A signal to fintechs

In many ways this broader scope can be seen as a reaction to recent challenges in the fintech sector.

Over the past decade, the "move fast and break things" philosophy—championed by many tech startups—has delivered unique innovation but also created vulnerabilities in critical financial systems. Disruptive technologies and rapid scaling often came at the cost of resilience, exposing institutions and their customers to operational failures and market risks.

The regulators’ response through DORA is clear: the days of unchecked growth and minimal accountability are over.

Both challenges and opportunities

DORA creates mixed challenges and opportunities for the financial services industry, as it requires restructuring how institutions approach operational resilience, cybersecurity, and third-party risk management.

On one hand, fintechs will face include strain on IT and security teams, which may lead to complex third-party oversight when outsourcing is necessary, and the cost implications both initially and in the long term. Meeting the DORA requirements will also require significant financial investment for tasks such as incident reporting, ICT risk management, and testing.

Yet on the other hand DORA creates space for new opportunities. It offers a competitive edge to firms that comply, positioning them as reliable and robust in a market increasingly focused on security and stability.

While its rigorous requirements can create operational hurdles, they also pave the way for stronger, more innovative, and trustworthy financial ecosystems.

Overcoming dual compliance frameworks

Regulatory harmonisation between the UK and EU simplifies compliance by reducing the need to navigate vastly different frameworks. However, complexities remain.

The UK’s rules, while aligned, are not identical to DORA, requiring firms to address jurisdiction-specific nuances in reporting, enforcement, and definitions. Compliance demands significant human and technological resources, often straining operations – especially for larger cross-border entities.

As the financial sector grapples with emerging risks, DORA ensures institutions to be better equipped to prevent, withstand, and recover from disruptions. This regulation’s effectiveness will depend on how broadly it’s implemented and enforced across EU member states.

Although this has presented an enormous challenge for the industry, it is a necessary growing pain as the industry matures and shifts its focus toward long-term stability.