back Back

DORA – A potential blueprint for Global Cyber Resilience Regulation?

August 09, 2024

  • Compliance
  • Cyber Defences
  • Cyber Risk
Share

Jason Harrell, DTCC, Cybersecurity, DORA, Compliance
Jason Harrell, Managing Director of Operational and Technology Risk, DTCC

By Jason Harrell, Managing Director of Operational and Technology Risk, DTCC

With less than a year until the European Union’s Digital Operational Resilience Act (DORA) takes effect, financial organizations must prepare to comply with this landmark regulation. By January 2025, financial institutions operating in the EU will be required to adhere to strict standards for cyber risk management, cyber incident reporting, cyber resilience testing and more.

While DORA will standardize cybersecurity controls across all EU members, its impact will have global relevance.

As organizations gear up to achieve DORA compliance, they may encounter several challenges. First, with many financial institutions relying on numerous third-party providers, DORA will set out more detailed requirements for the management of outsourced services.

These new requirements will cover a service provider’s entire life cycle—from pre-contract negotiations to ceasing partnerships. Specifically, it is critically important for firms to proactively review the resilience of their information and communication technology (ICT) third-party service providers and monitor external risks. To ensure compliance, financial institutions will have to collectively push compliance with their third-party providers while ensuring minimal disruption to their day-to-day operations.

To achieve this, firms must have plans in place allowing for the continuation of their services should some third parties be unable to achieve this compliance. These plans could include the smooth transition of technology services to new providers or bringing these services back in-house.

Compliance with DORA will depend on organizations’ ability to identify and document their critical ICT business functions, information assets, roles and dependencies as part of a comprehensive cyber resilience framework. This could be difficult for some firms, especially those with complex ICT systems or extensive reliance on outsourcing.

Even though most organizations already have existing cyber risk management programs in place, firms will need to ensure these programs align with DORA’s requirements. As a starting point, organizations should perform a gap analysis to identify areas that require prioritization.

Unlocking Opportunities with DORA

Despite these challenges, DORA presents numerous opportunities for financial services organizations to continue to raise their cyber resilience capabilities and standards. DORA encourages collaboration between financial institutions by placing emphasis on information-sharing of cyber threat intelligence, enabling firms to adapt their defences to better respond to threats.

Additionally, DORA provides a unified cyber incident reporting approach that may allow for better correlation of cyber incident information. This information can be used to inform the financial services sector of changing and evolving cyber threats, enhancing transparency and trust across the European financial sector.

Furthermore, DORA presents an opportunity to drive innovation through the adoption of newer, more efficient technologies and practices, ultimately increasing operational efficiency, lowering costs, and enabling financial institutions to be better positioned to adjust to the rapidly evolving digital landscape.

Beyond serving as a blueprint for harmonizing the supervision of ICT and cyber threats within the EU, DORA may set a precedent for other jurisdictions. By further streamlining deviations from their cyber risk management frameworks, DORA could simplify regulatory complexity for multinational institutions. DORA also seeks to address the burdens associated with diverging cyber risk management rules across the EU that apply to financial institutions.

DORA’s Global Impact

The global repercussions of DORA’s implementation should not be overlooked. Due to the financial sector’s interconnected nature, financial authorities could adopt similar measures to coordinate their approach to managing cyber risk across jurisdictions.

This regulatory coordination could lead to a more consistent, robust and resilient global financial system, reducing vulnerabilities and enhancing overall stability. DORA’s principles and practices may serve as a template for future global regulatory frameworks, highlighting the importance of a structured approach and collaboration to address cybersecurity on a global scale.

Previous Article

August 06, 2024

The new face of finance: reimagining digital banking experiences for Gen Z

Read More
Next Article

August 19, 2024

Hyper-personalised lifestyle banking is the future of FinTech

Read More

IBSi News

Investment fraud attempts spike 76% in first half of 2024, Fraud, Investment Scam, FinTech, Identity Fraud

September 09, 2024

Compliance

One in five US consumers hit by identity fraud, seek security tips from billers

Read More

  • Daily insightful Financial Technology news analysis
  • Weekly snapshots of industry deals, events & insights
  • Weekly global FinTech case study
  • Chart of the Week curated by IBSi’s Research Team
  • Monthly issues of the iconic IBSi FinTech Journal
  • Exclusive invitation to a flagship IBSi on-ground event of your choice

IBSi FinTech Journal

  • Most trusted FinTech journal since 1991
  • Digital monthly issue
  • 60+ pages of research, analysis, interviews, opinions, and rankings
  • Global coverage
Subscribe Now

Other Related Blogs

May 16, 2024

Is Cybersecurity the key to customer loyalty for banks?

Read More

April 17, 2024

The sanctions job has changed – and it’s not going back any time soon

Read More

June 02, 2023

Chargeback fraud is growing – can AI and Big Data stem the tide?

Read More

Related Reports

Sales League Table Report 2024
Know More
Global Digital Banking Vendor & Landscape Report Q2 2024
Know More
NextGen WealthTech: The Trends To Shape The Future Q4 2023
Know More
IBSi Spectrum Report: Supply Chain Finance Platforms Q4 2023
Know More
Treasury & Capital Markets Systems Report Q1 2024
Know More