Blog

July 19, 2024

Intro to DORA

Introduction  

The European Union (EU) is taking a significant step towards a more robust financial system with the implementationof the Digital Operational Resilience Act (DORA). Coming into effect on January17th, 2025, DORA aims to fortify the IT security of financial institutions andensure the EU's financial sector can withstand major operational disruptions.  

A Harmonized Approach to Operational Resilience  

DORA establishes a unified set of regulations for operational resilience across the financial sector.  

This applies to a wide range of entities, including:  

•       Banks  

•       Insurance companies  

•       Investment firms  

•       And a further 15 financial service providers  

The regulation also encompasses critical third-party Information and Communication Technology (ICT) service providers that these financial institutions rely on.

Why DORA? The Need for Enhanced Cybersecurity  

The financial sector's ever-increasing dependence on technology creates vulnerabilities. Cyberattacks and operational incidents can significantly disrupt financial services, impacting not just individual institutions but potentially causing widespread economic repercussions. DORA addresses this critical need by promoting robust digital operational resilience within the financial sector.  

What Does DORA Cover?  

DORA outlines a comprehensive framework to achieve digital operational resilience, encompassing key areas like:  

•       ICT Risk Management: Establishing principles and requirements for a structured ICT risk management framework.

•       Third-Party Risk Management: Implementing measures to monitor and mitigate risks associated with third-party ICT service providers, including key contractual provisions.  

•       Digital Operational Resilience Testing: Conducting regular testing(basic and advanced) to assess the resilience of systems and processes.  

•       ICT-Related Incident Management: Defining general requirements and procedures for reporting major ICT-related incidents to competent authorities.  

•       Information Sharing: Fostering the exchange of information and intelligence on cyber threats among financial institutions and authorities.  

•       Oversight of Critical Third-Party Providers: Implementing a robust oversight framework for critical ICT third-party service providers.  

 

Who Does DORA Apply To?  

DORA has a broad scope, encompassing a wide range of financial institutions and service providers.  

Here's a non-exhaustive list of entities covered:  

•       Credit institutions  

•       Payment institutions  

•       Investment firms  

•       Insurance and reinsurance undertakings

•       Crypto-asset service providers  

•       Central securities depositories  

•       Data reporting service providers

•       And many more  

 

Stay Compliant with DORA  

Binarii Labs is a leading provider of data security solutions. We can help your financial institution achieve compliance with DORA's regulations.