The Digital Operational Resilience Act (DORA)—set to take effect on January 17, this year—is knocking, and many banks are scrambling. With the deadline just days away, some are cutting it dangerously close. A survey by PwC revealed that 70% of financial firms are concerned about meeting DORA’s requirements on time. This last-minute rush not only rubbishes compliance but also exposes slacks in their digital infrastructures. Today we explore the hidden costs of ignoring DORA. And why financial institutions must act now.
The truth is that compliance isn’t just about meeting a date in the calendar. It’s about building systems that can weather storms long after regulators move on. Ignoring this is a recipe for trouble—both operational and reputational.
At Disruption Banking, we’ve seen the financial world adapt to countless changes. Our focus has always been on how technology can make life easier for businesses, regulators, and consumers. DORA, besides the good it promises to do, intends to give a boost to the digital resilience of over 22,000 financial institutions across the EU.
For instance, the integration of DORA with existing frameworks such as GDPR requires meticulous planning to avoid compliance overlaps and gaps.
What’s clear is that the financial institutions treating DORA as an opportunity to improve will be the ones to thrive. This is more than a legal requirement; it’s a turning point.
Why DORA Compliance is Critical for Financial Institutions
DORA is shaking up the way financial entities handle their suppliers and service providers. It introduces stringent requirements for managing third-party ICT risks, forcing the hands of financial institutions to reassess their vendor relationships. Rinesh Patel, Head of Financial Services Industry, Snowflake, shared how “The Digital Operational Resilience Act (DORA) comes into force in a matter of days. The regulation aims to promote a more robust and proactive approach to managing ICT risks within financial institutions while standardising requirements to establish a consistent set of regulations across the EU.
For those yet to make changes, they must act now. Organisations need to adapt their practices to ensure compliance while reaping the potential benefits of enhanced operational resilience in a digital era. Once enforced, all regulated organisations will need to comply with the requirements around risk management and testing. This will involve having an ICT risk management framework in place, conducting regular penetration testing and vulnerability assessments, and maintaining robust business continuity plans in the face of potential disruption. Firms will also be required to report major operational incidents to the relevant authorities within the stipulated timeframes.
Overall, DORA aims to create a more robust and resilient financial ecosystem by requiring financial institutions to also manage third-party risks more effectively, forming a secure foundation for potential future innovations. Leveraging modern cloud data platforms supported by strong governance frameworks, allows organisations to take an essential step towards achieving full compliance and importantly mitigate risk.”
Reverting to Rinesh’s point about third-party risks, a study by Eviden explains that integrating third-party risk strategies with overall ICT risk management remains a daunting task for many organizations. It is worth noting that the underlying premise of EU financial regulation is to address shortcomings in third-party risk management, operational resilience. Not to cause difficulties to financial institutions.
The Role of Technology in Ensuring Digital Resilience
The good news is that the right technology can cut through the noise. Smart tools like TechPassport’s DORA-as-a-Service (DaaS) can help banks and financial institutions map out and manage their end to end supply chains with ease and in real-time. These platforms keep things updated automatically, so you’re not stuck playing catch-up. That’s crucial since compliance isn’t something you tick off and forget.
Source: TechPassport
Duncan McDonald, Global Head of Compliance Services at NCC Group, emphasized the importance of early preparation: “If you haven’t started preparing for a game-changing piece of European legislation called the Digital Operational Resilience Act (DORA) – it’s time to take action immediately.”
Investing in these solutions now isn’t just smart—it’s necessary. More regulations are underway, from the EU’s AI Act to stricter rules on third-party dependencies. The NIS 2 Directive, which also stresses cybersecurity and operational resilience, has been in play since January 16, 2023. Getting ahead of these changes is cheaper and far less stressful than scrambling later.
Why DORA Is More Than Just Rules
At its heart, DORA is about making financial systems more secure. It’s about ensuring banks can keep serving customers, no matter what disruptions come their way. That’s good for trust, good for business, and good for the wider economy. Banks can turn compliance into a competitive advantage by strengthening their operations and supplier relationships.
Some might say the cost of adapting is too high. Yes, there are costs involved. Estimated to average $181 billion annually across the industry, with individual institutions potentially spending up to $10,000 per employee (Forbes). But ignoring it will cost much more. The alternative—cyber attacks, fines, and reputational damage—is far worse.
The International Monetary Fund’s (IMF) 2024 Global Financial Stability Report found that in the last two decades, the financial sector has been the victim of 20,00+ cyberattacks, costing it huge sums in losses to the tune of $12 billion.
Jonathan Armstrong, Partner at Punter Southall Law, notes, “DORA is a regulatory framework designed to strengthen the resilience of the financial sector against digital disruptions.”
So, investing in the right tools and processes pays off in stability and peace of mind after all. And that, by far, should outweigh the initial investments considerably.
DORA is Here. It’s Time to Act
The clock is ticking, and action can’t wait. DORA is here to stay, and it’s pushing financial institutions to rethink their approach. Dare to say this isn’t just about surviving regulatory scrutiny. It should be about thriving in a space in time that’s constantly evolving. And because non-compliance isn’t even an option here, it could result in fines up to 2% of total annual worldwide turnover. It stresses the importance of prompt and effective compliance efforts.
DORA is more than a hurdle. It’s a chance to build systems that are prepped and ready for whatever comes next. The question is, will financial institutions rise to the occasion or get caught out? The answer could define the future of finance.
#OperationalResilience #ThirdPartyRiskManagement #EUFinancialRegulations #DORA
Author: Richardson Chinonyerem
See Also:
How Fintech Roadmaps Are Revolutionizing SME Financing in 2024 | Disruption Banking
How Middle Eastern geopolitics is boosting Israel’s cybersecurity scene | Disruption Banking
FinTech Aviv: Talking cybersecurity with Balasys | Disruption Banking
