What is DORA?

Regulatory Newbie: DORA aims to create a more consistent approach to making sure that banks, insurance companies, investment firms (and a bunch of other financial service providers) – can weather any IT storm. Think power outages, cyberattack etc.

The Digital Operational Resilience Act (DORA), effective January 16, 2023, with enforcement beginning January 17, 2025, significantly bolsters IT security for financial institutions across the EU. This regulation applies to banks, insurance companies, investment firms, and a further 20 financial entity types, along with their ICT third-party service providers.

DORA's primary objective is to ensure the European financial sector's resilience against severe operational disruptions. It achieves this by harmonizing operational resilience regulations, fostering a more consistent approach across the continent.

Key Takeaways for Financial Institutions:

• Compliance Deadline: January 17, 2025

• Applies To: Banks, insurance companies, investment firms, and 20 additional financial entity types, along with their ICT third-party service providers

• Focus: Strengthening IT security and operational resilience

DORA covers:

• Managing IT risks: Setting up systems to identify, assess, and control IT-related threats.

• Outsourcing IT: Understanding and managing risks from external IT providers.

• Testing IT resilience: Regularly checking how well systems can handle disruptions.

• Handling IT incidents: Having plans in place to respond to and recover from IT problems.

• Sharing information: Collaborating with others to combat cyber threats.

• Overseeing key IT suppliers: Ensuring critical IT providers meet high standards.