Strengthen Your Digital Resilience – Prepare for DORA Today
Ensure compliance, reduce ICT risks, and build operational stability with Eraneos’ expert guidance.
Digital Operational Resilience Act
The act is promoting innovative technologies while ensuring digital operational stability across the European financial sector. Its purpose is to strengthen the resilience of EU financial entities and reduce their vulnerability to ICT risks like IT failures and cyberattacks. DORA tackles such issues by introducing standard security requirements for Information & Communication Technology. The regulation applies not only to the financial sector itself but also to many of the ICT service providers in this sector.
DORA legislation requires a pragmatic approach in addition to knowledge: Eraneos delivers both qualities.
Who will be affected
The Digital Operational Resilience Act (DORA) applies to all companies within the European financial sector, as well as third-party providers, such as software vendors, that support these financial entities. Additionally, non-EU companies, including those based in Switzerland or Great Britain, are also affected if they operate within the EU.
When will it apply
DORA came into force on January 16th, 2023, with immediate validity across EU member states. There is a two-year implementation phase, which ends on January 17th, 2025. From that point onward, the implementation of the DORA requirements will be checked in audits, e.g. by supervisory authorities, and non-compliance can have negative consequences.
Why should you comply
Non-compliance by financial companies will result in findings and fines from authorities. For ICT providers, inadequate implementation will result in fines, notification to affected financial entities and, where appropriate, an order to suspend or terminate services provided. Above all, insufficient resilience leads to vulnerability for ICT incidents and cyber threats.
Find out to what extent your company is affected by DORA
In addition to the supervised institutions and companies such as banks, insurance companies and asset managers, affected companies also include most third-party service providers in the financial sector. Take our self-test to find out if your organization will be affected as well or reach out to us directly.
Effects of new regulation
With Regulation (EU) 2022/2554 (DORA), the European Union has created financial sector-wide regulation for the topics of cybersecurity, ICT risks and Operational stability / Resilience. Some of the financial companies affected by DORA have previously been subject to similar or identical requirements based on applicable regulations. Some of the requirements exceed previous national and European requirements. Some are completely new to certain or all affected companies.
We’ve outlined the most important topics and requirements below:
Key points:
- ICT Risk Management Framework, Strategies, Policies & Guidelines
- Risk Management, Taxonomy
- Inventories, monitoring, reaction and Recovery mechanisms
- ICT revision, new functions
- Awareness and target group-oriented training
- Reporting to and new Responsibilities of the Management Body
- Communication & Crisis Management
Key points:
- Classification of ICT incidents & cyber threads
- Response actions, restore, backup procedures
- Notification of major ICT-related incidents to authorities
- Responsibilities & functions (e.g. crisis management)
- External communication on ICT incidents and cyber threads
- Cooperation, processes, interfaces with ICT providers
Key points:
- Definition of testing program for digital operational resilience (scope and methods for risk-based testing of ICT tools and systems)
- Set up integrated testing with third-party provider
- Report to authorities and test certification (TLPT)
- Examination of suitability and, if necessary, change of external test partners for TLPT
Key points:
- Outsourcing management policies and processes
- ICT provider risks monitoring function
- Re-evaluation ICT provider and identification ICT provider supporting critical and important functions
- Reporting to the Management body
- Adjustment of requirements and contracts for new and existing ICT provider
- Ensuring DORA compliance of all ICT provider
- Register of Information
Key points:
- Information-sharing arrangements on cyber threat information and intelligence
Credit Institution & Asset Manager
Supporting a client in carrying out a DORA GAP analysis from the perspective of the company’s IT by locating the responsibilities and mapping the new requirements to the existing IT governance. Documented gaps and action recommendations were provided, with efforts and timelines jointly defined. A thorough, cross-functional impact analysis was key to ensuring a smooth implementation. The project is now in rollout, and we continue to support the IT Team as affected first line department.
Insurance Company
Currently assisting an insurance client with DORA compliance. Starting with an awareness session for the Board and IT Management. Carrying out an impact assessment on (expected) affects in relation to implemented requirements. Delivered a DORA implementation concept. A key success factor was to implement a cross-divisional central coordination to manage the cross-departmental scope effectively.
Automotive Finance Service Provider
Supporting a Leasing Company by determining the applicability of DORA against the background of the Financial Market Stabilization Act in Germany, which has yet to be passed. Conducted a GAP analysis against current regulations (MaRisk / BAIT) and new implementation requirements. The success factor is the careful and comprehensive impact analysis, especially since the customer has various branches in European and non-European countries.
DORA – Central Register of Information
Learn how Microsoft’s new Git integration in Power BI transforms collaboration, enabling multiple developers to work on reports and track version history.
IT Transformation
How do you adapt your IT infrastructure, systems, processes and culture to become more agile and innovative as an organization and achieve your goals?
Stefanie Förster
Senior Manager – Financial Services