The proposed legislation from the European Commission looks to create EU-wide legislation to protect the operational resilience of the financial services industry.
This act would bring a wide range of ICT companies that supply products and services to the finance industry under the regulatory authority of the EU. This could have a major operational impact on those companies.
What key factors/components of this act do you need to know about?
Which companies could be impacted by this regulation?
Our financial industry experts discuss the proposed regulation and its impact.
The Latest Tech News You Need to Know
The Latest Tech News You Need to Know
With DORA set to be applied on January 17, 2025, organisations need to get ready. You must ensure that you have the policies and procedures in place to meet the requirements laid out by the act. But how to start preparing? We have compiled a list of steps that financial entities and ICT vendors need to take to get ready for the implementation of DORA.
Ensure the relevant people including the management board, risk management and compliance teams are aware of DORA. Ensure they understand the regulatory requirements that apply.
Identify all the relevant internal stakeholders. Set up a DORA programme involving those stakeholders and assign roles.
Undertake a preliminary self-assessment. A gap analysis will help your organisation assess whether the existing ICT risk management approaches meet the requirements proposed in DORA.
Define a risk-based road map to bridge any compliance gaps identified in your self-assessment and gap analysis
Identify and prioritise the relevant partners you need to collaborate with.
Appoint or introduce the role of compliance or regulatory officer to ensure that someone is managing this area for your business.
Undertake a preliminary self-assessment of your current clients to understand if your organisation is a critical provider.
Review the draft regulations to understand both the requirements from the DORA provisions (direct impact), and the requirements to be fulfilled under contractual arrangements with a financial entity (indirect impact).
Assess the “critical or important functions” with your product and technology leaders. Highlight areas that qualify as “vulnerabilities” and “ICT third-party risk” under the regulations. Match and prioritise them with your customer base.
Plan how you will communicate to your clients how you intend to align with them, to prepare a shared approach to DORA (also a relationship building opportunity).
Associate Research Director, Cloud Data Management, IDC Europe
Research Director, IDC Financial Insights Corporate and Retail Banking
Associate Research Director, IDC Financial Insights
Research Manager, European Privacy and Data Security
International Data Group is committed to protecting the environment, the health and safety of our employees, and the community in which we conduct our business. It is our policy to seek continual improvement throughout our business operations to lessen our impact on the local and global environment. We are committed to environmental excellence, pollution prevention and to purchasing products that reduce the use of natural resources.