The new EU regulation DORA (Digital Operational Resilience Act) aims to establish a comprehensive framework for the harmonisation of digital resilience processes and standards in the financial sector. The regulation is also intended to strengthen the authority of supervisory authorities and allow for direct oversight. At Deloitte, we help financial institutions prepare for this new regulation and set up all related business processes to be as resilient as possible in the face of digital risks and fully compliant with the new rules.
DORA is the EU’s flagship initiative on digital operational and cyber resilience in the financial services sector. The regulation establishes a single set of regulatory and supervisory rules for the operational resilience of information and communication technologies in the financial sector. Among other things, it requires financial institutions to make significant investments to improve their resilience to digital and cyber risks.
The regulation was published in the Official Journal of the European Union on 27 December 2022 and will enter into force on 16 January 2023. From that date, institutions have 24 months to reflect the new rules in their processes.
Above all, the new obligations will require a change in the approach of the governing bodies - they will be tasked with strengthening the resilience of institutions to the digital threats that will dynamically evolve and minimising the vulnerability of business models. Financial institutions’ governing bodies, ICT risk management and other leaders of financial institutions will play an important role in driving internal change in response to DORA requirements, their implementation and in making the strategic investment decisions necessary to build resilience.
The above requirements apply to traditional financial services entities, financial technology providers as well as external service providers of financial companies.
Why is compliance crucial?
While the use of third parties is beneficial to financial entities, the increasing dependence results in a corresponding increase in operational risk and the potential for mismanagement. Strengthening the operational resilience of the broader financial sector is essential and is a shared concern. In addition, 1% of average daily global turnover can be imposed as a fine for breach of obligations
Deloitte's experts are ready to support organizations in establishing solid pillars of operational resilience as proposed and required by the DORA.
We offer holistic services that can support your organization from GAP analysis to implementation. We have proven tools and methodologies to help our Clients meet requirements of DORA:
DORA introduces threat-led penetration testing (TLPT) for critical players. Deloitte Central Europe Cyber practice provides best-in-class penetration testing services due to our highly skilled professionals and technological background.