You can use the search function to find a range of UK Finance material, from consultation responses to thought leadership to blogs, or to find content on a range of topics from Capital Markets & Wholesale to Payments & Innovation.
Financial entities and third parties will have to ensure compliance with the Digital Operational Resilience Act (DORA) by January 2025 — which means it’s time to start preparing today.
The opinions expressed here are those of the authors. They do not necessarily reflect the views or positions of UK Finance or its members
Since the 2008 financial crisis, regulators have been campaigning for greater resilience, highlighting the potential areas of disruption to firms and their customers across a variety of business operations.
Flash forward to September 2022, and the European Commission, European Parliament, and European Council answered this call by reaching a provisional agreement on the wording for DORA. Enterprises are now tasked with taking a more proactive approach to enhancing data transparency, risk mitigation strategy, and their classification and reporting of IT incidents. With total regulatory compliance required by 2025, it’s time for companies to start strategizing.
The Digital Operational Resilience Act, or DORA, introduces a comprehensive regulatory framework to all financial entities regulated at an EU level.
DORA aims to homogenize the requirements across the EU so that financial organisations are able to withstand, respond to, recover from, and maintain their operations even under severe operational disruptions. The objective of DORA is to address ICT risks more comprehensively and to strengthen the operational resilience of digital systems in the EU financial sector.
The requirements relate to:
Financial entities and third parties have to ensure compliance with DORA by January 2025 — and this regulation has a broad reach. To name just a few, this applies to: all credit institutions, payment institutions, electronic money institutions, investment firms, crypto-asset service providers, data reporting service providers, insurance and reinsurance undertakings, and more.
With compliance requirements looming, companies subject to DORA regulations must begin preparing for the challenges – and opportunities – that accompany this new regulatory framework, which starts with:
While we await the release of technical specifics that this legislation will mandate during 2024's RTS rollout, in-scope firms will need to begin to discuss DORA compliance at the earliest opportunity.
DORA is pushing enterprises to rethink their regulatory frameworks, and in doing so, also offers an opportunity to improve, streamline, and automate risk management and digital operational resilience.
It’s critical to begin the conversation on DORA compliance today — and to begin laying the groundwork that will empower your team to:
Mitratech hosted a virtual webinar on 17 May on ‘Expert Perspectives: Implementing DORA, Mastering the Challenges and Opportunities’. Watch it on demand here.
16.05.23
Henry Umney, MD for GRC, Mitratech
26.04.24
22.04.24
24.04.24
By downloading this document, you understand and agree that any sharing, distribution or republishing of the content, without prior written authorisation from the author or content managers at UK Finance, shall be constituted as a breach of the UK Finance website terms of use.