Impact of Dora on Financial Services

Digital Operational Resilience Act (DORA) is a European Union regulation that came in full effect on January 17, 2025, to enhance cybersecurity and ensure functional continuity of the financial sector. It employs rigorous information and communication technology or ICT standards across all financial entities.

Since financial institutions rely on digital systems, the entire financial sector must regularly withstand, respond to, and recover from digital disruptions and attacks. When one financial institution is attacked it is very likely to spread through the system disrupting operations and compromising people’s identities and financial resources.

Key Areas of Impact

• Risk Management: Financial Services providers are advised to establish risk management plans with clearly defined roles and responsibilities to ensure regulatory compliance.
• Detecting and Reporting: Organizations need to maintain processes for detecting, reporting, and investigating ICT threats and disruptions.
• Operational Resilience: Institutions are required to regularly test digital operational resilience to ensure the effectiveness of existing strategies and systems.
• Continuous oversight: Continuous oversight of any third-party ICT vendor’s risk management processes and proactive sharing of information and intelligence about cyber threats and vulnerabilities with fellow financial entities and relevant authorities.