Layla Tovey's blog : The Digital Operational Resilience Act (DORA)

In June of 2022, the European Council and European Parliament reached a political agreement in regards to the operational resilience of critical entities. The push for a more digital resilient strategy aligns with the PRA Operational Resilience guidelines and need to fortify necessary functions to its services to better serve the public. The directive aims to reduce the risk and vulnerabilities presented to the entities and also strengthen its resilience. The entities in question refer to the most critical services provided to the European public, as well as the citizens and markets that depend on them to function properly. This area covers critical entities in a number of sectors, such as energy, transportation, health, drinking water, waste water and space.

The EU is strengthening the IT security of financial entities such as banks, insurance companies and investment firms. The Council presidency and the European Parliament reached a provisional agreement on DORA, which will make sure the financial sector in Europe is able to maintain resilient operations through a severe operational disruption. DORA aims to ensure that all participants in the financial system have the necessary safeguards in place to mitigate cyber-attacks and other risks. This uniform approach will better prepare the industry as a whole to potential disruptions.

The point of the regulation is to make sure all financial systems are strong enough to handle any unexpected disruptions with minimal impact. Firms are also required to report any operational disturbances to the overseeing authority to assess and monitor the response to those disruptions in order to better prepare for any future setbacks.

The DORA states systems must be put in place to enhance the resilience of critical activities, with uniform cohesion within the EU. A national strategy must be enacted to create a systemic, overarching goal of resilience across all internal and external processes within the most critical functions. As always, these civil service functions must first clearly identify the most vulnerable area of operations, determine the risks associated with them, as well as a strategy to address each risk properly. This thorough assessment will allow the firms to enact calculated controls to mitigate disruptions. The focus of DORA is not only to prepare for disruptions but also to ensure financial institutions are strong enough to withstand them and bounce back from them.

The emphasis on operational resilience within digital systems has grown as we’ve come to depend more heavily on technology based systems. More than ever, cyber attacks, information breaches and data security continue to be at the top of the watch list in terms of consumer and financial safety. While these tech-based processes are efficient and useful, DORA underlines the need to maintain safety and resiliency across all platforms, whether internal or external. Safety is at the heart of DORA, and as we continue to progress, it is expected that amendments to DORA will respond to changes within the digital environment.

In: