
Ivan Spiteri
The objective of DORA is to improve the cybersecurity and operational resilience of all regulated European financial institutions and of critical, third-party ICT service providers.
The Digital Operational Resilience Act establishes a unified set of requirements for the security of network and information systems of companies and organisations operating in the financial sector, as well as third parties that provide ICT-related services to them (e.g., cloud platforms or data analytics services).
In addition, DORA establishes a regulatory framework on digital operational resilience, where all firms need to ensure they can withstand, respond to, and recover from all types of ICT-related disruptions and threats. The requirements are the same across all EU member states, as they aim to prevent and mitigate the growing number of cyber threats.
“To strengthen the ICT security and resilience of financial entities in Europe in the face of a severe operational digital disruption, and harmonise the rules for operational resilience across the European financial sector.” (ESMA)
Overall, responsibility for this framework, and other governance obligations imposed by DORA, will rest on the firm’s management, which will be responsible for reviewing, approving, implementing and updating the risk management framework.
Management will be required to have full awareness and understanding of the financial institution’s ICT usage, services and risk profile. Companies may want to assess how reporting lines from their ICT department to senior management actually operate on a daily basis. The financial institutions that are subject to DORA must appoint a senior executive responsible for digital operational resilience and report incidents to the appropriate authorities
Our Technology experts can assist you with DORA Compliance
Ivan Spiteri