EU flag

DORA regulations: 5 key areas and how they’ll impact EU financial services

In recent years, widespread system outages and cyber threats, along with the effects of the Covid-19 pandemic have placed operational resilience at the top of the priority list for financial regulators, and EU regulatory bodies are no exception.

In fact, on 24 September 2020, the European Commission released its draft Digital Operational Resilience Act (DORA). The legislative proposal is based on existing European risk management regulations that impact information and communications technologies (ICTs) and is expected to come into force in the first half of 2022.

Once the new regulations come into force, EU financial firms will be expected to comply with new rules in the following five key areas:
 

Digital operational resilience

DORA will establish standardised EU-standards for digital operational resilience testing. The testing requirements will include vulnerability and network security assessments, gap analysis and software solutions’ testing, as well as scenario-based testing, performance testing and penetration testing.

These requirements aim to establish a unified approach to operational resilience standards, bringing them under the EU’s scope for the first time.
 

Risk management

Under the new rules, firms in the financial services sector will be expected to establish and maintain resilient ICT systems and tools that are equipped to identify and mitigate ICT risks consistently and reliably.

They will also be required to put in place comprehensive business continuity policies and disaster recovery plans.
 

ICT incident reporting and management

According to the legislative proposal, financial firms will be required to implement management systems to monitor, describe, and report any major ICT-based incidents to relevant authorities.

This new, standardised approach is likely to result in the creation of a new centralised EU body to oversee and facilitate incident reporting and management.
 

Information sharing

Building on existing regulations, DORA will encourage financial firms to share cybersecurity information and intelligence with firms in other member states, in an effort to reduce the impact of cyber threats in financial services and strengthen response and recovery capabilities in the European financial sector as a whole.
 

Third-party risk management

The new regulations establish that third-party ICT providers, including cloud service suppliers, will regulated by one of the European Supervisory Authorities (ESAs), which will be empowered to request information, issue recommendations and requests, conduct inspections and even impose penalties for non-compliance with the new EU risk management and operational resilience regulations.

Financial services firms will also be required to assess and document any potential risk associated with their third-party ICT service providers and will be responsible for ensuring their contracts with such firms specify their regulatory obligations under the new legislation

The upcoming Digital Operational Resilience Act marks a new chapter for EU institutions, bringing them closer to the requirements set out by UK regulatory bodies to bolster operational resilience in the financial services sector.

Read our whitepaper to know more about the upcoming regulation changes and the growing importance of operational resilience in other regions.

Related posts

DEM Banner

Three ways to meet always-on consumer demands

Discover the significance of Digital Experience Monitoring (DEM) for maintaining website reachability, reliability, and performance. Explore proactive monitoring strategies, user experience insights, and API testing to deliver exceptional digital experiences. Learn how ITRS Uptrends DEM ensures optimal performance, 24/7 accessibility, and customer satisfaction across global landscapes.

Read full post
LloydsPharmacy Online Doctor Relies on ITRS Uptrends

Uptrends keeps LloydsPharmacy Online Doctor and patients connected 

When LloydsPharmacy Online Doctor needed to keep pace with the number of customer demands for prescriptions and services, it turned to ITRS Uptrends to monitor its website applications, website performance, APIs, and external servers. 

Read full post
gambling monitoring

Gambling and IT: ‘Always on,’ yes, but also ‘always vigilant’

A recent slot machine outage at Las Vegas hotel and gambling venue MGM Resorts reminds us that while being an “always on” IT environment is important, there is also the need for your monitoring system to be “always vigilant.”

Read full post
api monitoring

Banks focus on modernizing API monitoring tools

Banks are putting fresh eyes on using APIs to drive better business outcomes and deliver more value to their customers, as part of their digital transformation of key operations.

Read full post
SEE MORE