You might be aware of the newly adopted Digital Operational Resilience Act (DORA) for financial services entities. But what action does your organisation need to take to comply with the legislation?
The European Union (EU) has formally adopted its latest operational resilience legislation, DORA, which will place additional reporting requirements on financial institutions and their critical suppliers.
A deadline of 17 January 2025 has been set for those affected to ensure they are compliant, and organisations must act now to guard against evolving risks.
Take our DORA QuickCheck
Complete our quick questionnaire to learn if you are likely to be in scope and get guidance on your DORA priorities.
What is DORA?
DORA builds on existing institutional EU requirements in response to market-wide, ongoing digital transformation and evolution of new associated risks.
The Act aims to set uniform requirements for the operational resilience of almost all financial entities operating in the EU. Importantly, it also applies to critical third parties that provide ICT-related (information and communication technologies) services to the FS sector, e.g., cloud platforms, professional services, or data analytics.
DORA also mandates that all participants in the financial system have the necessary safeguards in place to mitigate attacks and other risks, such as supplier failure, service deterioration, and concentration risk.
Does DORA impact you?
20 different types of financial services organisations of all sizes will be affected, including:
The reach of DORA is set to be far broader than any previous regulation, impacting any financial institution or critical providers that need access to or operate within the EU market.
In addition to the above FS organisations, the European Supervisory Authorities (ESAs) – the entities responsible for the supervision of EU financial markets – will be able to designate critical ICT third-party service providers based on criteria such as sustainability and the potential systemic impact they could cause if they experienced a large operational failure.
As DORA is an EU legislation, it may not always apply directly to UK organisations, but as many firms in the UK have operations within the EU, DORA may affect them. Even if you supply EU financial institutions from the UK, you’ll be in the scope of DORA.
The 5 required steps for DORA compliance
DORA requires all financial institutions regulated at the EU level to ensure they can withstand all ICT-related disruptions and threats. This means implementing measures across five core areas:
DORA lays out frameworks and guidelines for risk management in the financial sector. With increasing digital transformation and connectivity, EU market regulators are keen to safeguard FS and Insurance companies, their supply chains, and customers from increasing cyber attacks.
These guidelines aim to help organizations build more mature risk management programs and improve operational resiliency.
Learn more about our cyber security consulting and risk management services.
Your roadmap to DORA compliance
Your compliance journey is easier with NCC Group. We offer unique 360° readiness to help financial services organisations of all sizes prepare for DORA, providing all necessary services under a single scope – no other service provider can do that.
Our DORA Readiness Assessment is designed to support financial institutions and critical third parties looking to obtain DORA compliance. A combined team of experts from our Incident Response, Business Continuity Planning & Disaster Recovery, Software Escrow (Escode), and Managed Service practices join forces to provide organisations with an overview of any gaps in their governance procedures and processes in relation to the five mandated steps of the DORA legislation (outlined above).
Watch our DORA webinar with UK Finance
"DORA Demystified: What UK-Based Entities Need To Know"
June 2024
NCC Group's DORA specialists Mick Flitcroft, James Pearce and Chantal Constable recently joined UK Finance answering common DORA queries and sharing tips on how to achieve compliance by 2025.
Further reading
Access unparalleled DORA coverage.
To book your comprehensive DORA Readiness Assessment, get in touch today.
For more information, download our DORA e-guide.