ARTICLE
18 July 2024

Digital Operational Resilience Act (DORA)

AM
Alvarez & Marsal

Contributor

Alvarez & Marsal logo
Explore
In today's digital age, the reliance on Information and Communication Technology (ICT) has made financial entities more vulnerable to cyber incidents, making operational resilience more critical than ever.
United States Media, Telecoms, IT, Entertainment
Photo of Erick Valdes
Authors
To print this article, all you need is to be registered or login on Mondaq.com.

What is the Digital Operational Resilience Act (DORA)?

In today's digital age, the reliance on Information and Communication Technology (ICT) has made financial entities more vulnerable to cyber incidents, making operational resilience more critical than ever. The Digital Operational Resilience Act (DORA) is a regulation introduced by the European Union to ensure that financial institutions are well-prepared to manage the risks associated with ICT.

What is DORA Resilience?

The Digital Operational Resilience Actmandates financial entities to establish strong mechanisms for protection, detection, containment, recovery, repair and reporting against Information and Communication Technology (ICT) related incidents.

Key elements:

  • ICT Risk Management: Develop frameworks for risk management, incident reporting, resilience testing, and third-party risk monitoring.
  • Operational Resilience: Design strategies for preventing, responding to, recovering from, and learning from disruptions.

What are the Five Pillars in DORA regulation?

  1. ICT Governance & Risk Management: Board awareness, resilience strategies, and risk management frameworks.
  2. Incident Management & Reporting: Security and IT incident frameworks.
  3. Operational Resilience Testing: Methods for resilience testing and threat-led penetration testing.
  4. ICT Information Sharing: Cyber threat intelligence and information sharing.
  5. ICT Third-Party Risk Management: Full visibility and management of outsourced functions.

How Does DORA Impact Entities?

Entities using ICT systems such as ERP, CRM, cloud computing, and online banking must comply with DORA. Key scenarios include:

  • Cross-Border Transactions: U.S. financial institutions engaging in transactions with EU entities must ensure their ICT systems can withstand disruptions.
  • Client Onboarding: Secure and robust ICT systems are essential for handling EU client data effectively.

DORA came into force on January 16, 2023, with compliance required by January 2025. Non-compliance carries severe penalties! U.S. financial institutions operating within the EU or interacting with EU financial entities fall under DORA compliance

Want to learn more about DORA and how it impacts your organization? Read the full article to understand the detailed requirements and ensure your financial entity is fully compliant with this critical regulation.

READ THE FULL ARTICLE HERE

Originally published by 17 July, 2024

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Erick Valdes
Erick Valdes
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More