Skip to main content

Navigating DORA

The European Commission has identified an important role for digital financial services in Europe’s digital innovation and, as such, should support the European economic recovery. To that end, the European Commission adopted a digital finance package in September 2020. This should benefit both consumers and companies by enabling greater access to financial services, more choice, and more efficiency while at the same time providing consumer protection and financial stability.

As part of the European Committee’s digital finance strategy for Europe, the Digital Operational Resilience Act (with its catchy abbreviation ‘DORA’) has an overall goal to bring harmony to digital resilience rules for all the financial institutions within Europe. It’s easy to see why many are overwhelmed by the details and the vastness with so many moving parts.

Why do we need DORA?

DORA is about bringing shape and sameness across the board to better digital finance regulation. Its current landscape is fragmented, making it hard for cross-border financial organizations to comply with EU member states national rules – especially where the rules might be overlapping, inconsistent, or even contradicting. And naturally, this means oversight of 3rd party entities and quality reporting has been inconsistent as well.

That’s why we must embrace responsible digital finance – it’s for the good of the consumer and businesses alike.

Benefits of Digital Finance

There are many benefits that digital finance will bring with it. Everything from better financial products for consumers and new ways of channeling funding to EU businesses, mobilizing funding to support the Green Deal and the EU’s COVID recovery strategies. Cross-border digital finance will also enhance financial market integration in the Banking Union and Capital Markets Union.

However, it needs to be subject to a consistent set of regulations.

With the increased use of Third Parties comes an increased need for more oversight, and DORA enables just that. Firms will be required to set up and maintain resilient ICT systems and tools to identify and minimize ICT risk continuously. Businesses will also need to ensure they can provide correct incident reporting, including conducting tests to the operational resilience of their capabilities and functions to identify weaknesses, deficiencies, or gaps. DORA also helps with information sharing, handy when red-flagging suspicious activity or potential cyber threats across borders.

Scope and Next Steps

DORA affects everything from insurance undertakings and intermediaries, to credit rating agencies to crowdfunding providers – and all the 3rd party entities they may use. Its effects could be massive. The act was opened for feedback with the results pending, but the basics of the act are unlikely to change very much.

At ACE, we help our clients with every aspect of regulatory change. From assessing what’s needed for timely compliance to instating cutting-edge capabilities that will serve you for changes to come.

Get in touch if you’d like to know more about DORA or anything else.

As always, thanks for reading,