For many financial businesses, the industry of compliance is becoming more and more complex. You just finish looking at one regulation to ensure you are compliant, then along comes the next one.
With the huge increase in cyber security threats that all companies are facing, and the tightening of cyber insurance criteria, DORA (the EU’s Digital Operational Resilience Act) is one set of regulations financial companies need to be on top of now, even though they don’t come into force until January 2025.
DORA steps up cyber security and operational processes to guard critical financial systems from all interruptions. Its purpose is to strengthen the operational resilience of the financial sector and ensure continuity of critical services so that incidents like the 2018 TSB fiasco can’t be repeated. TSB paid out £48 million to the PRA and the FCA plus £33 million to compensate over five million customers when an IT migration left customers locked out of their accounts.
The EU sees the regulations as necessary to protect financial institutions that are increasingly digitising their services. Without a proper framework for operational resilience, they believe one single IT incident could potentially destabilise the EU’s entire financial system. DORA is designed to prevent this and it applies to all companies in the financial services sector, from banking to investment and crowdfunding.
So, its good news for consumers but businesses have just under two years to prepare.
And UK companies can’t avoid it – for DORA’s reach extends to basically any enterprise offering information and communications technology (ICT) services that is considered critical to the supply chain supporting the European financial sector — regardless of whether that enterprise or service is based inside the EU. In fact, under DORA, the complexity of your supply chain or the lack of actual EU presence are considered further risk factors. It’s also likely DORA will become law in the UK.
Leave a Comment