DORA: An opportunity for innovation or more IT spending for the financial sector?

To successfully navigate the challenges posed by DORA, the financial system needs a strategic approach that encompasses technology, processes, and people.

Patrícia Domingos
Client Manager at askblue

The financial sector is on the verge of a significant transformation driven by the Digital Operational Resilience Act (DORA). But how will it impact it, and how can we navigate this regulatory landscape with empathy and strategic vision?

DORA is an EU regulatory framework aimed at strengthening the digital operational resilience of financial institutions. It requires banks, insurance companies, and other financial entities to ensure that they can withstand and recover from disruptions related to technological infrastructure. It will apply on January 17, 2025.

The main components of DORA include:

1. Information and Communication Technology (ICT) risk management: Institutions must implement risk management frameworks to identify, assess, and mitigate ICT risks.

2. Incident reporting: Financial entities are required to report significant ICT-related incidents to their supervisory authorities.

3. Digital Operational Resilience Testing: Regular testing of digital operational resilience is required to ensure preparedness against potential disruptions.

4. Third-Party Risk Management: Institutions must effectively manage the risks associated with third-party ICT service providers.

5. Information Sharing: Enhanced cooperation and information sharing between financial institutions on cyber threats and vulnerabilities.

A bank’s ability to withstand an attack or recover from a failure is vital because a service outage, depending on its duration, can have an impact on other companies, sectors, and even the rest of the real economy – which highlights the importance of digital operational resilience.

Banks and insurance companies in Portugal operate with legacy systems used for decades. These systems, while reliable, often lack the flexibility and security features needed to meet modern regulatory requirements. To comply with DORA’s requirements several challenges are already well known in the sector: integration difficulties, and security vulnerabilities, but above all the complexity of the processes in the systems can make it difficult to implement effective digital operational resilience measures. Ensuring compliance with DORA requires a thorough understanding of existing processes and the ability to simplify them without disrupting operations. To successfully navigate DORA’s challenges, the financial system needs a strategic approach that embraces technology, processes, and people. We can rethink and simplify both internal and customer-facing processes. Simplifying operations helps with compliance and improves efficiency, as well as the user experience. On the other hand, it offers the opportunity to rethink global architecture and reduce costs in the medium to long term.