DORA: The new regulation to protect banks, fintechs and investment firms from cyberattacks

07:12 - 24 April 2024

Financial Services

All financial institutions – including banks, fintech companies and crypto asset providers – are being called to comply with the EU’s new Digital Operational Resilience Act (DORA) by 17 January 2025 when it comes into effect.

Dubbed the EU’s most ambitious attempt to regulate cyberattacks to date, the aim is to ensure the safety and resilience of the entire European financial sector in conditions of rapid digital transformation.

Essentially, the new regulations aim to create a robust framework to govern ICT (information and communication technologies) in the financial sector, to prevent serious business disruptions.

The official DORA website provides more insight: “The Digital Operational Resilience Act (Regulation (EU) 2022/2554) solves an important problem in the EU financial regulation. Before DORA, financial institutions managed the main categories of operational risk mainly with the allocation of capital, but they did not manage all components of operational resilience. After DORA, they must also follow rules for the protection, detection, containment, recovery and repair capabilities against ICT-related incidents. DORA explicitly refers to ICT risk and sets rules on ICT risk-management, incident reporting, operational resilience testing and ICT third-party risk monitoring. This Regulation acknowledges that ICT incidents and a lack of operational resilience have the possibility to jeopardise the soundness of the entire financial system, even if there is "adequate" capital for the traditional risk categories.”

For more information, visit https://www.digital-operational-resilience-act.com/

DORA: The new regulation to protect banks, fintechs and investment firms from cyberattacks

News Feed

Read More