Author

Julian Kirsch

Published

20 February 2025

Estimated Read time

5Mins

Julian Kirsch, Head of Risk & Compliance at Aryza, looks at the impact of DORA on financial services organisations.

The Digital Operational Resilience Act (DORA) is not just a regulatory framework. It is a critical step toward ensuring that financial institutions can withstand and recover from digital disruptions. This is particularly important as these disruptions become increasingly common in today’s marketplace. For financial services, DORA presents both challenges and opportunities to enhance organisations’ durability while adhering to the evolving regulatory landscape. 

Operational resilience is becoming increasingly important in financial services. It’s not just about avoiding penalties, however. Operational resilience is about strengthening the entire system. By doing so, financial service organisations become better equipped to manage digital risk. Managing digital risk effectively also means being able to deliver continuous services, and maintain trust in an increasingly complex environment.  

Why DORA Matters 

DORA is a regulation introduced by the European Union designed to strengthen the operational resilience of the financial services sector. While the act took effect in 2023, it became fully enforceable in January 2025. It aims to enhance the Information and Communication Technology (ICT) security of financial entities and ensure they can effectively manage operational risks arising from digital disruptions. These disruptions can be caused by cyberattacks, system failures, or other technological failures. DORA sets out clear requirements for financial institutions to improve their governance, risk management, and cybersecurity practices. Not only that, but is also assesses institutions’ ability to manage and recover from disturbances. 

These regulations offer financial services firms an opportunity to proactively address risks and build more resilient operational frameworks that can withstand the challenges of an increasingly digital world. This will enhance the sector’s ability to deliver services securely, even in the face of adversity. 

The Key Components 

Governance and Risk Management 

DORA requires organisations to establish strong governance frameworks and comprehensive risk management strategies for managing ICT. This includes integrating digital operational resilience across all levels of the organisation. Dooing so ensures effective risk identification, assessment, and mitigation while maintaining transparency and continuous testing. 

Incident Reporting and Crisis Management 

The regulation mandates timely reporting of significant ICT-related incidents. Financial institutions must implement systems to monitor, detect, analyse and report incidents. Doing so ensures that both internal and external stakeholders are promptly informed. This ensures that regulators are notified within the required timelines and that transparency is maintained. 

Third-Party Risk Management 

DORA highlights the need for robust due diligence and ongoing management of third-party vendors, ensuring they meet the same high standards as financial institutions. It also underscores the importance of information sharing between financial entities and regulators to collectively enhance resistance against ICT-related threats. 

ICT Security and Data Protection 

Adopting robust ICT security frameworks and data protection measures to safeguard systems and sensitive data from a range of cybersecurity threats and operational disruptions. It requires taking a proactive approaches to cybersecurity to ensure the protection of both institutional and customer data. 

Testing and Reporting Requirements 

DORA requires organisations to regularly test their systems for resilience against potential interference. Institutions must conduct scenario-based testing and vulnerability assessments, reporting the results to regulators to demonstrate that they are managing risks effectively and maintaining business continuity. 

How to Implement DORA 

For financial institutions, implementing DORA will require significant changes across organisations. Here are the key actions that companies must take to ensure compliance: 

  • Enhance governance frameworks: To comply with DORA, financial service organisations should establish clear governance structures for managing digital risks, ensuring that roles and responsibilities are defined at all organisational levels. Senior leadership must take an active role in overseeing the implementation of resilience measures. 
  • Conduct comprehensive risk assessments: Financial institutions must perform regular risk assessments to identify vulnerabilities in both internal systems and third-party services. These assessments should be updated regularly to reflect the evolving threat landscape and inform risk mitigation strategies. 
  • Develop incident reporting protocols: Institutions must create and formalise incident reporting protocols. This involves setting up processes for timely reporting of ICT disturbance, developing crisis management plans, and training incident management teams to ensure a coordinated response to mitigate impacts on operations. 
  • Strengthen cybersecurity and data protection: To meet DORA’s cybersecurity requirements, financial organisations need to invest in advanced security technologies, conduct regular security audits, and implement data protection measures that ensure sensitive data remains secure during operational disruptions. 
  • Implement regular testing and simulations: Regular resilience testing, including vulnerability assessments and scenario-based simulations, is essential. Institutions must run these tests periodically, address identified weaknesses and report the outcomes to regulators to demonstrate ongoing compliance with DORA’s requirements. 

What DORA Means for the Financial Services Sector 

DORA represents both a challenge and a significant opportunity for the financial services sector. The regulation provides a clear framework for enhancing operational adaptability, which will ultimately strengthen the stability of the financial system. While the cost of compliance and investment in technology and processes may be considerable, the benefits are far-reaching. 

Financial institutions that embrace DORA will be better prepared to handle disruptions, safeguard customer data, and maintain business continuity during times of crisis. By embedding resilience into their operations, financial services firms can build greater trust with customers, regulators, and investors. 

DORA also presents an opportunity for organisations to streamline their risk management processes, compliance and technology innovation, strengthen their cybersecurity frameworks, and improve overall operational efficiency.  

These regulations are critical in shaping the future of digital risk management in the financial services sector. As we continue to evolve in a digital-first world, DORA presents a unique opportunity. DORA is a chance to build stronger, more resilient organisations that are better equipped to face the future. 

  • Fintech & Insurtech

Related Stories

John Mutuski, CISO of Pipedrive,interrogates the idea that UK cybersecurity risks really are being “widely underestimated”.

Underestimated, under-mature, under fire? UK cybersecurity in the spotlight

John Mutuski, CISO of Pipedrive, interrogates the idea that UK cybersecurity risks really are being “widely underestimated”.

Read now
We speak to Piero Gallucci, Vice President and General Manager UKI, at NetApp, about the UK’s talent crisis, the impact of AI, and what to look for when building your tech workforce in 2025.

Q&A: NetApp’s Piero Gallucci on tech, talent, and cultivating the next generation

We speak to Piero Gallucci, Vice President and General Manager UKI, at NetApp, about the UK’s talent crisis, the impact of AI, and what to look for when building your tech workforce in 2025.

Read now
Vicky Wills, Chief Technology Officer at Exclaimer, looks at the technology trends set to define how CTOs will approach 2025 and beyond.

Rewriting the CTO Playbook: How innovation, security, and AI will shape 2025

Vicky Wills, Chief Technology Officer at Exclaimer, looks at the technology trends set to define how CTOs will approach 2025 and beyond.

Read now
Aaron Saxton, Director of Disruptive Learning at UA92, looks at how we can educate the next generation of tech sector talent.

Bridging the digital skills gap: How to prepare future-ready talent

Aaron Saxton, Director of Disruptive Learning at UA92, looks at how we can educate the next generation of tech sector talent.

Read now
Kennet Harpsoe, Lead Security Researcher at Logpoint, explores how false positive alerts can erode our security vigilance, and proposes a way to prevent them.

Alerts and AI: Why hyper graphs could hold the key

Kennet Harpsoe, Lead Security Researcher at Logpoint, explores how false positive alerts can erode our security vigilance, and proposes a way to prevent them.

Read now
From weather forecasts to healthcare, agriculture, scientific discovery and education, AI innovations deliver positive impacts. Dongliang Guo, Vice President of International Business, Head of International Products and Solutions, Alibaba Cloud Intelligence, explains how.

Tapping AI to advance social good

From weather forecasts to healthcare, agriculture, scientific discovery and education, AI innovations deliver positive impacts. Dongliang Guo, Vice President of International Business, Head of International Products and Solutions, Alibaba Cloud Intelligence, explains how.

Read now

Interface teams up with VISIONS; get your free VIP pass for the CIO + CISO Leadership Summit

Meet, greet, and learn from fellow IT professionals at VISIONS CIO + CISO Leadership Summit on the 28th to the 30th of April 2025. At the Allianz Stadium in London, you’ll discover the newest solutions and strategies on the market, while making meaningful connections with your peers.

Read now
Alicia Navarro, CEO and founder at FLOWN, looks at the changing nature of work, isolation, and how technology like body doubling can help.

Why modern work is failing us and how technology can fix it

Alicia Navarro, CEO and founder at FLOWN, looks at the changing nature of work, isolation, and how technology like body doubling can help.

Read now
Sudarshan Chitre, Senior Vice President of Artificial Intelligence at Icertis, looks at the potential for GenAI to unlock value from contracts.

Transforming contracts into strategic assets with AI

Sudarshan Chitre, Senior Vice President of Artificial Intelligence at Icertis, looks at the potential for GenAI to unlock value from contracts.

Read now

We believe in a personal approach

By working closely with our customers at every step of the way we ensure that we capture the dedication, enthusiasm and passion which has driven change within their organisations and inspire others with motivational real-life stories.

Get in touch