Understanding DORA: Building a compliant technology strategy

The Digital Operational Resilience Act (DORA) is a new regulatory framework on digital operational resilience in the EU that’s changing the banking and financial services landscape. DORA introduces new requirements in multiple areas, from risk management to testing, reporting, and third-party oversight. Naturally, compliance is mandatory.

The new regulations will be binding from Jan. 17, 2025. This means financial services organisations in the region have no choice but to action the new guidelines soon—or risk unwanted penalties.

It may seem like another administrative challenge in an already heavily regulated industry, but for forward-thinking organisations, DORA presents a valuable opportunity. Fully realising the benefits of this opportunity requires a technology strategy that weaves resilience into the fabric of an organisation—and therein lies the challenge.

The impact of DORA on finance organisations

The financial services landscape is becoming increasingly digital: Online banking, digital payment systems, and remote identity verification have transformed the sector. It’s unsurprising, then, that according to European Investment Bank research, 62% of large financial service firms took steps to improve digitalisation in 2022.

On one hand, this evolution is positive: With digital services comes added convenience and intuitiveness that can improve customer experience. On the other hand, digitalisation opens financial services organisations up to new and advanced cyberattacks.

Regulatory bodies in the EU must therefore work with organisations to strengthen security and combat this threat. This is where DORA comes into play.

DORA requires organisations to understand and demonstrate operational resilience in a transparent, measurable way. The specific requirements of the act place emphasis on robust risk management, regular testing, and continuous monitoring as key components of digital resilience.

The role of technology in supporting compliance

Successfully boosting operational resilience requires the right technology investments. As per the new guidelines, companies will need to be able to demonstrate:

• A centralised framework for enterprise-wide information and communication technology (ICT) risk management
• The ability to report ICT incidents in real time
• The ability to proactively manage third-party risks
• Regular testing to evaluate the effectiveness of measures to improve operational resilience
• The ability to easily share information between critical functions of the company responsible for provision of financial services

Many financial services organisations are already making strides in these areas—specifically when it comes to the topic of cybersecurity. According to ServiceNow and ThoughtLab research, two-thirds of firms in EMEA, Asia Pacific, and the United States have already made cybersecurity a top investment area. And approximately six out of 10 firms cite reduced costs and higher profitability as a result of risk management initiatives.

Despite this, there’s still work to be done. The same research shows 39% of financial services leaders see the lack of an integrated platform to view operational risks as a challenge to business resilience.

With DORA stipulating companies must proactively manage third-party risks, financial services organisations need to obtain a clear, unobstructed view of end-to-end operations. Only then can they spot and react to risks in real time.

How to implement the right technology

Achieving a holistic view and meeting the DORA requirements requires a well-thought-out platform approach. This platform should, at minimum, provide:

• Connected intelligent insights and data
• A backbone for informed decision-making, connected conversations, and operational resilience
• Clear information flow to enhance employee experience and customer experience

The best way to offer all of these features is through platform modernisation. It’s no longer feasible to operate on disparate legacy systems or outdated, manual processes. Any system that allows risks to fall through the cracks—whether due to human error or processing delays—risks efficiency and regulatory compliance.

A more resilient future with technology

Implementing a platform-based approach can help financial services organisations improve operational efficiency and stay flexible and compliant in the face of constantly changing regulations. By putting transparency and resilience at the forefront of the financial services agenda, DORA emphasises the need for this kind of technology.

It’s not a legislation to begrudgingly adhere to; it’s an opportunity for organisations in the sector to become more resilient. Organisations that recognise this will ultimately be successful when it comes to meeting the regulatory and operational requirements of the future.

Find out more about the technology solutions that can support operational resilience in financial services organisations.