What is the EU’s Digital Operational Resilience Act? DORA, explained

From CNBC: 2024-08-08 01:03:33

Financial services companies and their tech suppliers must comply with the EU’s Digital Operational Resilience Act (DORA) by January 2025. DORA aims to strengthen IT security and resilience in the face of cyberattacks. Major firms like JPMorgan and Visa have faced service outages, prompting a focus on third-party IT risk management.

DORA requires banks to enhance IT risk management, incident response, and third-party risk assessment. Firms must anticipate and mitigate service disruptions. The law also holds IT providers accountable, emphasizing the need for robust digital services delivery. Firms must comply with the regulations to avoid fines and penalties.

Failure to comply with DORA could result in fines of up to 2% of global revenues for financial firms and 1% for IT providers. Individual managers may face sanctions as high as 1 million euros. Compliance is crucial to avoid penalties, signalling the importance of cybersecurity and digital resilience in the financial sector.

Financial services firms and tech vendors are working towards DORA compliance, prioritizing operational resilience and risk programs. While progress is being made, there is still work to be done to meet the January deadline. With a shift towards harmonized governance programs, firms are striving to reach full compliance by next year.

Read more: What is the EU’s Digital Operational Resilience Act? DORA, explained