The financial sector has long been a key area of focus for regulators around the world, with operational resilience being a top concern. Recently, the European Union (EU) introduced the Digital Operational Resilience Act (DORA) to establish a comprehensive regulatory framework for the operational resilience of the EU’s financial sector.
The DORA will have a significant impact on financial institutions and their third-party service providers. To gain a better understanding of how DORA will impact third-party providers, we sat down with Gerd Hado, Director at Facilization for Business Development and Marketing, to discuss their perspective on the regulation.
Interviewer: What do you think are the benefits of DORA for the financial industry as a whole?
GH: The Digital Operational Resilience Act (DORA) aims at ensuring the operational resilience of the financial sector in the face of increasing digitalization and cyber threats. The DORA seeks to establish a harmonized framework for information and communication technology (ICT) risk management for financial institutions, including banks, investment firms, insurance companies, and trading venues.
The DORA is important for financial institutions because it requires them to assess and manage their ICT risks in a more comprehensive and proactive manner, ensuring that they are able to withstand and recover from cyber incidents and other operational disruptions. This will help to protect their customers, maintain market stability, and promote innovation and growth.
Interviewer: How do you think DORA will impact third-party service providers like Facilization?
GH: DORA has already had an impact on our business, as we work closely with financial institutions to provide them with the technology solutions they need to manage their operations. The regulation requires us to ensure that our products and services are compliant with the DORA framework, which means we’ll need to have a better understanding of the digital operational risks our clients are facing and how we can help mitigate those risks.
Interviewer: That makes sense. Can you give us some examples of how the DORA is affecting your company?
GH: Sure. As I’ve already mentioned one of the main challenges is ensuring that our products and services are fully integrated into our clients’ systems, as we’ll need to have a comprehensive understanding of their critical information systems and digital assets. This will require an ongoing coordination and communication with our clients, as well as a greater level of collaboration between our teams. Another challenge will be keeping up with the evolving threat landscape and adapting our products and services accordingly. Staying informed about emerging risks and vulnerabilities and be prepared to update our solutions to address these risks is vital within our industry.
Interviewer: How are you catering for or planning to address these challenges?
GH: We have already updated our internal processes to ensure that we’re compliant with DORA. This includes reviewing our information security management, which is based on ISO 27001, our own critical information systems, and digital assets, as well as reviewing and updating our risk management framework. We’re also investing in our internal training and education programs to ensure that all our employees are constantly aware of the new requirements and have the knowledge and skills needed to comply with them. In terms of keeping up with the evolving threat landscape, we’re working closely with industry experts and participating in various forums and working groups to stay informed about emerging risks and vulnerabilities. We’re also investing in research and development to ensure that our products and services are always up-to-date and able to address new and emerging risks.
Interviewer: What impact will the Digital Operational Resilience Act (DORA) have on business development?
GH: The DORA will have both positive and negative impacts on business development for companies operating in the financial sector, including third-party service providers. On the positive side, the DORA creates opportunities for companies that can provide IT solutions that meet the operational resilience requirements set out in the regulation. When the bank has a problem, it is a problem for all. The DORA also creates opportunities for consulting and advisory services that can help financial institutions navigate the new regulatory framework. On the negative side, complying with the DORA increases the cost of doing business for companies operating in the financial sector. Companies need to provision for investing in new technologies, security protocols, and testing procedures to ensure compliance with the regulation. This could lead to higher prices for their services, which may impact their ability to compete in the market. Overall, the impact of the DORA on business development will depend on how companies adapt to the new regulatory framework. Companies that can demonstrate their operational resilience and compliance with the DORA will have a competitive advantage, while those that fail to comply may face increased costs and a competitive disadvantage.
Interviewer: Thank you for your insights. Do you have any final thoughts on the DORA?
GH: I think that the DORA is an important step towards ensuring the operational resilience of the EU’s financial sector. As a third-party service provider, we welcome the increased focus on operational resilience and security. We believe that the DORA will help to raise the overall standard of IT solutions provided to financial institutions, and ultimately, benefit their customers. However, we also recognize that complying with the DORA is a significant challenge, and we will need to work closely with our clients to ensure that we meet their needs and the requirements of the regulation.