The ten key challenges of a successful compliance journey

In the past, regulators and supervisors focused on strengthening financial resilience in the financial services sector. The Digital Operational Resilience Act (DORA) creates a regulatory framework for digital operational resilience whereby all financial entities must ensure they can withstand, respond to, and recover from all ICT-related disruptions and threats.

Operational resilience requires a shift in your approach to risk management, from a focus on risk prevention and loss mitigation to a broader and proactive approach. The working assumption is that incidents will occur, and you must be prepared to deal with them. In doing so, you will ensure the continuity of core business activities and services.

Under DORA, financial entities will have to comply with five key pillars:

1. ICT risk management framework;
2. ICT incident management, including more streamlined reporting to the relevant authorities;
3. Digital operational resilience testing;
4. ICT third-party risk management, including an oversight framework for critical ICT third-party service providers operating at the EU level; and
5. Information-sharing arrangements on cyber threat information and intelligence.

The ten challenges presented in our latest whitepaper come from the main messages and testimonies of the conference ‘DORA Regulation: decryption, issues and sharing of experiences’.

These challenges are all avenues to help you prepare for the requirements of DORA. They constitute benchmarks that will need to be adapted to each business environment to make DORA an opportunity for financial services institutions, not an additional regulatory constraint.