Article

Illustration of a solid chain with code written in the metal

Category: Expertise strategy

Digital Operational Resilience Act (DORA)

Here’s everything you need to know about the Digital Operational Resilience Act (DORA) which will apply from 17th January 2025.

The Digital Operation Resilience Act (DORA) is an EU regulation designed to improve digital operational resilience for a range of financial entities. Under DORA, financial institutions will be mandated to test, assess and ensure digital operational continuity, adopt robust security networks and respond swiftly to Information Technology (IT) incidents. Published initially in 2022, the regulations will apply from 17th January 2025. Let’s go through the ins and outs of DORA. 

Why do we need more EU regulation? 

The purpose behind DORA is to establish a collective regulatory framework that supports financial institutions and their third-party technology suppliers in mitigating IT risks. This more holistic approach standardises and harmonises existing EU regulations and legislation and helps organisations identify potential IT challenges that could impact millions of customers and the wider economy. 


 

Under DORA, if a financial entity does not comply with the regulations, they can face fines of up to 2% of their global annual turnover.

 


What sanctions does DORA involve? 

Under DORA, if a financial entity does not comply with the regulations, they can face fines of up to 2% of their global annual turnover. The fine given will depend on the severity of the violation and also the level of cooperation extended from an organisation to relevant authorities.

Third-party IT providers can also be fined up to $5 million if a breach of the regulations is founded, and again the amount will be dependent on the degree of cooperation demonstrated by the organisation and the severity of the issue.

The onus of reporting IT issues that present a risk is on financial institutions. If self-reporting has not been undertaken, this in itself can be considered a breach of the regulations and result in a fine. 

What banks need to do to be compliant with DORA  

There are four key aspects of DORA that banks need to be aware of to be compliant. Firstly, they will have to ascertain what their critical IT functions are and be able to map them. While financial institutions may have a good sense of what these are, DORA requires more in-depth reviews to be undertaken and documentation to be provided using standardised criteria.  

Secondly, these critical IT functions will have to be risk managed through the identification, mitigation and evaluation of the risks associated with them. This will involve stress testing, contingency planning and taking a more structured approach using specific criteria.

Illustration of a solid chain with code written in the metal

Third-party dependencies are another important area as the Act does not simply relate to financial institutions in the EU but also to third-party companies whose services are being utilised. This means that the risks associated with using companies such as data analytics or storage providers will also need to be managed and assessed.  

Finally, companies will have to establish a clear framework for how incidents such as cyber-attacks and IT disruptions are reported with an emphasis on promptness and consistency. This reporting element of DORA provides other financial institutions with the benefit of being aware of other critical events that may have a wider impact.


 

Companies will have to establish a clear framework for how incidents such as cyber-attacks and IT disruptions are reported with an emphasis on promptness and consistency.

 


The impact of DORA for consumers  

Consumers face substantial and multiple challenges if a banking system were to collapse as a result of an IT failure. Whether this impacts an important transfer, intercompany payment, property purchase or social welfare payment, the robustness of financial systems is critical to the everyday lives of most people.

DORA’s harmonised framework and in particular, the stress testing and contingency planning aspects of the regulations aim to prevent potentially significant and detrimental effects on consumers.

Conclusion

Because DORA effectively builds on existing best practices and regulations, preparing to become compliant should not present significant challenges. The real risk is to be complacent.

In the lead up to January 2025, financial organisations should map their end-to-end processes, take any remediation action, look for gaps in their systems and consider closely what they already have in place and what improvements can be made to become compliant with DORA. 

Ready to find out more?

Ask us how we can help you succeed.

Blog

Read more

left-arrow
right-arrow

Consultants around a meeting table discussing KYC cases
Expertise strategy
Risk & Compliance

The future of preventing Financial Economic Crime and the importance of KYC

Understanding KYC protocols, AML regulations, and broader financial crime trends is vital for maintaining financial integrity. This article discusses key developments in compliance, KYC, and AML.

Expertise strategy
Tech & Development

New EU Act on Artificial Intelligence

Learn the ins and outs of the world’s first comprehensive legal framework on AI, the new EU AI Act and its anticipated impact on businesses.

Illustration of a solid chain with code written in the metal
Expertise strategy
Risk & Compliance

Digital Operational Resilience Act (DORA)

Here’s everything you need to know about the Digital Operational Resilience Act (DORA) which will apply from 17th January 2025.

Expertise strategy
Risk & Compliance

Proposed Code of Practice on cybersecurity governance

Explore the UK Government’s latest draft on cybersecurity governance Code of Practice together with emagine’s expert, Trine Øksnebjerg.

A business consultant ready to give a presentation at work.
Expertise strategy
Strategy, change & transformation

Embracing change as an opportunity for growth

In this article, we outline the best practices when it comes to navigating organizational change, including how to tackle challenges and maintain a clear vision when unprecedented issues arise.

Modern business environment with a man and woman in front of window facing a city
Expertise strategy

People-centric leadership: Tips for fostering digital wellbeing at work

This article equips team leaders with strategies for fostering digital wellbeing in the workplace, empowering them to guide their teams through the challenges that come with prolonged screen-time, hybrid work, and other factors of digitalisation in a modern workplace.

Expertise strategy
Strategy, change & transformation

Empower your teams through strategic thinking

This article considers why strategic thinking is crucial to effective leadership and explores some practical ways for leaders at all levels to develop this skill.

Consultants and advisors i an office space seen from above
Expertise strategy
Trends

Insights into 2024 business trends

With 2023 behind us and eyes fixed firmly on what opportunities 2024 will bring, Gillian Whelan, Country Manager of emagine Ireland, outlines five trends that will affect businesses this year.

Female consultant standing and writing on a desk
Expertise strategy
Risk & Compliance

Steering AML challenges: Embracing technology for a seamless future

Discover how to navigate AML challenges with automated processes and fortify your organization’s integrity and operations.

Bestshoring
Expertise strategy

Poland: An AI Centre of Excellence

AI is reshaping industries globally, and Poland’s thriving ecosystem positions it as a leader in AI development. emagine’s Cloud Administrator explores why Poland is a powerhouse in AI.

Business consultants conducting a meeting
Expertise strategy
Managed teams & Service
Staff augmentation

Managed Resourcing Services vs. Traditional Staff Augmentation

In the ever-evolving landscape of business operations, companies are constantly looking for ways to optimise their workforce strategies. Explore the two popular approaches that have gained prominence: Managed Resourcing Services (MRS) and traditional staff augmentation.

Expertise strategy
Risk & Compliance

Programme Governance: Top tips for success

In this article, we share some tips to navigate the intricate landscape of orchestrating interconnected projects and activities within a strategic framework.

Project manager at a meeting with his team.
Expertise strategy
Projects & Implementation

What has changed in PMBOK 7?

PMBOK is regularly updated to accommodate new trends, best practices, and developments in the field. How much has it changed between editions?

A team leader in front of her team
Expertise strategy
Projects & Implementation

The importance of leadership skills in a Project Manager

Behind every successful project lies a competent and visionary leader. In this article, we delve into the undeniable importance of leadership within project management and explore how effective leadership can be the driving force behind achieving project objectives.

Advisory & Solutions
Expertise strategy
Strategy, change & transformation

Building your PMO – Influence and Position

There are a number of things to consider when introducing a PMO. The Project Management Office fails far too often because of the wrong approach, and it can only be successful in the long term if fundamental questions are considered at an early stage.

Doug Collyer is Country Manager in UK
Expertise strategy
Strategy, change & transformation

The Nordic way of working: how does it help emagine consultants optimise their clients’ operations and boost profits?

emagine’s Nordic way of working embraces different perspectives and approaches to solve challenges and power progress among our consultants. Learn how our experts and Nordic work style can optimise our client’s operations and profitability.

thre people in a amicable meeting
Expertise strategy
Staff augmentation

Good onboarding: Setting your external workforce up for success

Enabling new consultants seamlessly integrate into your organisation is critical to their success. To ensure a smooth onboarding process, it is essential to help them get started immediately. This article will guide you through the most critical aspects of getting a consultant to start delivering from day one.

External consultants at a meeting in the office.
Expertise strategy
Staff augmentation

4 signs you need an IT consultant

Are you wondering if your company could benefit from hiring an IT consultant? This article outlines four common signs that indicate you may need external expertise to manage change, mitigate risk, or meet tight deadlines.

Bestshoring
Expertise strategy
Nearshoring
Publications

The Ultimate Guide to Nearshoring

Get our ultimate guide on how your IT organization can tap into Polish IT talent. Download the e-book and read condensed knowledge, facts and cases about Nearshoring based on our 12 years experience. Download now and get it free.

Expertise strategy
Tech & Development

The Complete Guide to Migrating Monolithic Applications to Microservices on the Cloud

As organizations strive to deliver high-quality software and services at scale, many are turning to a microservices architecture as a way to break down monolithic applications into smaller, more manageable components.

Modern business environment with a man and woman in front of window facing a city
Expertise strategy
Staff augmentation

The Science behind hiring the top 10%

As a business and technology consulting firm, we live of our ability to recruit the very top talent for our business. In this piece, I would like to share our thoughts behind the approach we on emagine UK. We call it: The science behind hiring the top 10%.

Expertise strategy
Strategy, change & transformation

People hate change, so how do you best implement it?

Bringing in new technology, individuals, or new teams to work on a key project can feel like a threat to existing staff – but it doesn’t have to be that way if you manage change positively.

Expertise strategy
Strategy, change & transformation

Key Success And Failure Factors Of The PMO

In this article, we will delve into Project Management Office (PMO) overview, and we will help you decide if it may be convenient for your team to have a PMO.

IT professionals outside engaging in conversation
Bestshoring
Expertise strategy
Nearshoring

Poland, the IT hub of Europe?

Poland has become a European talent hub in technology and engineering, and European companies leverage polish talent coding skills for nearshoring projects. Learn why.

Business woman talking to two colleagues
Expertise strategy
Staff augmentation

Team extension: How to hire external consultants successfully

Hiring external consultants isn’t something you should treat lightly. Learn the most satisfactory way to leverage experts in your organisation. In this article, Senior Account Manager Jytte Raahede shares her tips on onboarding consultants successfully.

Four professionals sitting together in a positive meeting smiling
Bestshoring
Expertise strategy
Nearshoring

A short guide to succeeding with Nearshoring

For many companies, the decision to go nearshore is not an easy one. It’s a decision that requires a great deal of consideration – we know that because several of our current clients were also reluctant to go nearshore at first. Learn our tips on how to get it right.