menu close EventsNewsContact Us search close
Global Site close
  • Americas
  • Asia Pacific
  • Europe
  • Middle East and Africa
ArgentinaArubaBahamasBarbadosBoliviaBrazilCanadaCayman IslandsChileColombiaCosta RicaCuracaoDominican RepublicEcuadorEl SalvadorGuatemalaHondurasMexicoPanamaParaguayPeruPuerto RicoSaint MartinSurinameUnited StatesUruguayVenezuela
AfghanistanAustraliaCambodiaChinaHawaiiHong KongIndiaIndonesiaJapanMacauMalaysiaMaldivesMongoliaMyanmarNepalNew ZealandPakistanPhilippinesSingaporeSouth KoreaSri LankaTaiwanThailandVietnam
AlbaniaAndorraArmeniaAustriaAzerbaijanBelgiumBulgariaCroatiaCyprusCzech RepublicDenmarkEstoniaFinlandFranceGeorgiaGermanyGreeceHungaryIrelandItalyKazakhstanLatviaLiechtensteinLithuaniaLuxembourgMaltaMoldovaNetherlandsNorwayPolandPortugalRomaniaSerbiaSlovakiaSloveniaSpainSwedenSwitzerlandTajikistanTurkeyUkraineUnited KingdomUzbekistan
AlgeriaAngolaBahrainCôte d’IvoireEgyptGhanaIraqJordanKenyaKuwaitLebanonLiberiaMaliMauritiusMoroccoMozambiqueNigeriaOmanQatarSaudi ArabiaSenegalSierra LeoneSouth AfricaTanzaniaTogoTunisiaUnited Arab EmiratesYemenZimbabwe
Services
close Services
Tax
Services
Industries
close Industries
Industries
Insights
close Insights
Insights
About Us
close About Us
About Us
Careers
close Careers
Careers
EventsNewsContact Us
search close
ipad with pens

Ensuring digital resilience

Navigating the Digital Operational Resilience Act

Keegan Gwendu, Senior Manager, Risk Consulting and Rita Machado, Senior Consultant, Risk Consultant and Ashwariya Rastogi, Consultant, Risk Consulting
07/06/2024
ipad with pens
The financial sector's reliance on IT infrastructure has driven innovation but also exposed firms to cyberattacks and ICT failures. The Digital Operational Resilience Act (DORA) is a new European Union (EU) regulation. DORA aims to enhance security, strengthen operational resilience, and prevent cyber disruptions in the financial sector by mandating stringent governance, risk control, and Information and Communication Technology (ICT) practices.

Who will be impacted by DORA?

You will be impacted by this regulation if you: 

  • provide financial services to customers based in the EU 
  • provide ICT services to EU financial entities (even if it's through intra-group arrangements) 
  • act as technology providers to the financial sector.

DORA is a game-changing regulation with far-reaching consequences that will transform the digital resilience landscape. Estimates suggest that at least 22,000 entities across the UK and EU, including banks, insurers, service providers, fintech and technology companies fall under this scope.

What does DORA mean for you?

DORA introduces stringent requirements around ICT risk management, testing, and reporting, forcing businesses to examine their underlying systems and processes thoroughly and enhance them to meet the standards.

How can Crowe help?

Adopting DORA in a practical way can enhance your digital operational and cyber resilience cost-effectively, safeguarding you from disruptive cyber threats and ICT risks that could undermine your critical functions and services.

We have extensive experience in assisting organisations in implementing the risk and resilience requirements of regulators, enhancing their information and cyber security postures, addressing other EU regulations, and improving supplier risk management.

We can help you tackle these new regulations effectively and cost-efficiently by adopting a pragmatic approach that leverages the best elements of your existing resilience and risk approaches without creating an additional burden to business-as-usual teams.

Our approach is designed to tame the complexity of this substantial regulation, so that you can clearly understand what applies to you and identify the most practical and proportionate way to address DORA requirements. This enables you to focus on developing a resilient organisation that can navigate severe technology or cyber disruptions while achieving your goals.

Our key services

January 2025 preparedness: 

  • using an outcome-based gap analysis tool to identify your current position 
  • providing you with a practical and prioritised list of recommendations to address gaps 
  • helping you develop an executable tailored roadmap.

Targeted remediation: 

  • helping you address current gaps and any identified vulnerabilities in your resilience programme 
  • helping you develop an embedded robust IT supplier risk management framework 
  • creating and executing credible resilience-testing programmes 
  • enhancing your information and cyber security culture across the business.

Resilience programme health check: 

  • assessing the effectiveness of your resilience programme by reviewing its design, integration, and implementation as an enabler of resilience improvement.

Our Risk Consulting team applies a pragmatic approach that helps you to tame the complexity of DORA, meet its requirements in a practical and proportionate way that builds resilience. Please contact Keegan Gwendu or your usual Crowe contact for more information.

 

Contact us

Justin Elks
Justin Elks
Partner, Head of Risk Consulting
London
+44 (0)203 457 6660
Read full CV

Insights

UK Sustainability Reporting Standards
Important update on UK Sustainability Reporting Standards.
Operational resilience: what is it and why is it important
Do you know what’s operational resilience and the importance of it. Read our latest insight to understand the values it brings to businesses.
Five Golden Rules for value-building operational resilience
Golden rules to help firms maximise the value of operational resilience during the remaining two years of the transition period.

Related services

Risk Consulting - Financial Services