DORA, which stands for the Digital Operational Resilience Act, is a regulation from the European Union aimed at making financial institutions more resilient to digital risks and cyber threats. It sets out rules and standards to ensure these organisations can withstand and recover from Information and Communication Technology (ICT) disruptions and cyber incidents. It aims to create a safer and more secure European financial sector by making sure that all financial institutions and their ICT providers (even if based outside of the EU) adhere to these standards.
Organisations need to:
DORA came into force in January 2023 with a full application of DORA requirements expected by January 2025. This includes defining and implementing necessary ICT risk management frameworks, policies, procedures, and reporting.
Dora never embarks on an adventure without consulting her map. Similarly, DORA mandates that financial institutions develop comprehensive ICT business continuity policies as part of their ICT risk management framework. These policies should include procedures for ICT project and change management to ensure system continuity and resilience.
Change management implications:
DORA places significant emphasis on the roles of executives and board members. The board of directors, referred to as the ‘management body’, is responsible for overseeing the entity’s adherence to digital operational resilience standards. This includes ensuring robust oversight, control, and input on policies and procedures, even within complex group structures. Board members must maintain and update their knowledge on ICT risks, necessitating regular, specific training to ensure they understand ICT security, the entity’s specific ICT risks, and the strategies in place to mitigate these risks.
Just as Dora uses her map to navigate through various challenges, financial institutions must integrate the following regulatory standards as a guide, to ensure smooth and secure operations.
Change management implications.
In Dora’s world, Swiper the Fox represents unforeseen challenges. For us, cyber threats are the “Swipers” we must guard against. DORA’s stringent security measures emphasise the importance of proactive defences. By implementing robust cybersecurity protocols, organisations can prevent malicious actors from compromising their systems, ensuring data integrity and operational continuity.
Change management implications.
Dora’s adventures are successful because of her collaboration with Boots, her trusted companion. Similarly, DORA compliance necessitates active engagement with stakeholders, including internal teams, partners, and regulators. Effective communication and collaboration ensure that all parties are aligned and committed to enhancing digital resilience, fostering a unified approach to compliance.
Change management implication:
Dora’s backpack is always equipped with essential tools for her journey. For financial institutions, DORA requires an array of tools and policies to ensure digital resilience. This includes updated ICT systems, robust incident response plans, and continuous monitoring mechanisms. Being well-equipped ensures organisations can meet regulatory requirements and swiftly address any disruptions.
Change management implications.
Each of Dora’s adventures concludes with a celebration of success. Achieving DORA compliance is a significant milestone that reflects a cultural shift towards prioritising digital resilience. Celebrating these milestones acknowledges the hard work and dedication of all involved, reinforcing the importance of continuous improvement and adherence to best practices.
Change management implications.
By adopting a holistic approach to change management, senior members of the financial sector can ensure not only compliance with DORA but also enhance their institution’s overall resilience and agility.
For more information contact Buki Obayiuwana or your usual Crowe contact.
Contact us
Insights