Get Compliant Now – DORA
Today while addressing a number of people in the fintech and financial services arena, many in the room were scratching their head. After a moment, somebody asked ‘’You mean Dora the Explorer?’’
Very little is known about the Digital Operations Resilience Act, which has huge implications for fintech and financial services across the EU. This piece of legislation was adopted by the EU on 28th November 2022 and came into effect on 16th January 2023. It ensures that all data, security systems and controls meet the requirements of this new act.
Essentially, the DORA requirements force the fintech sector to introduce instant management processes, from incident detection to notification to management.
What this that financial services providers will have to beef up their basic standards of cybersecurity, cyber resilience and mitigate the impact of cyber incidents and attacks in a secure and timely manner. Financial institutions must also classify ICT related incidents and cyber threats based on the number and relevance of clients and counterparts affected, the length of time an incident took place, data losses, the geographical spread of the outbreak and the financial services affected. It also monitors the economic impact.
Many of us are familiar with the GDPR requirements faced by all organisations. Almost overnight, a new European authority, the European Supervisory Authority, will have a major role to play in incident management. It is understood that they have developed a draft regulatory technical standards, which will allow a criteria to determine when a major incident occurs in a sector.
Some commentators believe this is a massive game changer, and the first cybersecurity professional out of the starting blocks has been Paul C. Dwyer of Cyber Risk International, who has said; ‘’You risk 2% of your global annual turnover. You even risk criminal penalties. It came into effect on 16th January 2023, so it is in force now. The clock is ticking and you only have two years to be fully compliant. This is an amazing catalyst. A very positive initiative from the EU to increase the level of cybersecurity across the financial sector, not just in Europe and globally.’’
Therefore, all financial institutions need to immediately review their technical contracts with suppliers to ensure they meet the DORA mandatory obligations relating to managing incidents. The institutions need to review these contracts to ensure that their suppliers are all at one with that of this new EU directive.