Digital Operational Resilience Act (DORA)

The ten key challenges of a successful compliance journey

  • Insight
  • 5 minute read
  • February 05, 2024

Ensuring cyber resilience in the financial services sector

Resilience is a challenge for financial services firms and the sector as a whole. Given the increase in cyber attacks and the interconnected nature of the financial system, the issue of resilience is now high on the corporate agenda. As financial services firms increasingly rely on information and communications technology (ICT) provided by third parties, European regulators are taking steps to ensure that the associated risk is managed effectively.

Operational resilience: a new approach to risk management

In the past, regulators and supervisors focused on strengthening financial resilience in the financial services sector. The Digital Operational Resilience Act (DORA) creates a regulatory framework for digital operational resilience whereby all financial entities must ensure they can withstand, respond to, and recover from all ICT-related disruptions and threats.

Operational resilience requires a shift in your approach to risk management, from a focus on risk prevention and loss mitigation to a broader and proactive approach. The working assumption is that incidents will occur, and you must be prepared to deal with them. In doing so, you will ensure the continuity of core business activities and services.

Under DORA, financial entities will have to comply with five key pillars:

  1. ICT risk management framework;
  2. ICT incident management, including more streamlined reporting to the relevant authorities;
  3. Digital operational resilience testing;
  4. ICT third-party risk management, including an oversight framework for critical ICT third-party service providers operating at the EU level; and
  5. Information-sharing arrangements on cyber threat information and intelligence.

The ten key challenges of a successful DORA compliance journey

The ten challenges presented in our latest whitepaper come from the main messages and testimonies of the conference ‘DORA Regulation: decryption, issues and sharing of experiences’.

These challenges are all avenues to help you prepare for the requirements of DORA. They constitute benchmarks that will need to be adapted to each business environment to make DORA an opportunity for financial services institutions, not an additional regulatory constraint.

DORA

The ten key challenges of a successful compliance journey

Contact us

Moira Cronin

Moira Cronin

Partner, PwC Ireland (Republic of)

Tel: +353 86 377 1587

Neil Redmond

Neil Redmond

Director, PwC Ireland (Republic of)

Tel: +353 87 970 7107

Pat Moran

Pat Moran

Partner, PwC Ireland (Republic of)

Follow PwC Ireland