ServiceNow’s Stacey Carr explains why the EU’s Digital Operational Resilience Act provides an opportunity to build resilience for forward-looking organisations.
The Irish banking and financial landscape is set to change with the introduction of a new regulatory framework for digital operational resilience in the EU, the Digital Operational Resilience Act (DORA).
DORA mandates additional criteria across various domains, including risk management, testing, reporting and third-party oversight. Additionally, it necessitates a robust information and communication technology management program overseen by the board and includes policies, procedures, systems and training.
The new regulations, effective from January 17, 2025, have wide-ranging impacts, encompassing approximately twenty different kinds of financial institutions, including banks, investment firms and those involved with crypto assets. Irish financial institutions must adopt the new guidelines before the given date or face potential penalties. The Central Bank of Ireland has set these penalties and are in line with GDPR fines, amounting to 2pc of their annual worldwide turnover.
DORA is much more than an additional administrative challenge in an already heavily regulated industry; it’s a valuable opportunity for forward-thinking organisations. But to reap the benefits, a technology strategy that incorporates resilience must be implemented.
DORA’s impact
Online banking, digital payment systems and remote identity verification have transformed the sector. According to European Investment Bank research, 62pc of large financial service firms took steps to improve digitalisation in 2022. While digitalisation brings added convenience and improved customer experience through digital services, it also exposes financial services organisations to various advanced cyberattacks.
In fact, SecurityScorecard reports that 78pc of Europe’s largest financial institutions experienced a third-party breach in the past year. Regulatory bodies in the EU are collaborating with organisations to enhance security measures as a defence against this danger – and this is precisely where DORA comes in.
DORA mandates organisations to maintain transparent and measurable operational resilience. Robust risk management, continual monitoring and regular testing are crucial components of digital resilience under this act.
How tech solutions help
To effectively enhance operational resilience, it is essential to make the appropriate technology investments. As per the updated regulations, organisations must be able to showcase:
- A centralised framework for enterprise-wide information and communication technology (ICT) risk management
- Report ICT incidents in real time
- Proactively manage third-party risks
- Regular testing to evaluate the effectiveness of measures to improve operational resilience
- The ability to easily share information between essential operations of the company providing financial services
Organisations in the financial services sector have already started making progress in these aspects, particularly with regard to cybersecurity. According to ServiceNow and ThoughtLab research, two-thirds of firms in EMEA, Asia Pacific and the United States have already made cybersecurity a top investment area. Around 60pc of companies report reduced expenses and increased profits as a result of their risk management efforts. However, there is still more work to do in this area.
According to the same study, around four in ten leaders in the financial services industry perceive the absence of an integrated platform that can provide a comprehensive view of operational risks as a hurdle to ensure business resilience. As per DORA’s regulations that require companies to actively manage third-party risks, financial services establishments must ensure a clear and unobstructed understanding of their end-to-end operations. This is the only way to promptly identify and respond to risks as they arise.
Implementing the right technology
Adopting a comprehensive platform strategy to meet the DORA requirements and achieve a complete view is essential. This platform should, as a minimum, provide:
- Connected data and intelligent insights
- Functionality that supports informed decision-making, connected conversations and operational resilience
- Seamless flow of information that enhances employee and customer experiences
Using disparate legacy systems or outdated, manual processes is no longer viable. Any system that exposes risks due to human errors or processing delays is at risk of reduced efficiency and non-compliance with regulations. Platform modernisation is, therefore, the optimal approach.
Enhancing resilience
Implementing a platform-based approach in the face of constantly changing regulations helps financial services organisations improve operational efficiency and remain flexible and compliant. DORA spotlights the need for technology of this kind by foregrounding transparency and resilience in the financial services agenda.
Adhering to DORA is not something to do reluctantly. It is a chance for organisations in the industry to enhance resilience. Those who do will ultimately succeed in meeting upcoming regulatory and operational needs.
By Stacey Carr
Stacey Carr is senior sales director for EMEA at ServiceNow, a cloud computing platform for manging digital workflows. She has more than 20 years of experience in financial services and is skilled in strategic business analysis, customer relationships, and business transformation.
Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.