Takeaways From The EU’s Digital Operational Resilience Act (DORA)
Back in June, the European Union (EU) announced plans to launch a new regulatory bill that will require entities in the financial industry such as banks and wealth management organizations to expand their third-party risk management programs. The expansion of these programs includes a robust set of requirements for cybersecurity practices and ways they should apply to information technology providers and services. The title of this new regulation is being referred to as the Digital Operational Resilience Act (DORA).
The regulation has generated some mixed emotions from the financial industry due to the steep, short timeline that is in place against the financial institutions to meet the new requirements. Overhauls of internal systems and the establishment of new vendors can take months upon months to figure out. What does the Digital Operational Resilience Act cover exactly? Here is a brief overview.
Stronger Cybersecurity Standards
Although operational and financial resilience has been a hot topic for quite some time now, there has been a lack of uniform effort in terms of information and technology security across industries, especially financial institutions. This has resulted in many different approaches being taken by organizations that make the idea of national and international security a messy picture.
Back in early 2020, the European Systemic Risk Board (ESRB) expressed major concerns about the security of financial institutions digitally. These concerns showed and were followed up by the expression to consolidate third-party risk management practices and requirements. The growing fear of a large-scale financial event completely tanking the EU’s and global economy would be devastating. The number of cybersecurity threats is growing every day with new forms of phishing, identity theft, and ransomware emerging through poor vendor and organizational practices that don’t cover all the bases.
How Does The Digital Operational Resilience Act (DORA) Help?
The Digital Operational Resilience Act will focus on 20 types of financial entities within the EU. These types include payment processing firms, banks, credit card providers, investment firms, crypto providers, and so forth. If your business is associated heavily with finance outside just paying employees and bills, you will be affected in some form. Small and large financial firms and information security vendors will be included within the proposed guidelines while other firms will face less guidance from the new regulation. The Digital Operational Resilience Act will include different levels of regulation and timeframes based on the size and activity of the affected firm.
Regardless of the scale and volume of activity, every organization can expect some level of change in terms of technologies and processes to raise security and operational resilience during crises like COVID-19. Cybersecurity and third-party risk management providers have the software and personnel needed to help your firm meet the coming requirements.
Comments
Post a Comment