DORA 2025: Prepare your financial institution for a new era of digital resilience

Author of the article: JUDr. Jakub Dohnal, Ph.D., LL.M., ARROWS (office@arws.cz, +420 245 007 740)

In the digital age, cybersecurity is key. DORA brings uniform rules for the financial sector in the EU that will strengthen its resilience to cyber threats and ensure continuity of service even in the event of incidents. Failure to comply with these rules can lead to hefty fines of up to tens of millions of crowns and seriously jeopardise your institution's reputation.

1. What is DORA and who is affected

The Digital Operational Resilience Act (DORA) is a European Union regulation that came into force on 16 January 2023 and will be fully effective from 17 January 2025.

It aims to strengthen the digital operational resilience of the financial sector by introducing uniform rules for managing risks associated with information and communication technologies (ICT). The regulation applies to a wide range of financial institutions, including banks, insurance companies, investment firms and payment service providers, but also to their ICT service providers.

Imagine a situation where your financial institution faces a large-scale cyber-attack. Without adequate preparation, such an incident can lead to significant financial losses, reputational damage and loss of client trust. DORA provides you with a framework to effectively manage these risks and ensure continuity of your services.

2. Key requirements of DORA

DORA sets out several key areas that financial institutions should focus on:

• ICT risk management: institutions must put in place a robust framework to identify, assess and mitigate ICT-related risks. This includes regular systems testing, staff training and implementation of security measures.
• Incident reporting: In the event of significant ICT-related incidents, institutions are required to notify the relevant authorities and take measures to minimise the impact. Failure to comply with this obligation may lead to sanctions.
• Digital Resilience Testing: Regular testing of the resilience of systems to cyber-attacks is essential to ensure preparedness for potential threats.
• Third-party risk management: Institutions must carefully select and monitor their ICT service providers to ensure that they also meet the required security standards.

Failure to comply with these requirements can result not only in financial penalties but also serious damage to your institution's reputation. It is therefore essential to start implementing DORA measures as soon as possible.

3. How to prepare for DORA

As the effective date of DORA approaches, it is important to take concrete steps to ensure compliance with the new requirements:

• Analysis of the current situation: Assess your institution's current level of digital resilience and identify areas that need improvement.
• Implement new processes.
• Staff training: Ensure that all staff are aware of the new procedures and are able to respond effectively to any incidents.

Imagine if, by preparing and implementing DORA measures in a timely manner, your institution can successfully withstand a cyber-attack without disruption of services or loss of data. Such preparedness will boost your clients' confidence and increase your competitiveness in the marketplace.

Conclusion:

Don't wait until it's too late. Start preparing for DORA today and ensure your financial institution, including crypto-related service providers, is fully prepared to face the digital challenges of the future. Contact us for expert assistance with implementing DORA requirements to protect your business from potential threats.