News
BUREAU VERITAS EXPERTS TO SHOWCASE TAILORED HSE SOLUTIONS AT DURHAM SUMMIT
DORA
News
NAVIGATING DORA: ENHANCING IT SECURITY AND COMPLIANCE IN THE EU FINANCIAL SECTOR
Aug. 13 2024
UNDERSTANDING THE DIGITAL OPERATIONAL RESILIENCE ACT (DORA) REGULATION
In the rapidly evolving financial landscape, the need for robust IT security has never been more critical. The European Union (EU) has recognised this and has taken a proactive step in enhancing the digital resilience of the financial sector with the introduction of the Digital Operational Resilience Act (DORA). Here we explore what DORA is, who is impacted and what it means for financial companies.
WHAT IS DORA REGULATION?
The Digital Operational Resilience Act (DORA) is a landmark regulation aimed at centralising and standardising IT security across the EU's financial sector. It defines the requirements for banks, insurance companies, and investment firms to ensure they can withstand, respond to, and recover from operational disruptions and cyber threats. While DORA shares some similarities with other EU directives like NIS2 and the Cyber Resilience Act, it has a unique focus on the financial sector. It is important for businesses to understand how DORA interacts with these other regulations in order to develop a cohesive compliance strategy.
WHO IS AFFECTED BY DORA REGULATION?
DORA's broad reach extends to a wide range of financial institutions within the EU, including banks, insurance companies and investment firms. The regulation applies to both large and medium-sized organisations, ensuring a consistent level of digital resilience across the financial sector.
ACHIEVING COMPLIANCE WITH DORA
Financial entities need to be aware of the DORA implementation timeline, with key deadlines that must be met to ensure compliance. Staying informed and proactive will be crucial for organisations to navigate the regulatory landscape. To ensure compliance, DORA introduces stricter enforcement mechanisms and higher penalties for non-compliance. National authorities can impose a range of sanctions, including fines of up to €10 million or 2% of total turnover for the most serious violations. Complying with DORA requires a comprehensive approach, including risk management, incident response, and robust security measures. Bureau Veritas supports with a range of services to help financial entities assess their readiness and implement the necessary controls to meet DORA requirements. You can download our practical guide to DORA here.
DORA'S IMPACT ON DIGITAL RESILIENCE
Pater Rogier, Principal Security Consultant for Bureau Veritas, said: “By centralising IT security standards and mandating stringent cybersecurity measures, DORA is expected to significantly enhance the digital resilience of the financial sector. This will better protect consumers, businesses, and the broader economy from the consequences of operational disruptions and cyber-attacks. “As an experienced compliance provider, Bureau Veritas is well-equipped to support financial entities in
navigating the complexities of DORA. With a deep understanding of the regulation and a comprehensive suite of services, we can help you achieve and maintain compliance, ensuring your organisation is prepared to withstand the evolving cyber landscape.”
Click here to view our full range of DORA support services.