DORA: What you need to know about the Digital Operational Resilience Act
The Digital Operational Resilience Act (DORA) is a new regulation that will impact the financial sector. It aims to make the financial system more resilient to cyber threats and other operational risks.
What does DORA do?
​DORA establishes a governance framework for operational resilience. This means that financial institutions must have a board-level committee responsible for overseeing operational resilience. The committee must develop and implement an operational resilience policy, which should identify, assess, and mitigate operational risks.
DORA also requires financial institutions to oversee their third-party providers. This means that institutions must assess the operational resilience of their third-party providers and take steps to mitigate any risks.
DORA mandates operational resilience testing. This means that institutions must regularly test their ability to withstand operational disruptions.
What steps should financial institutions take to comply with DORA?
​Financial institutions should start by conducting a gap analysis to identify any areas where they need to improve their operational resilience. They should then develop and implement an operational resilience policy, which should include:
• A clear definition of operational resilience
• An identification of operational risks
• An assessment of the impact of operational risks
• A plan for mitigating operational risks
• A process for testing operational resilience
Financial institutions should also review their third-party provider relationships and take steps to mitigate any risks. Finally, they should develop and implement an incident management plan outlining how they will respond to operational disruptions.
DORA is a significant new regulation that will have a major impact on the financial sector. Financial institutions should start taking steps now to comply with DORA.