"Cloud platforms, outsourced IT, and digital trading systems power day-to-day operations - but they also introduce serious risks. Cyberattacks, system failures, and supplier disruptions can trigger regulatory breaches, financial losses, and reputational damage. To strengthen the resilience of Europe's financial system, the EU introduced the Digital Operational Resilience Act (DORA), often called the DORA Directive. Although the UK is no longer part of the EU, DORA still applies to many UK firms."
"For many UK businesses, DORA is not an abstract EU regulation. It has extraterritorial reach. If a UK ICT provider delivers critical services to an EU bank, insurer, or asset manager, it may be considered a critical third party under DORA. Similarly, UK financial institutions with EU operations must align with the regulation. Even firms not directly covered will feel the pressure through contracts."
The Digital Operational Resilience Act (DORA) creates a harmonised framework for digital resilience across the EU financial sector, with prescriptive requirements in ICT risk management, incident reporting, resilience testing, third-party risk oversight, and information sharing. Compliance becomes mandatory for all EU-regulated financial entities and their ICT providers from January 2025. DORA reaches UK firms that provide critical services to EU banks, insurers, or asset managers and influences UK suppliers through contract clauses demanded by EU clients. The regulation raises compliance complexity, increasing obligations on testing, reporting, and third-party governance. Firms must assess exposure, update contracts, and build controls to avoid regulatory breaches and operational disruption.
Read at Business Matters
Unable to calculate read time
Collection
[
|
...
]