Financial Services Ireland


Digital Operational Resilience Act (DORA) Proposal

Read more

The Digital Operational Resilience Act (DORA) Proposal was published as part of the European Commission Digital Finance Strategy (September 2020), which targets digital transformation risk mitigation through the application of prescriptive and consistent rules on digital operational resilience. It aims to converge to one unified approach across Europe, across regulators and across the financial services industry.

Whilst official regulation is still in draft form within Europe, there is an expectation from regulators on financial institutions to begin focussing on operational resilience. The December 2020 Statement issued by the European Central Bank (ECB) regarding supervisory cooperation on operational resilience focused on the following key points:

  • The importance of operational resilience and the ability of banks to recover from operational disruption
  • Recognition of activities undertaken by the industry to date, but acknowledging that more work is required to ensure resilience against operational disruption
  • The requirement to ensure banks are resilient to potential operational disruptions from all hazards, including severe but plausible cybersecurity incidents.
  • The ECBs commitment to working closely with the Fed and PRA to coordinate supervisory approaches

Operational Resilience is an existing key strategic theme across the financial services industry as well as wider across Information Communications and Technology companies providing services to financial services firms. To date, we have seen a number of Cloud providers publish their approach to Operational Resilience.

DORA will apply across the full financial sector, in addition to firms captured within the expanded regulatory perimeter under the term ‘critical ICT third-party service providers’. This will include services such as cloud resources, data analytics and audit.

While the act is currently still in draft and the final regulations are expected to be published by 2022, it is imperative for firms to start thinking and working on their operational resilience journey.

Download our high-level overview below, to help you understand the regulations and identify where to focus. EY has a track record of delivering operational resilience transformation projects and can help you evolve, grow and comply in this rapidly changing regulatory environment.

Don’t hesitate to get in touch if you have a question.

Sara Woods

FS Director, Technology Risk
Sara's Full Profile