The Digital Operational Resilience Act (DORA) Proposal was published as part of the European Commission Digital Finance Strategy (September 2020), which targets digital transformation risk mitigation through the application of prescriptive and consistent rules on digital operational resilience. It aims to converge to one unified approach across Europe, across regulators and across the financial services industry.
Whilst official regulation is still in draft form within Europe, there is an expectation from regulators on financial institutions to begin focussing on operational resilience. The December 2020 Statement issued by the European Central Bank (ECB) regarding supervisory cooperation on operational resilience focused on the following key points:
Operational Resilience is an existing key strategic theme across the financial services industry as well as wider across Information Communications and Technology companies providing services to financial services firms. To date, we have seen a number of Cloud providers publish their approach to Operational Resilience.
DORA will apply across the full financial sector, in addition to firms captured within the expanded regulatory perimeter under the term ‘critical ICT third-party service providers’. This will include services such as cloud resources, data analytics and audit.
While the act is currently still in draft and the final regulations are expected to be published by 2022, it is imperative for firms to start thinking and working on their operational resilience journey.
Download our high-level overview below, to help you understand the regulations and identify where to focus. EY has a track record of delivering operational resilience transformation projects and can help you evolve, grow and comply in this rapidly changing regulatory environment.
Don’t hesitate to get in touch if you have a question.