In October 2020, the European Union (EU) published draft legislation to codify how financial firms manage digital risk. Announced as part of the EU’s new Digital Finance Strategy, the proposed Digital Operational Resilience Act (DORA) is designed to “consolidate and upgrade ICT [information and communications technology] risk requirements” across the financial entities to ensure all firms are “subject to a common set of standards to mitigate ICT risks.”
This broad set of rules could affect almost all corners of the financial sector in businesses large and small. For many firms, the proposed legislation may be less burdensome than current requirements and merely solidify current resilience efforts.
What is the Digital Operational Resilience Act (DORA)?
In February 2020 Europe’s systemic risk watchdog warned that a single cyber incident could lead to a systemic crisis that threatens financial stability. As financial firms rely more on their digital systems, the EU decided it should compel firms to ensure those operations are as resilient as possible.
The proposed act covers financial firms of almost all sizes across every sector of the finance industry, from credit…
