Digital Operational Resilience Act (DORA)

Consumer protection and financial stability

The European Union uses legislation to promote a competitive financial sector that gives consumers access to innovative financial products, while safeguarding financial stability and consumer protection. This is essential because financial markets are increasingly dependent on ICT. For example, employees of financial service providers who work from home or remotely can access payment services and a wide range of complex financial services.

DORA 

To protect financial stability, the European Commission introduced the Digital Operational Resilience Act (DORA) in 2023. It is part of the Digital Finance Package (DFP), which includes a digital strategy, legislative proposals on crypto-assets and digital resilience, and a new strategy for retail payments.

The regulation consists of a set of measures designed to strengthen the digital operational resilience of actors in the financial markets, such as banks, investment firms, management companies, crypto-asset service providers, insurers and trading platforms. It builds on regulatory initiatives from various European supervisory authorities, including the European Central Bank.

New compliance obligations

Under DORA, organisations broaden their focus: the financial resilience of enterprises must not only be analysed, but also proven to be sufficient in cases of serious operational disruption.

Downloads

What you stand to gain

How we help you prepare

How can PwC help you?

Due to our broad experience regarding the interpretation and implementation of new regulations, our experts can help you to understand the new obligations and support you in the ICT transformation. Understanding the obligations  is key for a proper transformation, so we recommend:

• Performing a DORA readiness assessment and gap analysis to determine your current level of compliance and the most adequate path towards remediation.
  
• Directly work on acceleration of DORA compliance items you may have already identified, such as the (re) design of your ICT risk management framework and operating model, planning and executing operational resilience testing, accelerate your third party risk management efforts, or adjusting your current information sharing arrangements. This also includes leveraging -where applicable- your current compliance activities to minimize the efforts to ultimately achieve DORA compliance in a cost effective manner.
  

For more details on how the Digital Operational Resilience Act (DORA) helps your business continuity here.

Please don’t hesitate to reach us in order to discuss any of these matters. We’re happy to support you.