Back to Blog

The EU’s DORA (Digital Operational Resilience Act) Increases Demand for Operational Resiliency from Firms

James Greenway, Business Development Director at Portfolio BI explores DORA in further detail and outlines what the new legislation will mean for firms operating in the alternative investment space. 
James Greenway
divider round bottom

On January 16th 2023, the European Union (EU) regulatory framework entitled the Digital Operational Resilience Act (DORA) came into place. The rules and policies laid out within the Act will apply for financial services firms from January 17th 2025.  

James Greenway, Business Development Director at Portfolio BI explores DORA in further detail and outlines what the new legislation will mean for firms operating in the alternative investment space. 

 

What is DORA?

DORA was created by the EU with the intention of improving the way that financial institutions manage data, so that they are more resilient against ransomware and other cybersecurity threats. 

Prior to DORA, financial firms were only required to manage operational risk in terms of capital. However, this does not include the components of digital risk that firms can face. DORA specifically recognises the capacity for a cyber-attack to jeopardise the soundness of a company’s entire technical framework. As firms operate in an increasingly digital space, the EU designed the rules laid out in DORA to be specifically related to ICT incidents.  

These include the protection, detection, containment, recovery and repair of operational capabilities. The new legislation explicitly refers to the importance of managing ICT risk management, incident reporting, resilience testing on operational structures and how a company manages third party risk. 

 

The five pillars of DORA are:

- Information and communications technology (ICT) risk management,

- Third-party risk management,

- Incident reporting,

- Digital operational resilience testing, and

- Information sharing.  

The five pillars arguably makes the legislation one of the most far-reaching pieces of regulation enacted, meaning a significant change in approach for some firms . 

 

The UK leads the way

The FCA and the PRA set out their operational resilience policy in March 2021 so have been leading the way in these matters for some time. As early as 2022, they issued  a UK bank with a £60M fine following an operational resilience incident. DORA continues to build on this framework in the sense that it is also aimed at managing systematic risks posed by “critical third parties”.

 

Operational resilience as a key business priority in 2024

With both the EU and FCA focussing on operational resilience, firms need to ensure that they are ready for the regulatory demands set out by both regulators. We are already over one year into the DORA’s two year transition period. With this in mind, 2024 will be a year whereby firms need to prepare and implement adequate changes to their operational and regulatory reporting structures to ensure they are compliant with EU law.

 

How can firms prepare for DORA?

 Whilst preparing for DORA can seem like an overwhelming task, there are several things that firms should be considering as part of their preparation for the Act’s implementation. These include:

- Carrying out an assessment of suppliers and providers in your business model which could have impact on your BAU.

- Running a detailed risk assessment, documenting operational and technology factors which have impact on your ability to adhere to DORA and how this could affect underlying clients.

- Considering the role of technology within your firm’s infrastructure, with required regular and ad-hoc auditing of your workflow to capture risk factors.  

While DORA does not require you to establish a better technology footprint internally, having the technology to assist with the considerations above would be best practice and help reduce costs in the medium/long term.

At Portfolio BI, we work with clients globally and have an innate understanding of different market regulatory frameworks and changes. Our software supports our client’s business needs, whilst enhancing their operational resilience and ensuring they remain compliant from a regulatory perspective. If you would like to learn more about how we can support you with implementing changes set out in DORA, contact us today. 

 

References

https://www.bankofengland.co.uk/news/2022/december/tsb-fined-for-operational-resilience-failings

Share on social media: 

More from the Blog

Data: Navigating the Private Credit Space

As part of our ongoing ‘It’s all about data’ series, I am exploring the many challenges that the Private Credit space faces. When it comes to the management of data itself, I find this one of the most challenging to write, because the data challenge for Private Credit managers is one of the hardest to address.

Read Story

How fund managers can succeed within the ever more competitive private credit market

We know that the private credit market is receiving a lot of attention right now. Potential benefits of a growing market include higher yields and diversification. However, the industry also comes with its fair share of challenges. Understanding and navigating these challenges is crucial for fund managers looking to make the most of the many opportunities within this sector. 

Read Story

Portfolio BI continues its next phase of growth with appointment of William Ercolano as CTO

Portfolio BI, a leading provider of SaaS and management support solutions to the alternative assets community, this week announced the appointment of William Ercolano to the role of CTO.

Read Story