Home Finance It’s One Year Until DORA, but Financial Services Must Prepare Today

It’s One Year Until DORA, but Financial Services Must Prepare Today

by internationalbanker

By James Whybrow, Head of Financial Services, Software AG





As we make our way through the start of 2024, Europe’s financial organisations have less than a year to adapt, reform and get their houses in order. Why? By January 2025, financial institutions must ensure they comply with the Digital Operational Resilience Act (DORA) by demonstrating full visibility into their operations and how they ensure resiliency. Those who prepare and act early will be best placed to navigate these changes and emerge as industry leaders.

DORA is the latest addition to a series of ever-changing financial regulations, such as the Data Governance Act (DGA) and PS6/21 (“Operational resilience: Impact tolerances for important business services” policy statement). These directives aim to shore up security measures, data sharing and transparency in the European financial sector, particularly amidst the evolution of technologies and consumer habits. Working with these regulations provides the perfect opportunity to change financial operations for the better.

So, how do financial-services organisations ensure they are DORA-compliant by next January and gain the visibility and flexibility they need to show their operations are resilient and secure? The answer is integration.

The importance of resilience within DORA

Resilience being a crucial part of any business model is not a new concept. However, its importance has perhaps reached new heights in recent years. Increased supply-chain disruptions, natural disasters, cyberattacks, energy and cost-of-living crises, geopolitical conflicts and, of course, COVID-19 pandemic aftereffects have all combined to hit businesses like a tidal wave. As a result, some companies have been forced to adapt their supply relationships, ecosystems and, in some cases, their entire business models. By shifting their foci and budgets towards making processes resilient, business resiliency has become a major objective and metric of operational excellence.

In January 2023, the Digital Operational Resilience Act (DORA) came into force, giving European financial institutions only two years to comply. The Act aims to set higher standards for the financial sector’s digital operational resilience, focusing on security and business continuity. DORA will place financial organisations under increased scrutiny, with banks and technology providers legally bound to prioritise operational resilience and prove that their processes are up to scratch.

The Act plays into a wider need for improved defences against cybercrime and fraud. For instance, in the first quarter of 2023 alone, the United Kingdom lost more than £53 million due to internet-banking fraud incidents, with cyberattacks increasing by 38 percent in 2022. DORA will prompt financial organisations to step up their defences and increase their resilience against potential threats, which is vital in a world of ever-increasing financial crime—but this is easier said than done for a typically slow-moving industry.

The banking world is still playing catch-up

Siloed data, continued high levels of investment in new systems and legacy systems’ enduring importance make optimising operations highly challenging. Moreover, 32 percent of banks recently reported that they did not have an up-to-date, reliable IT- (information technology) asset inventory, while 37 percent of significant institutions under the European Central Bank’s (ECB’s) supervision reported a cyber incident in 2022. In fact, research has shown that finance is the second-least cyber-secure industry in the United Kingdom, with 305,785 data breaches in 2022 alone. The correlation between scattered IT systems and a financial organisation’s inability to protect itself from attack is clear.

Meanwhile, DORA is not the only regulation with which organisations need to comply. What makes these regulations increasingly complex is that their requirements often include considerations outside of any one company’s area of responsibilities or objectives. For example, as of January 2023, Germany’s Supply Chain Act—which a European-wide initiative will follow—requires risk analyses to be conducted on entire supply chains regarding compliance with human rights, fair labour practices and environmental-protection requirements.

It’s counterproductive to create a dedicated management system for each individual compliance topic (for example, quality, data security, environmental protection, etc.) since each system is based on the same components (processes, data, IT systems and more). An integrated management system that maps the various topics and looks for interdependencies or overlaps is more effective. This begins with a virtual “bird’s-eye view” of business processes, data, IT systems and responsibilities to define top priorities and Plan B scenarios.

Currently, many banks lack the visibility and transparency needed to ensure their operations are efficient and resilient and will satisfy the impending DORA regulation. As well as the issue of bringing together the right data at the right time to power effective decisions, a bank’s agility and speed of execution are also vital. Banks must be able to identify issues quickly, uncover the information required to correct them and apply remedies to ensure minimal disruptions to staff and customers. With clunky processes and siloed data, staff do not have the tools needed to deal with disruptions rapidly and effectively.

Unlocking DORA’s success 

When business leaders consider technological innovation, they often imagine introducing customer-facing solutions that attract, delight and retain consumers. However, equally impactful is the implementation of technology in the back office, which can make operations much more resilient and efficient. Properly understanding and managing risk, for instance, can be nearly impossible without advanced analytics capabilities and their resulting enhanced decision-making abilities.

By mapping all processes effectively in the back office and integrating all financial data, organisations can bring together different systems and applications and create a single, trusted data source to improve processes and satisfy regulations. A connected infrastructure allows financial services to meet customer demands, monitor operations in real-time and find ways to drive innovation and higher productivity. This level of integration and visibility is vital for large multi-national banks, allowing them to respond quickly to changing market conditions with their existing applications and datasets—regardless of how new or old they are, where they are hosted or who is using them. Consolidating data into a single cross-border platform avoids chaos, risk and rising costs.

As well as providing end-to-end visibility and governance across geographies, IT environments and complex business ecosystems, integration allows financial organisations to transform their digital offerings. They can create connected customer and employee experiences and enhanced B2B (business-to-business) interactions—all while minimising disruption and risk. Having this solid data foundation ensures the accuracy of mining and modelling processes, with financial organisations able to discover how systems and people are performing and learn from historical and real-time data to put insights into action. Whether the risks are “between the chair and the keyboard”, in the process landscape or at the disconnect of legacy systems and practices, this end-to-end visibility facilitates continuous process improvement through which banks can learn from mistakes and improve resilience.

Resilience and compliance go hand in hand

Ultimately, business-process management and integration are key to becoming DORA-compliant by January 2025. Financial institutions are held to the highest standards, and robust risk management, security and regulatory compliance are non-negotiable. Operational resilience relies on integrated applications that can improve financial organisations’ cyber defences and provide business value. The only way to identify and protect against threats and potential failures is to have a single pane of glass across a distributed technology landscape. This way, financial-services organisations can find the value trapped in their data and, crucially, satisfy regulations.


Related Articles

Leave a Comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.