What is DORA?
The “Digital Operational Resilience Act”, commonly known as “DORA”, is a European Union regulation that aims to strengthen the digital operational resilience of the financial sector in a context of deep digital business transformation and an increased exposure to cyber and IT risks. The regulation came into force on 16 January, 2023 and will be applicable from 17 January, 2025 across all EU member states. Operational Resilience is a challenge for financial service firms and the sector as a whole. Given the increase in cyber attacks and the interconnected nature of the financial system the profile of digital operational resilience has been elevated significantly.
DORA introduces very specific and prescriptive requirements that are homogenous across EU member states. Organisations need to be able to withstand, respond and recover from the impact of ICT incidents, thereby continuing to deliver critical and important functions and minimising disruption for customers and for the financial system. This is only achievable by establishing robust measures and controls on systems, tools and third parties, by having the right operational continuity plans in place, while testing their effectiveness on a continuous basis. Five core pillars of the regulation play an important role: ICT risk management, management of ICT incidents, digital operational resilience testing, management of third parties and information exchange.
“Banks and insurance companies need access to an increasing volume of internal and external data.They have become increasingly reliant on information and communications technology third-parties. European regulators therefore want to take steps to establish the risk generated by these developments is managed effectively”
Karine Pariente, Partner, PwC FranceThe 10 key challenges of a successful compliance journey
The 10 key challenges presented below come from the main messages and testimonies of the conference “DORA Regulation: Decryption, issues and sharing of experiences” organised on 24 November, 2022 by PwC France and Maghreb.
These challenges are all avenues to help you prepare for the requirements of the DORA regulation. They constitute benchmarks that will need to be adapted to each business environment in order to make DORA an opportunity for financial services institutions, not an additional regulatory constraint.
Download the white paper
DORA: The 10 key challenges of a successful compliance journey
Contact us
Contact us
UK and Global Head of Risk Services, PwC United Kingdom
Tel: +44 (0)7710 058286
Shaun Willcocks
Global Risk Markets Leader, Global Internal Audit Leader, Partner, PwC Japan
Tel: +81 (0)90 6478 6991
Global Cybersecurity & Privacy Leader, PwC US; Cyber, Risk & Regulatory Leader, PwC US
Jennifer Ho
Asia Pacific, Mainland China & Hong Kong Risk Services Leader, PwC Hong Kong
Tel: +[852] 2289 2919
Dr. Robert Paffen
Global Risk Services Digital Leader, Germany Risk & Regulatory Leader, PwC Germany
