Top Hurdles to DORA implementation
The Association for Financial Markets in Europe (AFME), has released its latest publication on DORA (the EU’s Digital Operational Resilience Act).
This milestone regulation on risk management for financial entities is coming into effect on the 17th January 2025. With various Level 2 instruments not due to be finalised until late in 2024, industry is under severe pressure in ensuring that the operational uplifts are securely in place.
This paper sets out the scale of the challenge for banks, highlighting the 5 top issues which are currently being grappled with, as part of preparing for DORA. It is clear that a proportionate and risk-based approach to enforcement and supervision will be needed, certainly during the initial phases of implementation.
The report also shows that in many instances, banks are having to establish new systems and frameworks, often through manually intensive processes. This can be seen for example with the incoming Registers of Information, despite the overlap with existing outsourcing registers. At times, the ability to finalise such remediations depends on the willingness of third-party providers, who are themselves out of scope of DORA.
Looking forward, it is critical that the ESAs not only finalise as soon as possible the remaining regulatory standards, but proactively plan ahead and set out a timeframe for rationalising the regulatory burden on firms, in particular removing the incoming duplication with existing EBA requirements.
For further information please contact the Tech&Ops team.