Why Flexibility is Key for the Upcoming EU DORA Regulation

Ever-increasing digitalisation is propelling the world of financial services to act faster and do more than ever before. One side effect of this is the increased risk posed by the failure of critical suppliers. This is the reason EU regulators have introduced the Digital Operational Resilience Act (DORA), which will implement uniform rules for financial entities on operational resilience throughout the EU.

Financial institutions, including trading venues, have until 17th January 2025 to prepare themselves for the implementation of the new requirements. An organisation’s ability to maintain flexibility in its operations will be key to meeting its compliance obligations. 

Understanding DORA

To ensure the operational resilience of digital service providers and financial institutions, DORA establishes requirements for cybersecurity, continuity of services, incident reporting and oversight. In effect, these rules are aimed at regulating the volatility of new entrants in the financial industry and help existing institutions develop robust risk strategies during digital transformation.

There are 5 main pillars:

• ICT Risk Management: Importance and strategies for robust risk management practices.

• Incident Reporting: Frameworks and benefits of timely and accurate reporting.

• Resilience Testing: Requirements for regular resilience testing and its impact on identifying and mitigating potential threats.

• Third-party Risk Management: Oversight and risk management for critical ICT third-party providers.

• Information Sharing: Enhances collaboration and sharing of threat intelligence among financial entities to strengthen overall resilience.

Challenges for Trading Venues

To meet these requirements, it is expected that some market financial infrastructures might face challenges in complying with DORA due to fragmented governance, business functions, processes and technology. Specifically, trading venues will need to instil proactive risk management practices, such as continuous threat assessments and environmental evaluations, to mitigate cyber-attacks and operational disruptions. Updated technology will help exchanges enhance their operational resilience, minimise downtime, and mitigate the impact of cyber threats and other disruptions.

Adapting to constant change

Embracing technological change means recognising that past solutions and processes may no longer be effective. DORA represents another evolution in improving our markets and organisations, driving progress and resilience. Taking a modern, flexible approach, will ensure ongoing alignment with compliance demands.