Experts say DORA compliance not coming easy as more firms pass buck to IT providers
By 
Neil Hodge2025-01-23T15:28:00
New rules have come into effect across the European Union to promote better cybersecurity and IT resilience across the financial services sector, but experts warn that compliance is likely to be patchy and regulatory enforcement across the bloc perhaps even patchier.
The EU’s Digital Operational Resilience Act (DORA), which went into effect Friday, aims to strengthen financial services firms’ defenses against–and responses to–potential cyberattacks so that the sector (and not just individual institutions) remains robust and intact.
The regulation sets rules on information and communication technology risk-management, incident reporting, operational resilience testing, risk monitoring of “critical” third-party IT suppliers, and information and intelligence sharing with regulators. It also makes boards directly responsible and accountable for proper implementation.
Related articles
-
PremiumTPRM critical as DORA, new FCA third-party engagement rules come into effect in 2025
New rules that push IT firms providing “critical” services to the U.K.’s financial sector to share more data about cyberattacks and resiliency measures have been welcomed by industry experts. However, concerns remain over how suppliers will be classified and how key data might be gathered and shared.
-
PremiumDORA set to enhance cyber resilience requirements for EU financial firms
The European Union’s Digital Operational Resilience Act, which is set to take effect next year, will require financial services firms to implement stronger measures to protect not only themselves from disruption caused by cyberattacks but also the sector as a whole.
-
News BriefSEC reportedly investigating MassMutual’s accounting amid ongoing government shutdown
Even though the U.S. federal government is currently shut down, the U.S. Securities and Exchange Commission appears to still be at work. The financial regulator is reportedly investigating a major insurance and asset management company over its accounting practices.
More from Regulatory Policy
-
ArticleNavigating HHS and FDA’s overhaul of the food and beverage industry
Under the Trump administration, the Department of Health and Human Services and the Food and Drug Administration have been hellbent on eliminating synthetic food dyes from food and beverage products, forcing a jarring and costly overhaul with cascading impacts on the operations of the entire industry.
-
PremiumU.K. FCA establishes framework for unlisted companies to trade shares on a ‘buyer-beware’ basis
Private companies that are keen to trade their shares but do not wish to become listed have gained another way to trade their shares. The U.K. government completed its initial review and published rules for the system in June.
-
ArticleDOJ is ramping up, not ramping down, health care fraud enforcement
While the Trump administration may have shifted away from pursuing small, white-collar, financial crimes, its focus on health care fraud cases is as hot as ever.