Experts say DORA compliance not coming easy as more firms pass buck to IT providers
By 
Neil Hodge2025-01-23T15:28:00
New rules have come into effect across the European Union to promote better cybersecurity and IT resilience across the financial services sector, but experts warn that compliance is likely to be patchy and regulatory enforcement across the bloc perhaps even patchier.
The EU’s Digital Operational Resilience Act (DORA), which went into effect Friday, aims to strengthen financial services firms’ defenses against–and responses to–potential cyberattacks so that the sector (and not just individual institutions) remains robust and intact.
The regulation sets rules on information and communication technology risk-management, incident reporting, operational resilience testing, risk monitoring of “critical” third-party IT suppliers, and information and intelligence sharing with regulators. It also makes boards directly responsible and accountable for proper implementation.
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
PremiumTPRM critical as DORA, new FCA third-party engagement rules come into effect in 2025
New rules that push IT firms providing “critical” services to the U.K.’s financial sector to share more data about cyberattacks and resiliency measures have been welcomed by industry experts. However, concerns remain over how suppliers will be classified and how key data might be gathered and shared.
-
PremiumDORA set to enhance cyber resilience requirements for EU financial firms
The European Union’s Digital Operational Resilience Act, which is set to take effect next year, will require financial services firms to implement stronger measures to protect not only themselves from disruption caused by cyberattacks but also the sector as a whole.
-
News BriefTrump’s pivot on crypto leads SEC to seek settlement with Gemini
The Securities and Exchange Commission (SEC)’s pivot in favor of crypto took another step as the agency indicated it wants to resolve a long-standing lawsuit against the crypto exchange Gemini.
More from Regulatory Policy
-
PremiumRepublican-led SEC abandons climate rule; Dem commissioner calls move ‘unlawful’
The Securities and Exchange Commission’s Republican leadership is abandoning the climate-related disclosure rule package passed last year by Democrats, hoping that the courts will kill regulations already on life support.
-
News BriefFinCEN drops BOI requirement for U.S. companies, persons
The U.S. Treasury Department’s Financial Crimes Enforcement Network issued a final interim rule that eliminates beneficial ownership information reporting obligations for U.S.-based companies and persons.
-
News BriefTrump picks Fed vice chair of supervision, aims to roll back 2023 bank protections
Federal Reserve Board member Michelle Bowman has been nominated as the board’s vice chair for supervision, a position that oversees regulation of the nation’s largest banks.