Regulation for Finance Sector to Launch in 2025, Institutions Must Ready for Tech Risk Compliance
Brussels, Belgium — December 14, 2024 — The European Union’s Digital Operational Resilience Act (DORA) will become effective on January 17, 2025, bringing substantial changes for financial entities and their key technology service providers. DORA aims to create a standardized approach to managing and reducing Information and Communication Technology (ICT) risks across the financial industry, bolstering the sector’s ability to withstand digital challenges.
The Joint Committee of European Supervisory Authorities (ESAs) has called on financial institutions and their ICT service providers to hasten their readiness efforts to meet DORA’s requirements by the deadline. The ESAs emphasize that implementation must be immediate, with no grace period, urging entities to adopt a comprehensive strategy to fulfill their obligations promptly.
Critical Steps for DORA Adherence:
- Gap Analysis and Resolution: Financial entities must swiftly identify and rectify any discrepancies between their current practices and DORA’s mandates.
- New Reporting Protocols: Institutions should prepare to meet novel reporting requirements, including submitting registers of ICT third-party provider contracts to authorities by April 30, 2025.
- ICT Incident Management: From January 17, 2025, financial entities must be ready to categorize and report significant ICT-related incidents.
The ESAs recommend that financial entities leverage insights from the 2024 trial exercise and consider the implementing technical standards (ITS) on information registers to meet these obligations effectively.
Oversight and Critical Provider Designation
Regulatory bodies are poised to oversee DORA compliance, with the initial designation of critical ICT third-party service providers expected in the latter half of 2025.
DORA represents a pivotal advancement in fortifying digital operational resilience within the financial sector, ensuring that financial institutions are better prepared to handle ICT risks and maintain uninterrupted essential services.
https://www.digital-operational-resilience-act.com
BLI Media Team