December 11, 2023
The Impact of DORA on the Financial Services Sector in the UK
In an era marked by rapid technological advancements, the financial services sector is undergoing a significant transformation. One of the latest developments poised to reshape the landscape is the Digital Operational Resilience Act (DORA).
What is DORA?
Introduced by the European Union and effective from January 17th 2025, DORA aims to enhance the operational resilience of the financial services industry and harmonise digital resilience in the European Union through the introduction of requirements on ICT risk management and ICT related incident reporting. If financial organisations do not adopt and align, they can face fines up to 1% of their average daily worldwide turnover in the previous business year. Providers can be fined every day for up to six months until they achieve compliance. In this blog, we delve into how DORA is set to impact the financial services sector in the UK and the solutions available.
Key Components of DORA:
ICT Risk Management
DORA emphasises the need for a robust risk management framework. All companies must take total responsibility for managing digital risks by implementing a governance and control structure. This framework must have a strategy based on risk tolerance that accounts for the recognition, prevention, and detection of risk and demonstrate the ability to respond to disruption, recover, and learn from incidents.
How MBA can help
MBA’s platform is designed as a unified system, to provide a single control point to manage and protect data wherever it is stored.
ICT-related incident reporting
DORA promotes sharing threat intelligence and incident data among financial entities and their third-party ICT service providers to enhance resilience. DORA requires companies to use a standard methodology for incident reporting and classification with criteria to determine the duration, impact and criticality of services affected, with significant incidents needing to be reported to regulators promptly. This collaborative approach strengthens the sector’s ability to detect, prevent, and respond to operational disruptions.
How MBA can help
Organisations can use MBA’s global visibility and policy management, API-first approach, and extensive integration/logging capabilities to support the classification and reporting of ICT-related incidents.
Operational resilience & testing
Companies should run comprehensive scenario testing of security and resilience, with the most important firms needing an independent tester performing advanced large-scale penetration testing every three years on critical functions and ICT providers.
How MBA can help
MBA’s platform enables organisations, as part of a broader ecosystem, to achieve resilience in disaster recovery scenarios, by embedding industry leading backup, recovery and core data-at-rest security functionality to support in the active discovery of data threats and audit failures. Organisations can also use policy automation to test and assure the operational resilience of capabilities and functions of their backup data included in the ICT risk management framework.
Third party risk management
DORA highlights the importance of comprehensive supply chain management. Financial entities must assess the resilience of their third-party ICT service providers and ensure their compliance with DORA requirements. To help avoid systemic economic disruption, companies must monitor risk from technology providers throughout the relationship, using appropriate third-party risk management practices.
How MBA can help
To help support a more effective approach to 3rd party risk management and assessment, customers can inspect data stored within the MBA platform, to identify risks concerned with sensitive data discovery, data classification analysis. Additionally, organisations can leverage MBA’s threat hunting capabilities, identifying risks pertaining to IOC’s and ransomware malware, immediately flagging any finds into the wider risk management platform ecosystem, for better understanding and coverage as part of an overall ICT risk management strategy.
Intelligence sharing
Organisations are encouraged to participate in exchanging cyber threat information and intelligence within trusted financial-entity communities to enhance the industry’s digital operational resilience.
How MBA can help
Through a unified visibility framework and an extensive API first design, MBA can help support the requirement to share threat information discovered and monitored by the platform, to 3rd party tools and reporting systems, allowing organisations to share data on threat information (as it relates to ransomware discovery, IOC threat hunting and threat monitoring) with other trusted financial entities.
Impact on the UK Financial Services Sector:
There are a number of ways in which DORA could impact the financial services sector, including:
- Enhanced Resilience Measures
DORA will drive financial institutions in the UK to fortify their operational resilience measures. This includes investments in advanced cybersecurity technologies, redundancy in critical systems, and the development of comprehensive incident response plans. - Competitive Advantage for Compliant Organisations
Organisations that successfully implement DORA’s requirements could gain a competitive advantage. Customers and stakeholders are likely to favour financial institutions with robust operational resilience measures, viewing them as more trustworthy and secure. - Collaboration and Information Sharing
DORA’s emphasis on incident reporting and communication fosters a culture of collaboration and information sharing within the financial industry. This collaborative approach is crucial for addressing emerging threats and strengthening the overall resilience of the sector.
Summary
As the financial services sector in the UK adapts to the evolving regulatory landscape, DORA stands out as a key driver of change. While compliance could present challenges, the long-term benefits of enhanced operational resilience and a more secure financial ecosystem are likely to outweigh the initial investment. Financial institutions that embrace DORA and proactively invest in their operational resilience will not only meet regulatory requirements but also position themselves as leaders in a rapidly evolving digital landscape.
Technical advice and support from a knowledgeable and stable partner is crucial to successfully implementing the tools to complying with DORA. If you would like to understand how MBA can help you comply with DORA, click here.