Rinesh Patel, Global Head of Financial Services Industry at Snowflake, says finserv companies should be proactive in their approach to DORA
The Digital Operational Resilience Act (DORA) comes into force in January 2025, the EU’s upcoming regulation intended to boost the resilience of financial organisations against ICT-related incidents.
The upcoming regulation is expected to set an unprecedentedly high bar for operational resilience, which Rinesh Patel, Global Head of Financial Services Industry at Snowflake, expects “to spark a ‘ripple effect’ influencing future regulations worldwide.”
While DORA will necessitate change and cause challenges for FIs around resourcing investment, Rinesh notes the “long-term rewards around risk management and oversight of third-party service providers” it will also deliver to financial institutions (FIs).
Here, Rinesh outlines the impact DORA will have on the financial services industry, how FIs should prepare for it and how the regulation can help build a safer future.
DORA: Industry impact
The most significant hurdle for financial institutions when it comes to DORA is adapting to remain compliant, which they should be working towards now.
“Adaptation may involve significant investments in technology, resources, staff and time,” says Rinesh. “There will also be stricter requirements on managing risks associated with third-party ICT service providers, requiring additional due diligence.
“Despite the challenges, the benefits of the regulation will be significant. A proactive approach to ICT risks can lead to reduced cyber disruptions, faster recovery times and strengthened customer and investor confidence.
“DORA will also foster collaboration across the industry, requiring stakeholders to work together and share information, helping to develop a more secure foundation for new ideas.”
The first to get ahead of DORA, Rinesh explains, is for businesses to conduct an internal gap analysis to assess their current posture and highlight areas where they fall short. Organisations should also conduct regular risk assessments of internal business functions and develop contingency plans to deal with resiliency hiccups.
“While most financial organisations already work with third-party providers, current partnerships must be reviewed, and new steps taken before signing new deals,” adds Rinesh.
Organisations need to ensure their service provider has implemented plans to address pain points across all five DORA pillars.