ALEXANDRE VANDEPUT | Principal Consultant, Capco

The European Union (E.U.) wants to position itself as a world leader in digital innovation in the financial services industry. Subsequent to the digitalization of the provision of financial services to European consumers and businesses, new kinds of digital risks have emerged. 

To reach that set objective, the E.U. must make sure those key risks are properly controlled. DORA, which stands for Digital Operational Resilience Act, is the answer from the E.U. to the increasing use of ICT systems and third parties for financial institutions’ critical operations. 

This paper explores the key actions that financial institutions will have to undertake to comply with DORA guidelines. The emerging risks will require mitigations such as an appropriate ICT risk management framework, a robust incident management process including classification and reporting, a digital operational resilience testing program, as well as an end-to-end third-party management control framework.