Platform
The Puzzel CX platform.
Packages
Our packages give you the flexibility to choose the right mix of channels, functionalities and tools.
Our CX platform
The CX platform that empowers your agents and delights your customers.
Individual products.
Contact Centre
Meet your customers where they are and resolve queries, faster.
Self-Service Automation
Boost efficiency and transforms the customer experience.
Workforce Management
Elevate team performance with simplified workforce management.
Case Management
Manage your customers’ messages in one place.
1555147698396-modified 1691431428167-modified
Supercharge your customer experience
Explore our CX platform..
Start now
Enhancing capabilities:
Training Optimisation Sales Intelligence
Industries
Public Sector.
Citizen Services
Transform the citizen experience
Local Government
Modernising citizen services for Local Governments
Public Housing
Delivering elevated tenant experiences
Financial Services.
Banking
Deliver powerful banking experiences for every consumer
Insurance
Build lasting policyholder relationships
Other verticals we support.
Retail
Elevate the shopping experience
Travel & Hospitality
Elevate every journey
Energy & Utilities
Empower your customers
Deliver elevated customer experiences
For your vertical.
Resources:
Ultimate guide to CCaaS Trust Centre
Customers
Resources
Blog.
Blog
The latest in CX solutions, tips and tricks and best practices
Featured content
The Ultimate Guide to CX & Contact Centre Solutions
Ebooks and Reports.
Whitepapers
A selection of resources to help CX leaders elevate the customer experience within their organisation.
Events and webinars.
Webinars
Expert insights for customer experience leaders
About
About us
Partners
Contact us
Help Center
Request quote
Book a demo
Platform.
All items
Platform.
The Puzzel CX platform.
Packages
Our CX platform
Individual products.
Contact Centre
Self-Service Automation
Workforce Management
Case Management
Enhancing capabilities:
Training Optimisation Sales Intelligence
Industries.
All items
Industries.
Public Sector.
Citizen Services
Local Government
Public Housing
Financial Services.
Banking
Insurance
Other verticals we support.
Retail
Travel & Hospitality
Energy & Utilities
Resources:
Ultimate guide to CCaaS Trust Centre
Customers.
Resources.
All items
Resources.
Blog.
Blog
Featured content
Ebooks and Reports.
Whitepapers
Events and webinars.
Webinars
About.
All items
About.
About us Partners Contact us Help Center
richard holland 1555147698396-modified
Join the 10.00 active users
and start improving your customer service now.
Start now
To blog overview
Financial Services
4 min read

What is the Digital Operational Resilience Act (DORA)?.

Scott Walker
Senior Account Executive | Finance & Insurance sector
DORA financial services providers

As the digital landscape continues to evolve, protecting systems against fraud and cyber threats becomes crucial. Recognising this, the European Commission proposed a new regulatory framework for digital risk management in the financial sector.  

Meet DORA, the Digital Operational Resilience Act, aiming to establish a framework for managing and preventing ICT risk for financial services providers. By 17 January 2025, financial entities and their critical third-party technology service providers must comply with these technical standards in their ICT systems. 

Here’s a breakdown of what DORA is and how it affects financial services providers in the EU.

The purpose of DORA

The financial sector increasingly relies on digital systems to deliver services, depending on ICT (information and communication technologies) tools. To prevent fraud and protect sensitive information, financial services providers need to ensure their digital solutions are safe and compliant. 

With DORA, the EU aims to establish a universal regulation framework to mitigate risks associated with cyber threats and operational disruptions within the financial industry. By setting clear standards for operational resilience, incident reporting, and cross-border cooperation, DORA aims to enhance trust, stability, and security in financial services across the EU. This framework is pivotal for financial sector digital resilience under DORA. 

What is DORA?

DORA, the Digital Operational Resilience Act, entered into force on 16 January 2023 and will apply from 17 January 2025, giving financial entities and third-party ICT service providers until then to comply with its requirements. Implementing Digital Operational Resilience Act compliance strategies is critical for meeting this deadline. 

The DORA regulation applies to financial services providers in the EU, including traditional financial entities like banks, insurance companies, and credit institutions, as well as non-traditional entities like crowdfunding platforms and providers of crypto-asset services. Notably, it also encompasses certain entities typically outside the scope of financial regulations, such as third-party service providers that supply financial firms with ICT systems and services, like cloud service providers and data centres. Understanding the EU DORA regulation impact on ICT providers is essential for these entities. 

Key components of DORA (Digital Operational Resilience Act)

The DORA regulation includes technical requirements across five key components:

  • ICT risk management and governance: DORA makes financial entities responsible for ICT management. Organisations are expected to define appropriate risk management strategies, actively assist in executing them, and stay current on their knowledge of the ICT risk landscape. Adhering to DORA ICT risk management requirements is a fundamental aspect of this component. 
  • Incident management, response and reporting: Financial services providers must set up an ICT-related incident management process and develop the necessary abilities to monitor, manage, log, classify, and report these incidents. 
  • Digital operational resilience testing: Entities must regularly test their ICT systems to evaluate the strength of their protections and identify vulnerabilities. Critical ICT systems and applications are required to undergo yearly testing, and certain financial entities must conduct advanced threat-led penetration testing at least once every three years.
  • Third-party risk management: Financial institutions are required to take an active role in and establish a strategy for managing third-party risk. They must also keep a record of all contractual agreements with ICT third-party service providers in a dedicated Register of Information.
  • Information-sharing arrangements: Financial institutions are permitted to establish processes for exchanging cyber threat information and intelligence and learning from these ICT-related incidents.  

It’s worth noting that key details of the DORA ICT risk management requirements are still under development by the European Supervisory Authorities (ESAs). The ESAs, which oversee the EU financial system, include The European Banking Authority (EBA), the European Securities and Markets Authority (ESMA), and the European Insurance and Occupational Pensions Authority (EIOPA). These standards are expected to be finalised in 2024. 

Why DORA compliance matters to financial services providers 

Compliance with the Digital Operational Resilience Act (DORA) is crucial for financial services providers across the EU. Here are some reasons why DORA compliance matters:

  • Enhanced cybersecurity: DORA focuses on preventing cyber threats within financial institutions. Implementing these standards enables firms to safeguard sensitive customer data and financial transactions from malicious attacks effectively.  
  • Customer trust and loyalty: Compliance with DORA can foster stronger customer relationships, as it ensures secure handling of customers’ data.  
  • Risk reduction: DORA emphasises proactive ICT risk management, obligating organisations to identify, assess, and mitigate risks associated with their digital operations. This approach reduces the likelihood of operational failures and financial losses due to ICT-related incidents.
  • Regulatory compliance: Compliance with DORA ensures adherence to EU regulatory requirements. Non-compliance can lead to fines and reputational damage.
Conclusion

DORA is a proactive step towards protecting the financial sector against the escalating risks of digital transformation, and preparing for DORA regulatory standards is essential. By leveraging Digital Operational Resilience Act compliance strategies and understanding the EU DORA regulation impact on ICT providers, financial institutions can navigate the complex landscape of digital resilience with confidence. Ensuring compliance with DORA ICT risk management requirements and preparing for DORA regulatory standards will be key to achieving robust financial sector digital resilience under DORA. 

By establishing clear standards for cybersecurity and operational resilience, it ensures that financial institutions can effectively handle cyber threats and operational disruptions. As the compliance deadline approaches, financial entities and their ICT service providers should begin their preparations immediately. Doing so will not only enhance their security but also contribute to a more stable and reliable financial ecosystem. 

Stay updated on the latest CX insights, events, and more