Tag Archives: financial regulations

DORA’s Impact on US Financial Institutions

Discover how the EU's Digital Operational Resilience Act (DORA) affects US-based financial institutions and their global stakeholders. Explore the requirements, risk management strategies, operational resilience testing, and information sharing aspects outlined by DORA, aiming to enhance cybersecurity in the digital finance landscape. Stay informed and adapt for a secure financial future in the evolving digital era.


There is no way of getting around it. Financial institutions, whether based in the US, Europe, or Asia, are affected by policies all over the world, and this includes the EU’s Digital Operational Resilience Act (DORA) which will be implemented as of January 17, 2025.  


Stakeholders Affected by DORA:


Numerous stakeholders within the market will experience effects from DORA. These include conventional financial sector players like credit organizations, trading platforms, clearinghouses, investment enterprises, UCITS management firms, managers of alternative funds (AIFMs), insurance firms, payment service providers, electronic money entities, along with providers of crypto-asset services (CASPs), creators of crypto-assets, and creators of tokens referencing assets.


Here is what you need to know if you are a US-based financial institution with subsidiaries or suppliers in the EU:


DORA’s Objective:


The purpose of DORA is to ensure that cyber threats are detected, prevented, and responded to. The act informs financial entities of what they must do regarding Information Communication Technology (ICT)-related Risk Management and Digital Operation Resilience Testing. In addition, it advises financial institutions on information sharing and how to prevent security breaches. 


Complying with DORA:

To meet DORA’s requirements, financial institutions need to create an ICT-related risk management program that takes into consideration the implementation of various measures. These include identifying, categorizing, and documenting critical functions and assets, whilst continuously monitoring all sources of ICT-related risks. Such criteria also require establishing a process to log all ICT incidents; determine major incidents according to the requirements in the regulation; and submit an initial, intermediate, and final report on the ICT-related incidents. 


Operational Resilience Testing:

So, what are some of the things to consider when it comes to Operational Resilience Testing? For all entities (including third-party service providers), ICT-related tools and systems need to undergo testing annually. Moreover, financial entities must implement counter-active measures once weaknesses, deficiencies, and/or gaps in ICT-related tools and systems are identified, so that if a cyber incident occurs the institution can address them efficiently and minimize potential damage and liability. 


Information Sharing:


Lastly, let’s talk a little bit about information sharing. For DORA to work to its full potential, financial entities are encouraged to share cyber threat information and intelligence with other financial entities and third parties, either by choosing to set a time when these exchanges occur or when new information arises. Furthermore, once the information is shared, the same entities should decide what actions to take in accordance with the designated authorities (for example, European Supervisory Authorities).

Compliance and Sanctions:


Having said all of this, it is important to mention that there are no criminal consequences for financial institutions that choose not to adhere to DORA. However, the act does require EU member states to implement appropriate sanctions and remedies for breaches.


The EU Council’s Perspective: 


Nevertheless, the EU council believes that adhering to DORA’s requirements will benefit financial institutions and their third-party suppliers, “…with the aim to ensure that the EU embraces the digital revolution and drives it with innovative European firms in the lead, making the benefits of digital finance available to consumers and businesses.” Cooperation among financial entities when it comes to ICT-related cyber incidents will push for better cybersecurity in general. This will create healthier financial and contractual relationships in the long term. 

Supply Chain Risk Monitoring as a Service
Join us today
Supply Chain Risk Monitoring as a Service
Join us today

Let's Tackle Compliance Together

Waitlist signup

Welcome to Findings

Let's go over some details to setup your tailor-made account


Please fill your details below and click "Next" to create your account:

Payment

Feature
Startup
Business
Enterprise
Price
$10 / Month
$10 / Month
$25 / Month
VDPaaS
Alerts
Assessments
Integrated Apps
API
Join today and scan ALL YOUR VENDORS for FREE*
* FREE VENDOR SCAN for all of your vendors during your first month.
Feature
Startup
Business
Enterprise
Price
$25 / Month
$200 / Month*
Contact Us
Free vendors scan for 1 month
Findings search engine
Rapid security and compliance profile
Profile/showcase engagements per year
5
40
Unlimited
Multi/unlimited showcase use cases
Showcase compliance badge for your website
Best practice self-assessment
1 Findings or 1 BYOC
Assessment response automation
Personalizable, branded security & compliance showcase page
File/evidence repository
OKTA
DKIM
Out-of-the-box TPRM
20 vendors +
20 rating scans
50 vendors +
50 rating scans
Support
Email
Priority via Phone / Email
Internal Workflows (SO/BO)
Onboarding and customization account setup
*Price for every 40 engagements
Automate assessment response and showcase your cybersecurity posture
Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!

Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!