The financial sector has today fully embraced technology as a way to offer clients increased security, quality and convenience. Modern financial institutions are increasingly relying on digital technology, offering their clients services based on cloud computing, big data, blockchain, and artificial intelligence, often managed by external ICT companies. However, the surge in reliance on ICT systems, has seen a hand in hand exponential increase in cyber-attacks and consumer risk.
CERT Polska, the group set up to monitor and respond to major cyber incidents reported that in 2022 there had been 2944 incidents targeting banks, of which 21 were deemed serious, and a staggering 2813 incidents targeting financial market infrastructure. It seems that the surge in technology has come at a cost of an explosion in online crime and it’s likely that this pattern of behaviour will continue unless there are adequate safeguards implemented to fight back.
Who is DORA aimed at
DORA, the EU regulation for digital operational resilience of the financial sector, is designed to create a robust, homogeneous EU wide network, by laying down new regulations requiring ICT entities to provide security against cyber risk, whilst managing any cyber incidents in a consistent manner. DORA focuses mainly on players operating in this market, such as:
- Credit institutions
- Insurance companies
- Payment institutions
- Investment firms
- Insurance intermediaries
DORA will also cover third-party ICT service providers and apply to the requirements of contracts between financial market entities and these providers. Thus, entities providing services to the financial market and using resources or networks in information systems for this purpose will have to adapt their activities and the terms and conditions of their contracts.
How long will it be before DORA enters into force
DORA is expected to fully enter into force by 17 January 2025, which is a closer than it may seem. Financial market participants and external ICT service providers should thus be carefully considering the steps they will need to take to come into line with these new requirements, and should already be considering:
- Building or reviewing the quality of the governance framework related to ICT risks
- Developing and implementing policies, procedures, protocols and tools to ensure ICT security
- Adapting contractual terms and conditions
Given the potential scale of the transition, it is clear that financial market participants should begin to implement DORA at soon as practicable. However, given that regulatory technical standards are still being developed to clarify many issues, it would be wise to plan any changes, seeking experienced advisors to assist along the way. But it seems that finally, the digital future is one step closer to being secured for business.
Source: Contact Online
Questions? Contact us