DORA – how quickly is the clock ticking

18 October 2023 | Knowledge, News

The financial sector has today fully embraced technology as a way to offer clients increased security, quality and convenience. Modern financial institutions are increasingly relying on digital technology, offering their clients services based on cloud computing, big data, blockchain, and artificial intelligence, often managed by external ICT companies. However, the surge in reliance on ICT systems, has seen a hand in hand exponential increase in cyber-attacks and consumer risk.

CERT Polska, the group set up to monitor and respond to major cyber incidents reported that in 2022  there had been 2944 incidents targeting banks, of which 21 were deemed serious, and a staggering 2813 incidents targeting financial market infrastructure. It seems that the surge in technology has come at a cost of an explosion in online crime and it’s likely that this pattern of behaviour will continue unless there are adequate safeguards implemented to fight back.

Who is DORA aimed at

DORA, the EU regulation for digital operational resilience of the financial sector, is designed to create a robust, homogeneous EU wide network, by laying down new regulations requiring ICT entities to provide security against cyber risk, whilst managing any cyber incidents in a consistent manner. DORA focuses mainly on players operating in this market, such as:

  • Credit institutions
  • Insurance companies
  • Payment institutions
  • Investment firms
  • Insurance intermediaries

DORA will also cover third-party ICT service providers and apply to the requirements of contracts between financial market entities and these providers. Thus, entities providing services to the financial market and using resources or networks in information systems for this purpose will have to adapt their activities and the terms and conditions of their contracts.

How long will it be before DORA enters into force

DORA is expected to fully enter into force by 17 January 2025, which is a closer than it may seem. Financial market participants and external ICT service providers should thus be carefully considering the steps they will need to take to come into line with these new requirements, and should already be considering:

  • Building or reviewing the quality of the governance framework related to ICT risks
  • Developing and implementing policies, procedures, protocols and tools to ensure ICT security
  • Adapting contractual terms and conditions

Given the potential scale of the transition, it is  clear that financial market participants should begin to implement DORA at soon as practicable. However, given that regulatory technical standards are still being developed to clarify many issues, it would be wise to plan any changes, seeking experienced advisors to assist along the way. But it seems that finally, the digital future is one step closer to being secured for business.

Source: Contact Online

Date: 5.10.2023

Questions? Contact us

Jan Ziomek

Latest Knowledge

A revolution in the existing rules for alternative investment companies (AICs)

With the adoption of the Warzywniak act, the lawmakers introduced both minor and significant changes to the regulations governing investment funds and the management of alternative investment funds, which had unfortunate consequences for the operation of AICs, the Polish capital market and the very institutions that create this market.

EU greenwashing ban moves closer

Customers, investors and business partners are increasingly interested in products and services that respect the environment.

Defence-side litigation finance

Third-party funding (TPF) has been used successfully in arbitration and litigation for many years, and in our experience, has recently been increasingly used by Polish companies.

First AI legislation in the US

President Joe Biden has signed an executive order on safe, secure and trustworthy AI, imposing a series of obligations on the AI technology sector based on the principles of transparent and responsible machine development.

Contact us:

Jan Ziomek

Jan Ziomek

Advocate / Partner / Head of FinTech / NewTech Sector Practice

+48 736 429 981