Skip to content
ABBL Logo
Switch to consumers
Sustainable Finance

The DORA era begins: Preparing for a resilient financial future

Published on 15 January 2025

As of 17 January 2025, the Digital Operational Resilience Act (DORA) takes effect in the European Union, marking a significant milestone in the financial sector’s journey towards enhanced cybersecurity and operational resilience. Since the first publication of the DORA proposal on 24 September 2020, the ABBL has been a driving force in supporting its members to navigate the complexities of this regulation, ensuring they are not only compliant but also strategically positioned to thrive in a more resilient digital environment.

Summary

    The significance of DORA and its objectives

    DORA is a comprehensive regulation aimed at ensuring the financial sector can withstand, recover from, and adapt to operational disruptions, particularly those stemming from ICT-related incidents. Its objectives include:

    • Establishing a uniform framework for digital operational resilience across the EU;
    • Enhancing transparency and accountability in ICT risk management;
    • Strengthening the ecosystem of financial entities, ICT service providers, and supervisory authorities.

    By setting clear standards, DORA seeks to bolster trust in the financial system while mitigating risks to stability and customer confidence.

    ABBL’s role in preparing for DORA

    The ABBL has played a pivotal role in DORA’s implementation, actively contributing throughout the legislative process on the draft regulation and the Level 2 regulatory work. The ABBL’s efforts included:

    • Advocacy and consultation: Engaging with EU institutions, CSSF, Luxembourg’s Ministry of Finance, the European Banking Federation, and beyond to ensure DORA’s requirements are realistic and achievable.
    • Guidance for members: Providing tailored resources, conferences, workshops, and working groups to help members assess and address compliance gaps.
    • Collaboration with stakeholders: Facilitating dialogue between national regulators and financial entities to align expectations and foster cooperation.
    • Mutualisation: Uniting key ICT service providers and financial institutions to streamline compliance efforts under DORA.

    Through these initiatives, the ABBL has empowered its members to adopt a proactive approach to DORA compliance.

    Alignment with other EU initiatives

    DORA aligns seamlessly with broader EU initiatives, such as the NIS2 Directive, which aims to strengthen cybersecurity across critical sectors. However, DORA serves as a lex specialis, meaning it takes precedence over general regulations in cases of conflict. This ensures that financial entities operate under a unified, sector-specific framework, avoiding regulatory overlaps and inconsistencies.

    Strategic advantages of operational resilience

    Beyond compliance, DORA offers strategic benefits to financial institutions:

    • Resilience as a priority: Compliance is essential, but resilience has a direct impact on business continuity and success.
    • Improved competitiveness: Being compliant signals robustness, making institutions more attractive to clients and partners.

    Automation in DORA compliance

    While some processes, such as third-party management and incident reporting, can be partially automated, achieving end-to-end automation remains a challenge. Institutions increasingly leverage technology to streamline compliance, but DORA’s complexity necessitates human oversight and strategic decision-making.

    Impact on cloud adoption

    DORA is likely to accelerate the adoption of cloud services in the financial sector. The regulation provides clear vendor management guidelines, enabling financial entities to engage with cloud providers more confidently. Vendors are also becoming more prepared, anticipating client requirements and aligning their offerings with resilience standards.

    Readiness of financial institutions

    The financial sector has dedicated substantial resources to DORA over the past few years, leading to significant improvements in compliance maturity. Institutions with strong governance frameworks are well-prepared, motivated by regulatory compliance and the intrinsic value of operational resilience.

    Key challenges in compliance

    The most significant challenges include:

    • Delays in RTS/ITS finalisation: Late finalisation of technical standards has compressed the timeline for implementation.
    • Complex process overhauls: Adapting multiple processes simultaneously, such as risk management and incident reporting, requires significant coordination and resources.

    Collaboration across stakeholders

    DORA has fostered unprecedented collaboration among regulators, financial entities, and ICT service providers. However, compressed timelines and the scale of required changes have posed coordination challenges for all stakeholders. The shared focus on resilience has driven constructive dialogue, but further efforts are needed to ensure smooth implementation.

    A piece of advice for financial institutions

    Stay compliant. Compliance with DORA is not just about meeting regulatory obligations; it is about embedding resilience into an institution’s DNA. Financial institutions need to use the momentum created by DORA to establish a robust operational resilience framework.

    The ABBL sincerely thanks Peter Haufs-Brusberg (J.P. Morgan SE – Luxembourg Branch) and Lars Weber (Spuerkeess), Head and Vice-Head of the ABBL Working Group “Trust and Cybersecurity,” as well as Ananda Kautz, Innovation, Payments and Sustainability – Member of the Management Board at the ABBL, for their invaluable feedback and leadership in driving the DORA discussion within the ABBL. Thanks also to all ABBL members who contributed to the advocacy work on DORA.

    Special thanks to Andrey Martovoy, Senior Adviser – Innovation & Digital, for his dedicated support and expertise.

     

    The ABBL will continue to guide its members through DORA implementation. Stay tuned!