DORA in practice: What really counts after the go-live
Customer Magazin NEWS 03/2025
With the Digital Operational Resilience Act (DORA) coming into force for institutions and financial service providers, the European Union has taken a decisive step towards harmonising and strengthening IT security and resilience requirements. It is now becoming clear what hurdles institutions have to overcome, which solutions have become established – and where challenges remain.
- Why DORA is more than just another set of rules
- Typical challenges during implementation
- 1. Organisation and Governance
- 2. IT Landscape and Interfaces
- 3. Service Provider Control and Third-party Risk Management
- 4. Reporting and Metrics
- 5. Test Procedures and Crisis Exercises
- Lessons learned and success factors: What has proven itself in practice
- 1. Early and comprehensive involvement of all stakeholders
- 2. Early Governance Decisions
- 3. Focus on Processes
- 4. Modular Implementation Approach with Prioritised Quick Wins
- 5. Establish Structured Third-party Risk Management
- 6. Utilising tests as a learning tool
- 7. Incorporate Resilience into the Corporate Culture
- Impact on Banks and Financial Service Providers
- Strategic Perspective
- Operational Perspective
- Technological Perspective
- Cultural Perspective
- Conclusion and outlook: DORA - from obligation to opportunity
Why DORA is more than just another set of rules
With the entry into force of the Digital Operational Resilience Act (DORA) for institutions and financial service providers, the European Union has taken a decisive step towards harmonising and strengthening IT security and resilience requirements. DORA formulates a uniform regulatory framework designed to ensure operational resilience – i.e. the ability to cope with IT-related disruptions and attacks.
For institutions, this means not only compliance, but also a significant change in how they deal with IT risks, service provider management and internal control systems.
Would you like to read more?
Already have an account? Then simply log in. New to Banking.Vision? Register now and enjoy free access to all content.
Related Collections
Digital Operational Resilience Act (DORA)
The Digital Operational Resilience Act (DORA) sets new standards for the digital resilience of financial service providers from 2025 onwards. Technical adjustments and far-reaching strategic and organisational changes are required to ensure protection against cyber risks and to meet regulatory requirements. In this series, our experts shed light on how companies can overcome these DORA challenges and which strategies are effective.
Finance, Risk & Regulatory Reporting
The financial world of the future requires smart, digital solutions. Complex industry-specific, business and regulatory requirements are accelerating the development of financial institutions to ensure consistency between regulatory reporting, risk management and financial controlling. These areas will no longer be separated in the future. Instead, they will be aspects of integrated bank management. Integrated, networked solutions and modern cloud services that reflect both the complexity of each individual topic and the consistency between topics will therefore be essential for managing a bank in the future. In our series ‘Finance, Risk & Regulatory Reporting’ we present the latest developments.