Digital Operational Resilience Act: What Compliance Officers Need to Know

What is DORA (Digital Operational Resilience Act)?

The Digital Operational Resilience Act (“DORA”) impacts financial sector entities in both Europe and the UK (as the UK government has indicated an equivalent of the EU’s planned legislation). DORA introduces new requirements around ICT risk management, ICT-related incident reporting, digital operational resilience testing and ICT third-party risk/oversight of critical third-party providers of ICT services. As a result, National Competent Authorities (“NCAs”) are now seeking to improve their understanding of ICT third-party providers across the financial sector. When DORA enters into application (currently expected to be in early 2025), it will require most financial sector entities to provide their supervisor, on an annual basis, with details of their contracts with third-party providers of ICT services. Based on this information and using specified criteria, the regulatory authorities will decide which third-party providers are critical and subject to the DORA oversight regime.

How we can help:

As a regulated financial services technology provider, AQMetrics will be subject to DORA and is currently partaking in the ESMA pilot DORA exercise. This uniquely places AQMetrics as a thought leader in how firms can best prepare for DORA in 2025. AQMetrics is currently working with select clients to assess and audit their ICT risk management, ICT-related incident reporting, digital operational resilience testing and ICT third-party risk/oversight of critical third-party providers of ICT services.

Watch our latest video to find out what compliance officers need to know about DORA, and how AQMetrics helps firms prepare for this new legislation.

Subject: DORA: What Compliance Officers Need to Know

Presenter: Claire Savage, COO & Head of Compliance, AQMetrics.

Want to find out more?

Contact AQMetrics today if you would like to be included in the AQMetrics DORA readiness assessment programme.