Snowflake: How Finserv Organisation Should Approach DORA

The Digital Operational Resilience Act (DORA) comes into force in January 2025, the EU’s upcoming regulation intended to boost the resilience of financial organisations against ICT-related incidents. 

The upcoming regulation is expected to set an unprecedentedly high bar for operational resilience, which Rinesh Patel, Global Head of Financial Services Industry at Snowflake, expects “to spark a ‘ripple effect’ influencing future regulations worldwide.”

While DORA will necessitate change and cause challenges for FIs around resourcing investment, Rinesh notes the “long-term rewards around risk management and oversight of third-party service providers” it will also deliver to financial institutions (FIs). 

Here, Rinesh outlines the impact DORA will have on the financial services industry, how FIs should prepare for it and how the regulation can help build a safer future.

DORA: Industry impact 

The most significant hurdle for financial institutions when it comes to DORA is adapting to remain compliant, which they should be working towards now. 

“Adaptation may involve significant investments in technology, resources, staff and time,” says Rinesh. “There will also be stricter requirements on managing risks associated with third-party ICT service providers, requiring additional due diligence.

“Despite the challenges, the benefits of the regulation will be significant. A proactive approach to ICT risks can lead to reduced cyber disruptions, faster recovery times and strengthened customer and investor confidence. 

“DORA will also foster collaboration across the industry, requiring stakeholders to work together and share information, helping to develop a more secure foundation for new ideas.”

The first to get ahead of DORA, Rinesh explains, is for businesses to conduct an internal gap analysis to assess their current posture and highlight areas where they fall short. Organisations should also conduct regular risk assessments of internal business functions and develop contingency plans to deal with resiliency hiccups. 

“While most financial organisations already work with third-party providers, current partnerships must be reviewed, and new steps taken before signing new deals,” adds Rinesh.

Organisations need to ensure their service provider has implemented plans to address pain points across all five DORA pillars. 

“The most reliable service providers will enable customers to mobilise their data with near-unlimited scale, concurrency and performance while keeping the organisation's data secure,” says Rinesh. 

“DORA offers a welcome opportunity for financial service organisations to rethink their cloud and data strategies, ensuring they can efficiently shift data and workloads to avoid downtime or outages and improve resilience.”

Communication is also key, according to Rinesh, who says financial organisation leaders should work closely with providers to maintain an open dialogue with regulators. 

“This dialogue is a positive step for the industry, meaning that third-party providers can work together to meet requirements in a robust, compliant way, protecting data at all costs,” he continues.

“Businesses will need to develop a compliance roadmap that prioritises actions, sets realistic timelines and assigns resources to get ahead of the regulation coming next year.”

Building a safer future with DORA

The most crucial element for financial institutions is to start implementing these measures now, putting them ahead of schedule so they are in the strongest possible position to navigate upcoming changes. 

Rinesh concludes: “Once DORA comes into force, all regulated customers will need to comply with requirements and have an ICT risk management framework in place, conduct regular penetration testing and vulnerability assessments, and maintain robust business continuity plans. 

“Overall DORA will enable businesses to shine a light on the risks they face and pave the way for a safer, more efficient global financial system. 

“But, only if business leaders take a proactive approach, engaging with the challenges and opportunities offered by the regulation and preparing for a future of increased cooperation and knowledge-sharing across the industry.”

**************

Make sure you check out the latest edition of FinTech Magazine and also sign up to our global conference series – FinTech LIVE 2024. 

**************

FinTech Magazine is a BizClik brand.