New EU regulation on digital operational resilience of financial institutions

DORA is the EU's flagship initiative on digital operational and cyber resilience in the financial services sector. The aim is to strengthen the resilience of institutions to the digital threats that will dynamically evolve and to minimise the vulnerability of business models. The Regulation therefore introduces a single set of regulatory and supervisory rules for operational resilience of information and communication technologies in the financial sector. Among other things, it requires financial institutions to invest significantly in improving their resilience to digital and cyber risks.


What does this mean for the entity and how can BDO help?

To comply with DORA, banks will need to have robust risk management systems and processes in place. 

  • We will conduct a GAP analysis of compliance with regulatory requirements
  • We will assist with aligning business strategy with cyber risk management and maintaining a comprehensive and effective risk management framework

The aim of DORA is to harmonise incident classification and reporting processes. Early detection of incidents and rapid response are essential. 

What can BDO help with?

  • We will suggest how to adapt to the new EU rules in terms of reporting and align internal processes in this regard to optimise resource allocation

What can BDO help with?

  • We perform vulnerability scanning and penetration testing. If necessary, we will perform robust business continuity and disaster recovery testing.
  • We will design and develop an appropriate solution, help with process integration and tool support to share information about these threats.

Banks should assess whether their response and recovery strategies and plans adequately address the enhanced risk management rules 

What can BDO help with?

  • BDO's cybersecurity services are based on leading practices and driven by global regulatory requirements.
  • As a result, we can provide our clients with a holistic solution to manage complexities within third-party ecosystems.

Main contact persons