Article
5 min read time
In 2018, TSB Bank had intermittent outages and glitches that lasted for about six months. The bank lost roughly £107 million, and many of its customers received terrible service during this period.
This, along with many other incidents, necessitated financial institutions to have better benchmarks to withstand tough technical and cyber incidents. This way, institutions will run effectively and satisfy their customers despite any issues they might face.
DORA was drafted for this purpose. The legislation will become active in 2025, and all European financial institutions have been buckling their belts to meet the compliance check.
This short article is an eye-opener if you are curious to know clearly what DORA is all about and how you can plan to comply with it as a digital asset firm leader.
What is DORA?
The Digital Operational Resilience Act (DORA) is a European Union statute that sets the standard for building battle-tested financial systems that can withstand technical and cyber risks to ensure uninterrupted business continuity.
The statute defines operational resilience as the ability of a financial entity to ensure integrity, reliability, and continued provision of financial services. That is, the extent to which a financial company’s systems are battle-tested against threats or glitches.
Of course, there has been a paradigm shift from traditional asset management to a digital one, and even top traditional financial institutions such as JP Morgan are adapting to it.
Meanwhile, a new tide presents new risks. The digital format of running financial institutions also comes with inherent risks in terms of technicality and cybersecurity. For example, the global Crowdstrike outage on June 22nd, 2024, affected HSBC, Metro Bank, and Virgin Money.
From a regulatory standpoint, various laws have provided for resilience, such as the Cyber Resilience Oversight Expectations (CROE), Critical Entities Resilience Directive, NIS 2 Directives, and similar regulations. However, DORA is positioned to serve as a consolidation, or a rather more specific version, of these laws.
The third preamble of DORA affirms interconnectedness among financial infrastructure providers and institutions. This law demands operational resilience from both players for overall efficiency.
Does DORA apply to your organization?
This regulation does not apply to everyone or every organization. For example, it does not expressly apply to SME insurance intermediaries and many others. Therefore, you need to be sure if it applies to you before preparing to comply with it.
Article 2, paragraph 1 of the state provided explicitly for the financial entities that must comply with the law:
authorized crypto-asset providers and issuers of asset-referenced
investment firms
payment institutions
management companies
ICT third-party providers
credit institutions
credit rating agencies
data reporting service providers
trading venues
insurance
trade repositories
institutions for occupational retirement
securitization repositories
crowdfunding service providers
account information service providers
managers of alternative investment funds
central securities depositories
administrators of critical benchmarks
How to Comply with DORA
DORA will be in operation from January 17, 2025. As a result, every affected financial entity in the EU must know how to comply with the law. Here are four cogent areas to look into:
ICT Risk Management
The law demands that financial entities be aware of the risks their operations can incur and manage them properly.
On this note, the Act expects a company to use infrastructure that can support the magnitude of its capacity. There have been cases of outage because a company’s infrastructure was not scalable enough for the growing number of users. These risks should have been preempted and managed beforehand.
Secondly, DORA demands that every institution draft its internal risk management policies where they will track and document how they are fixing discovered vulnerabilities.
Timely ICT-related Incident Reporting
If you want to comply with DORA, bear in mind that risky incidents must be communicated promptly. Create structures for effective public relations and communications in your organization.
According to the Act, companies owe this information-sharing duty to their customers and the appropriate regulators. This ensures that every stakeholder is aware of the issues going on.
Testing and Audit
ICT risks can be assessed and discovered ahead of time through various means. The Act expects companies to test their systems for proper functionalities rigorously.
This also includes stress testing to ensure companies are resilient enough to handle a gradual or sudden influx of new customers without breaking down.
More importantly, penetration testing and thorough audits are mandatory to create battle-tested systems.
Management of Third party Risk
An organization is only as strong as its weakest link. This also necessitates ensuring your third-party partners or integrations are not your weak links.
Particularly, it’s better not to rely on only one provider because your business will halt if your only third-party solution is down. This means your system does not have operational resilience.
It’s recommended you have two or more providers. On this note, Utila is a highly secure crypto wallet solution your organization can rely on. If you already use a third-party crypto wallet solution, we recommend also using Utila to strengthen your system and comply with DORA.
About Utila
Utila offers a secure, non-custodial, chain-agnostic, institutional wallet platform powered by MPC key management and a robust policy engine. We simplify digital asset management and crypto operations for institutions without compromising on security or usability.
Utila enables organizations of all sizes to securely manage digital assets across multiple blockchains, wallets, and users on a single platform, without any complexity. Trusted by industry leaders, Utila has secured over $9 Billion in transactions within a few months and is growing rapidly.
Get in touch with us today!
Explore more
Subscribe
Subscribe
for Utila news and insights
Thought leadership, product updates, and partnerships - delivered only when we have something interesting to share.
See how Utila fits into your stack.
Live walkthrough, no commitment.
Companies who trust our enterprise-grade governance, security, and operational control: