Adele Turner: The Digital Operational Resilience Act—DORA—is the world's most expansive digital risk regulation for financial services. It uplifts many of Europe's existing rules and guidelines to ensure financial institutions can withstand, respond to, and recover from all types of ICT-related disruption and threats.
Compliance isn’t optional. Every firm with cross-border operations in the EU must act. You need to enhance your technology and cyber resilience and put ICT risks high on the agenda of your board and executive committees. You’ll need to invest significantly in threat-led penetration testing capabilities and outsourcing arrangements as well as ongoing monitoring and reporting third-party usage, cyber threats and ICT incidents.
But time is ticking, and the January compliance deadline is fast approaching.
Dan Golding: Our research suggests businesses won't be comfortably compliant before the deadline.
There's no shortage of stop-gap solutions, but they aren't the answer. DORA is just the tip of the iceberg in a wave of global regulatory reform for digital risk and resilience. Globally, regulators are placing increased focus on operational resilience and cyber risk, and we expect to see a tidal wave of new regulation across the EU, UK, US, and APAC in the next few years.
You might see it as a regulatory box-ticking exercise, but how you approach DORA could define a long-lasting approach that can significantly accelerate your response to other upcoming regulations.
A narrow view will inevitably lead to unnecessary restarts, increased costs, and a lack of cohesion with other transformation initiatives. You need to think beyond DORA and embrace solutions that meet the immediate regulatory requirements and allow you to adapt to what comes next. In our view, that means embedding operational resilience and digital risk management into your firm’s fabric and ensuring your processes, controls, and frameworks are fit for the future.
Salina Ladha: So, where do you start?
At Baringa, we see regulation as an opportunity. This is a chance to master digital risk management. We help you to define the proper scope and priorities for your DORA execution, get you ready for January and lay the foundation for beyond.
We don't believe in one-size-fits-all solutions. We help you focus on the right details – whether that's simplifying your network of third-party dependencies, fine-tuning your ICT risk frameworks, or developing your testing capability. We act as an extension to your team, embedding resilience at the core of your organisation to protect your biggest assets. When we leave, our capabilities stay because we upskill your people to build sustainable solutions faster, keeping you ready for the next wave of risk and regulation.
Compliance with DORA is imperative, but we help you use it to your advantage.