Menu
Banking Exchange Magazine Logo
Menu

EU Banks Must Enhance Cyber Resilience as DORA Takes Effect

The new rules require financial institutions and their tech suppliers to strengthen IT system security against cyberattacks

  • |
  • Written by  Banking Exchange staff
 
 
EU Banks Must Enhance Cyber Resilience as DORA Takes Effect

European banks must now strengthen their cybersecurity systems to comply with strict regulations designed to safeguard their vital systems and infrastructure from cyber threats.

After a two-year implementation period, the Digital Operational Resilience Act (DORA) came into effect on January 17, requiring financial services firms and their technology suppliers to enhance their IT systems to ensure the industry's resilience against cyberattacks and other disruptions.

Under the new rules, financial entities must adopt proactive risk management systems to identify and mitigate potential operational disruptions, along with establishing prompt incident response protocols for addressing technological challenges.

They are also required to conduct regular resilience testing to bolster digital defenses and continuously monitor and assess third-party ICT risks across the digital supply chain.

The act applies to third-party ICT service providers and 21 categories of financial entities, impacting over 22,000 institutions, including banks, digital banks, and crypto service providers.

DORA forms part of the EU’s Digital Finance Package, which aims to strengthen the financial sector’s resilience to digital risk, including cyber threats and technology failures, and to improve its ability to recover from operational disruptions.

It also comes in response to the increasing digitalization of financial services across the EU.

While DORA is an EU regulation, its scope extends globally as any ICT service provider working with EU financial institutions must comply with its requirements regardless of their location.

Financial institutions that breach the rules could face penalties of up to 2% of their annual revenue. In addition, individual managers may be held accountable and could face sanctions of up to 1 million euros ($1 million).

back to top

Sections

About Us

Connect With Us

Resources