In December 2022, the Digital Operational Resilience Act was published in the Official Journal of the European Union and was enacted into law in January 2023. Organisations will have until 17 January 2025 to be able to demonstrate compliance with the Act.
DORA applies to a wide range of organisations that collectively fall under the scope of “Financial Entities”, as defined in Article 2 of the regulation. These include insurance intermediaries, reinsurance intermediaries, credit institutions, investment firms and insurance and reinsurance undertakings.
In addition to financial entities, DORA will also apply to ICT third-party service providers, particularly those who provide ICT services that support critical or important functions of financial entities and those deemed as critical by the European Supervisory Authority.
DORA is supported by several guidance documents issued by the Central Bank of Ireland, including guidance on outsourcing and IT and cybersecurity. Most applicably, in December 2021 the Central Bank of Ireland published the “Cross Industry Guidance on Operational Resilience”. Organisations in scope are expected to be able to demonstrate compliance with the guidance by December 2023. By complying with this guidance, organisations are putting in place the first steps towards compliance with DORA.
Whilst DORA does not specify fines or other criminal sanctions for non-compliance with the regulation, EU member states are free to provide for criminal sanctions for breaches of DORA in their national law. As such, the regulation departs from the approach of the General Data Protection Regulation (GDPR) and the amended Network and Information Security 2 (NIS-2) regulation. Currently, under the Central Bank of Ireland’s Administrative Sanctions procedure, it may impose sanctions on regulated firms and individuals.
DORA has defined 5 key pillars for compliance:
The impact on your organisation will vary depending on the level of effort your organisation has put in place to date to improve operational resilience.
We recommend that organisations develop an operational resilience management system that allows them to easily demonstrate compliance with DORA.
An initial step will require organisations to conduct a gap analysis between their current state environment and the requirements set out in DORA. This will then allow the organisation to identify the current gaps in compliance and priority areas of focus.
The highest level of management within the organisation should work to ensure that they understand the risks associated with a lack of sufficient controls in operational resilience, they should sign off on an operational resilience strategy and receive updates on the organisation's progress towards an improved future state. This strategy should be given sufficient resources to ensure that the controls are successfully embedded and benefit the organisation.
Organisations should start implementing the requirements of DORA, this will require the identification of a business owner, allocation of resources, conducting a gap analysis and developing a roadmap to compliance.
Mazars can support your business to prepare for and maintain compliance with DORA. This includes our ability to support you with the following:
2024 has seen the appointment of two new commissioners in the Data Protection Commission (DPC). The Digital Services Act is now effective, with several large organisations already being required to comply and establish a new regulator, Comisiún na Meán.
The role reports to the President and provides executive, administrative, and development support. The Director of the Office of the President serves as the primary point of contact for internal and external stakeholders on all matters pertaining to the President, serves as a liaison to the Governing Body and senior leadership team when required, and oversees internal and external communications for...
The purpose of this role is to lead the strategy, operational planning and management of the Institutional Research & Data Analytics operations, activities, and staff. The Director will guide the overall vision of the function by implementing effective strategies for data management and data analytics to support the centralised collection, management, analysis, interpretation, and reporting of data....
This website uses cookies.
Some of these cookies are necessary, while others help us analyse our traffic, serve advertising and deliver customised experiences for you.
For more information on the cookies we use, please refer to our Privacy Policy.
This website cannot function properly without these cookies.
Analytical cookies help us enhance our website by collecting information on its usage.
We use marketing cookies to increase the relevancy of our advertising campaigns.