Why Flexibility is Key for the Upcoming EU DORA Regulation

By Anat Weinstein Oselka, Exberry’s General Counsel

July 2, 2024

|

Ever-increasing digitalisation is propelling the world of financial services to act faster and do more than ever before. One side effect of this is the increased risk posed by the failure of critical suppliers. This is the reason EU regulators have introduced the Digital Operational Resilience Act (DORA), which will implement uniform rules for financial entities on operational resilience throughout the EU.

Financial institutions, including trading venues, have until 17th January 2025 to prepare themselves for the implementation of the new requirements. An organisation’s ability to maintain flexibility in its operations will be key to meeting its compliance obligations. 

 

Understanding DORA

To ensure the operational resilience of digital service providers and financial institutions, DORA establishes requirements for cybersecurity, continuity of services, incident reporting and oversight. In effect, these rules are aimed at regulating the volatility of new entrants in the financial industry and help existing institutions develop robust risk strategies during digital transformation.

There are 5 main pillars:

  • ICT Risk Management: Importance and strategies for robust risk management practices.
  • Incident Reporting: Frameworks and benefits of timely and accurate reporting.
  • Resilience Testing: Requirements for regular resilience testing and its impact on identifying and mitigating potential threats.
  • Third-party Risk Management: Oversight and risk management for critical ICT third-party providers.
  • Information Sharing: Enhances collaboration and sharing of threat intelligence among financial entities to strengthen overall resilience.

 

Challenges for Trading Venues

To meet these requirements, it is expected that some market financial infrastructures might face challenges in complying with DORA due to fragmented governance, business functions, processes and technology. Specifically, trading venues will need to instil proactive risk management practices, such as continuous threat assessments and environmental evaluations, to mitigate cyber-attacks and operational disruptions. By leveraging Exberry’s advanced exchange technology, trading venues can enhance their operational resilience, minimise downtime, and mitigate the impact of cyber threats and other disruptions.

 

Adapting to constant change

Embracing technological change means recognising that past solutions and processes may no longer be effective. DORA represents another evolution in improving our markets and organisations, driving progress and resilience. Taking a modern, flexible approach, will ensure ongoing alignment with compliance demands.

To learn more about how Exberry’s flexible approach and global regulatory collaboration can help your trading venue meet DORA compliance effectively, visit our website today.

Recent European Elections and Their Implications on Capital Markets

The elections for the European Parliament, held between 6th and 9th of June, could end up significantly impacting capital markets on the continent. This juncture could have the effect of reshaping regulatory landscapes, influencing market stability and altering cross-border economic activities.

Let’s talk

We are looking forward to hearing from you and one of our team members will be in touch.

Want to partner with us?

Try our sandbox

Please fill out this form and we will grant you sandbox access shortly

Let’s talk

We are looking forward to hearing from you and one of our team members will be in touch.

Tech

Full-Stack Developer

Please fill out this form and attach your CV, we will get in touch with you shortly