Synnovate’s Latest 5 in 5! (5 min read for 5 FAQ’s)
Here are five FAQs about DORA, with links and references from us at Synnovate, a sustainable IT services and consultancy company:
What are the main objectives of DORA?
DORA aims to establish a common set of rules and standards for financial entities to prevent, detect and respond to cyberattacks, as well as to ensure business continuity and minimise the impact of disruptions on consumers and the financial system. Operational resiliency will impact all areas of the organisation including the board, and IT will play a major role.
Who will be affected by DORA?
DORA will apply to all financial entities operating in the EU, including banks, insurance companies, investment firms, payment service providers, crypto-asset service providers, and market infrastructures. It will also cover third-party providers of ICT services to financial entities, such as cloud computing, software, data analytics, and cybersecurity services.
Synnovate has experience in working with various financial entities and third-party providers across different domains, such as data and analytics, AI and automation, digital transformation, cloud transformation, reporting and governance, and sustainability solutions.
How will DORA be enforced?
DORA will establish a new oversight framework for critical third-party providers of ICT services, which will be supervised by a lead overseer designated by the European Banking Authority (EBA), the European Securities and Markets Authority (ESMA), or the European Insurance and Occupational Pensions Authority (EIOPA). The lead overseer will have the power to conduct audits, inspections, and investigations, as well as to impose sanctions and corrective measures.
Financial entities will also be subject to supervision by their national competent authorities, which will monitor their compliance with DORA requirements and report any incidents to the European Supervisory Authorities (ESAs). Synnovate can help you prepare for DORA enforcement by providing expert guidance and support on ICT risk management, testing, reporting, and oversight.
What are the penalties for non-compliance?
Depending on the severity and duration of the breach, the sanctions may include fines, temporary bans, suspension or withdrawal of authorisations, or public warnings.
The sanctions will be imposed by the lead overseer for third-party providers or by the national competent authorities for financial entities, in accordance with the relevant ESA guidelines.
How do you become compliant? Synnovate suggests you:
1: Determine if your organisation is in scope.
2: Nominate a DORA champion or lead project manager.
3: Conduct a gap analysis of your organisation’s current operational resilience.
4: Develop and implement a remediation plan to address any gaps identified in the gap analysis.
5: Establish a governance framework to ensure ongoing compliance with DORA.