Digital Operations Resilience Act (DORA regulation) impact on financial institutions

What does the Digital Operations Resilience Act (DORA) mean for financial institutions looking to future-proof their IT environment? A look at the legislative framework and how it works in practice with third-party tools and partners.

Discai harmoney partnership

5 key pillars of DORA regulation in finance

The foundation of the DORA legislation rests on five pillars that outline different operational resilience requirements for financial players:

1. IT incident management and reporting

FIs should inform the relevant authorities promptly about IT breaches, incidents and cyber threats. While there is already some existing legislation in place to cover this, DORA outlines standardised methods for incident size scaling and for sending the required information to the European Supervisory Authorities (ESAs) and national supervisors.

2. Digital operational resilience testing

FIs must establish a ‘comprehensive digital operational resilience testing programme as an integral part of their ICT risk management framework,’ according to the official text. The goal is to force financial players to develop risk-oriented resilience programs, tailored to the size of their organisation.

3. IT risk management

This DORA regulation component focuses on the necessity of implementing a well-structured system for risk management and detection. Financial players must take a proactive approach in creating an IT risk management framework and embedding it in their overall digital operational resilience strategy. A critical component is the assignment of a dedicated IT risk manager role and internal auditing.

4. Third-party risk management

DORA introduces a more streamlined approach for the financial sector to maintain third-party risks. All financial entities must maintain an up-to-date information register of their third-party IT providers and the contracts they have with them. Sufficient due diligence before entering into a professional relationship is also a requirement, along with data access and security clauses in contracts with providers.

5. Information and intelligence sharing

DORA encourages financial institutions to exchange information and intelligence amongst themselves about cyber threats to improve the digital operational resilience of all financial entities. The framework stipulates that this should take place within 'trusted communities of financial entities' and according to previously established information-sharing arrangements that protect sensitive information and uphold confidentiality.

About our Harmoney-Discai partnership

As Discai shares our enduring commitment to compliance leadership, a collaboration on joint software is a logical next step. Discai is a fintech subsidiary of KBC Group – a leading European bank-insurer with corporate headquarters in Belgium – and specialises in data science and AI to provide financial compliance solutions. With over 100 data scientists dedicated to combating financial crime, Discai is at the forefront of innovation in this field.

“Our collaboration with Harmoney underscores our commitment to delivering innovative solutions that enable efficient and effective financial crime management. By combining our strengths, we can provide an end-to-end approach to combatting money laundering."
Fabrice Deprez CEO

What is DORA?

In 2023, the Digital Operations Resilience Act (DORA regulation) came into effect, reshaping the regulatory landscape for cybersecurity in financial institutions across the EU. DORA blends existing national and European legislation on IT risk management with new regulations in an attempt to establish a clear framework for boosting cyber threat resilience in the financial sector and beyond. At the same time, DORA helps to standardise and harmonise overarching IT management requirements within financial institutions (FIs). Full DORA compliance will be expected from January 2025 onwards.

Apart from the five key points of DORA (outlined below), the directive also aims to improve cyber resilience and operational continuity by focusing on supply chain safety between financial institutions and their external partners, including compliance orchestrators like Harmoney.

The DORA regulation framework for financial institutions ties neatly into the broader European NIS2 legislation, geared towards improving cybersecurity across various sectors. As a pivotal industry in the European economic landscape, finance is spearheading the implementation of IT risk management and cyber resilience tools. Where sector-specific DORA guidelines for financial institutions are more detailed, they will take precedence over the more general NIS2 guidelines. In any case, comprehensive cyber and transparency requirements for both FIs and their entire business network will soon be in full effect.

Thomas Van Maele, CEO of Harmoney, added, "We are excited to partner with Discai to offer a comprehensive solution that streamlines the end-to-end KYC and KYT management processes. Together, we can empower financial institutions to stay ahead of sophisticated money laundering schemes."

In an era marked by increasing financial crime activities, the partnership between Discai and Harmoney signifies a significant step forward for financial institutions. With their integrated solution, they stand united as partners in financial crime fighting, offering a robust defense against the ever-evolving tactics of money launderers. The resulting platform guarantees a future-proof solution that’s able to keep up with the latest regulatory and technological evolutions.

Harmoney offers a cutting-edge digital platform that streamlines intricate onboarding and compliance procedures, featuring automated screening functionalities. Interested in discovering more about our innovative solution? Reach out to us for further details!