Tue, Dec 03 2024
Snowflake's Global Head of Financial Services Industry, Rinesh Patel, advises finserv businesses to take a proactive stance when it comes to DORA.
The EU's planned legislation, known as the Digital Operational Resilience Act (DORA), is set to take effect in January 2025 with the goal of strengthening financial organizations' ability to withstand ICT-related disasters.
A "ripple effect" impacting future legislation worldwide is anticipated as a result of the impending rule, according to Rinesh Patel, Global Head of Financial Services Industry at Snowflake, as it is intended to establish an unprecedentedly high standard for operational resilience.
Rinesh points out that DORA will also benefit financial institutions (FIs) in the long run by providing "long-term rewards around risk management and oversight of third-party service providers," even if it will need change and provide difficulties for FIs regarding resource investment.
In this section, Rinesh discusses the effects that DORA will have on the financial services sector, how FIs can get ready for it, and how the law may contribute to a safer future.
DORA: Effect on Industry
When it comes to DORA, financial institutions' biggest challenge is adjusting to be compliant, which is something they should be focusing on right now.
According to Rinesh, "adaptation may require significant investments in technology, resources, staff, and time." Additionally, there will be more stringent guidelines for handling the hazards connected to using outside ICT service providers, necessitating further investigation.
"Despite the difficulties, the legislation will have a lot of advantages. Proactive management of ICT risks can result in fewer cyber interruptions, quicker recovery periods, and increased investor and consumer trust.
"DORA will also encourage industry-wide cooperation by putting pressure on stakeholders to cooperate and exchange data, assisting in the creation of a more secure framework for innovative ideas."
Businesses should perform an internal gap analysis to evaluate their existing posture and identify areas where they fall short in order to move ahead of DORA, according to Rinesh. Additionally, organizations should regularly evaluate the risks associated with their internal business operations and create backup plans in case their resilience is tested.
Even though the majority of financial institutions currently collaborate with outside suppliers, Rinesh continues, "new measures must be taken before signing new deals, and current partnerships must be reviewed."
It is important for organisations to verify if their service provider has put measures in place to tackle issues pertaining to all five DORA pillars.
The five pillars of Dora:
• IT Risk Assessment
• Incident Management pertaining to ICT
• Testing for Digital Operational Resilience
• IT Third-Party Liability Control
• Information Exchange
Rinesh states that "the most dependable service providers will keep the organization's data secure while enabling customers to mobilize their data with nearly unlimited scale, concurrency, and performance."
"DORA provides financial service companies with a much-needed chance to reconsider their cloud and data strategies, making sure they can effectively move workloads and data to prevent outages and enhance resilience."
Rinesh continues, "CEOs of financial organizations should work closely with providers in order to maintain open lines of communication with regulators."
He continues, "This conversation is a good step for the industry because it means that third-party providers can collaborate to meet requirements in a strong, compliant manner, protecting data at all costs."
"In order to get ahead of the regulation coming next year, businesses will need to develop a compliance roadmap that prioritizes actions, sets realistic timelines, and assigns resources."
Utilizing DORA to create a safer future
For financial institutions, the most important thing is to get ahead of the game and begin putting these safeguards into place as soon as possible. This will put them in the best possible position to handle impending developments.
Rinesh ends by saying, "Once DORA is implemented, all regulated clients will have to adhere to regulations, have strong business continuity plans, undertake routine penetration tests and vulnerability assessments, and have an ICT risk management framework in place.
All things considered, DORA will help companies raise awareness of the threats they confront and open the door to a more secure and effective global financial system.
However, this will only happen if company executives adopt a proactive stance, addressing the opportunities and difficulties presented by the law and getting ready for a day when industry collaboration and knowledge-sharing will only grow.
Leave a Comment