top of page
payball Logo (2).png
The Rise of Payball crypto technology

As the European Union’s Digital Operational Resilience Act (DORA) comes into effect, it’s setting a new bar for cybersecurity standards that crypto companies must adhere to. DORA requires firms to implement a set of well-defined measures to help detect, prevent, and manage ICT risks. Reporting and notification of ICT-related events, specifically significant incidents, is a key requirement. Crypto companies must inform the national regulators about them, with some of the most critical events possibly necessitating initial notification in as little as four hours. This swift response time allows regulators to quickly understand the situation and coordinate an effective response to reduce the potential damage.

DORA also sets new standards for testing and validating operational resilience. Companies are now expected to routinely perform vulnerability assessments and penetration tests. The goal is to ensure that their systems are prepared to withstand various threats, from cyberattacks to other disruptive events, and can continue to operate smoothly. This not only helps maintain business continuity but also minimizes the impact on critical operations. The new requirements also include third-party ICT service providers. DORA now has provisions for minimum standards for vetting and managing these external entities. As many companies outsource parts of their ICT services, this regulation ensures that security is maintained throughout the supply chain. Overall, these new requirements aim to strengthen the cybersecurity and operational resilience of companies, including those in the crypto sector. Compliance will not only reduce the risk of breaches and service interruptions but also foster trust among stakeholders by demonstrating a commitment to robust cybersecurity practices.

 

DORA compliance: a very personal journey to operational resilience

The European Digital Operational Resilience Act (DORA) is not just another regulation; it’s an opportunity for each financial institution in Europe. The act has introduced a new set of standards for banks, investment firms, and insurers. It prescribes strict and harmonized expectations to help the financial sector prevent and respond to cyber threats and IT disruptions. Per the European Commission, “more than 30% of European businesses report having suffered major operational disruption in the past two years from a cyber-incident.” DORA is intended to address the root causes of this unacceptable operational risk.

One of my previous clients, a large financial institution, was dealing with a fragmented system of reporting critical incidents as well as identifying and evaluating third-party risks. By operationalizing the provisions of DORA, they had to take a closer look at vendor controls. In addition to meeting regulatory requirements, they had an opportunity to address the root causes of frequent incidents and use it to gain the trust of their customers.

Achieving and maintaining DORA compliance is no small feat. It requires a mindset shift in the organization and increased collaboration between IT, compliance, and business teams. Are you ready to increase spend for testing and validation (e.g. third-party audit, bi-annual IT testing), remediate every control weakness, and maintain a close watch over your IT landscape in real-time with no room for false positives when one oversight could cost you your compliance status or reputation?

How do we use resilience as a competitive edge and not just another box to check? Where do you stand in your DORA journey? Share your thoughts, questions, or concerns in the comments below. Your insight could be just what another industry professional needs to overcome a DORA-related challenge.

If you found this post valuable, subscribe to our newsletter for more on regulation trends, risk management, and a peek under the DORA hood.
#DORA #OperationalResilience #FinTech #Compliance #RiskManagement

bottom of page