cybersecurity and encryption

DORA Regulations

Cybersecurity and Encryption

The regulation Digital Operational Resilience Act, or DORA for short, has introduced a comprehensive EU-wide regulatory framework that includes rules on digital operational resilience for all financial institutions.

What is DORA?

On January 16, 2023, entered into force a new regulation about how financial firms manage digital risk. This Digital Operational Resilience Regulation is known by the name DORA or Digital Operational Resilience Act.

It is the European Commission’s bid to homogenize and strengthen the regulatory environment on digital operational resilience in the European financial sector in an environment of digital transformation, new players and large technological organizations. Before DORA, financial institutions managed the main categories of operational risk mainly with the allocation of capital, but they did not manage all the components of operational resilience (ability of the organization to continue operating in the face of any adverse event).

It is a regulation that is part of the digital finance package, a package of measures to further build and support the strength of digital finance in the current financial context, in terms of innovation and competition, while mitigating the risks associated with it.

In addition to this proposal, the package also includes a proposal for a Regulation on cryptoasset markets, a proposal for a Regulation on a pilot regime for market infrastructures based on decentralized registry technology and a proposal for a Directive to clarify or amend certain related EU financial services rules.

What are DORA's objectives?

The evolution of technology in the financial sector and the emergence of new digital payment systems that are increasingly used among the population, together with the rise and growing use of cryptocurrencies, and cryptoassets in general, represent a revolution. In this context, the new resilience regulations should increase confidence and attract investment.

DORA aims to consolidate and improve ICT risk requirements. That is, information and communications technologies, in all financial institutions to ensure that all companies are subject to a common set of standards to mitigate ICT risks.

We can thus say that the main objective of DORA is the innovation and improvement of existing standards and the standardization of the incident reporting model, ensuring that the Union embraces the digital revolution and drives it forward with innovative European companies at the forefront, making the benefits of digital finance available to consumers and businesses.

Which companies are affected by DORA?

DORA will have a very broad application and will cover all authorized European financial institutions, in total about 20, including ICT service providers.

  • Credit institutions
  • Payment entities
  • Account information service providers
  • Electronic money institutionsta
  • Investment service companies
  • Crypto asset service providers
  • Central securities depositories
  • Central counterparty entities
  • Trading centers
  • Records of operations
  • Alternative investment fund managers
  • Management companies
  • Providers of data supply services
  • Insurance, reinsurance and complementary insurance companies and intermediaries
  • Employment pension funds
  • Credit rating agencies
  • Critical benchmark administrators
  • Participatory financing service providers
  • Securitization records

Despite its intentionally broad scope, DORA provides some elements of proportionality, i.e., financial entities included in the scope will have to comply with DORA taking into account their size and overall risk profile, as well as the nature, scale and complexity of their operations. services, activities and operations, among other variables, and may also apply to SMEs.

Do you want to know if you should apply DORA in your organization?

Contact our specialist

Contact

What are the implications DORA? practices

Regarding its scope and implications, the way in which DORA impacts institutions is as follows:

  • ICT risk management.
  • Incidents and notifications of ICT-related incidents.
  • Digital operational resilience testing.
  • Third-party risks in ICT and the exchange of information between financial institutions.

In particular, it will improve and streamline the management of ICT risks by financial institutions, establish comprehensive testing of ICT systems, increase supervisors’ awareness of cybersecurity risks and ICT-related incidents faced by financial institutions, and empower financial supervisors to monitor risks arising from financial institutions’ reliance on external ICT service providers.

The proposal will create a consistent incident reporting mechanism that will help reduce administrative burdens for financial institutions and strengthen supervisory effectiveness.

When is DORA expected to be approved and published?

Although the Regulation entered into force 20 days after its publication in the Official Journal of the European Union, it will be fully applicable as of January 17, 2025, so financial institutions will have a period of 2 years to comply with it. .
Furthermore, it is important to note that DORA is a Regulation, not a Directive, so it is binding in its entirety and directly applicable in all EU Member States.

OSV is the solution that meets Dora's requirements.

Our OSV solution for DORA has all the necessary specifications, detailed below, to help entities comply with the regulatory framework.

Learn more

Risk management

We identify and minimize ICT risk, determining protection and prevention measures, and establishing continuity policies.

Notification of incidents

We will notify the appropriate authorities of significant ICT-related incidents.

Digital operational resilience testing

We identify weaknesses, gaps and deficiencies in the ICT risk management framework.

Intelligence exchange

We will exchange information about cyber-attacks on other financial institutions, acting as a single team in the fight against cyber-crime.

Third-party ICT risks

We assess, monitor and document the risk of third parties in ICT matters.

DORA compliance requirements for financial institutions

Checklist

DORA checklist

© 2024 Grupo Oesía

Facebook Icon-twitter_5968958 Linkedin Youtube Instagram

SGoSat

Family of SATCOM On The Move (SOTM) terminals for vehicular installation and stable mobile connection

SGoSat is a family of high-tech SOTM (Satellite Comms On The Move) terminals that are installed in a vehicle, providing the ability to target and maintain a stable connection to the satellite when the vehicle is in motion in any type of conditions.

The SGoSat family is composed of versatile terminals, which can be installed on any type of platform: trains and buses, military and/or government vehicles, aircraft, ships, etc. Originally designed for the military sector, SGoSat terminals are extremely reliable and robust, integrating high-performance components that comply with the most stringent environmental and EMI/EMC regulations. The product uses low-profile, high-efficiency antennas and a high-performance positioning and tracking unit, allowing the terminal to be operated anywhere in the world.

In order to meet the diverse needs of its customers, INSTER has developed single band and dual band terminals in X, Ka and Ku frequencies.

The SGoSat family of terminals can also be configured with a wide range of radomes (including ballistic options) to suit customer requirements.