/security

News and resources on cyber and physical threats to banks and fintechs worldwide.

DORA to spark changes in risk management tech

The imminent introduction of the EU's Digital Operational Resilience Act (DORA) will force sell-side firms to make significant changes to their third party risk management software and strategies, suggests a recently published survey.

  8 Be the first to comment

DORA to spark changes in risk management tech

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The study, produced by software vendor Acuity and operational outsourcing provider Compass Partners, found a lack of awareness and preparation among sell-side firms of the challenges ahead as a result of the EU's regulation.

The Act is designed to make the EU's financial services industry more resilent to cyber attacks and IT incidents and is set to come into force in January 2025. 

The primary challenge for firms is ensuring they have the operational resources needed to analyse cyber threats and to meet the Act's reporting requirements.

The Act will apply to more than 20,000 regulated entities directly but it will also require those entities to map their relationships with third parties, including critical ICT providers. 

This means that for a number of buy-side firms, such as hedge funds and propreitary trading firms, the Act will be an entry point into formalised thrid-party risk management, states the Acuiti study.

Unfortunately the study reveals a low lack of awareness among such firms with 80% of prop trading firms based in the UK or EU stating that they either unaware of DORA or believed they were not impacted by it. 

Also, few firms on on either the buy or sell-side meet the full requirements of the Act with the frequency of reviews of third-party relationships and exit strategies for critical vendors highlighted as particualr weaknesses.

Consequently, the study forecasts that 90% of firms will increase their investment in risk management technology or outsourcing. 

“With little over a year until implementation, there is significant work to be done by firms across the market to be ready for DORA,” said Will Mitting, founder of Acuiti.

“The data shows that a lot of firms are unprepared for DORA, and also face significant challenges in ensuring fit for purpose processes and framework as well as a functional target operating model," added Neil McDonald, managing partner at Compass Partners. "As always, data quality and system feeds ensuring accurate mapping will also be a key challenge."

Sponsored [Webinar] 2025 Fraud Trends: Synthetic Identity, AI and Incoming Mandates

Comments: (0)

[Webinar] 2025 Fraud Trends: Synthetic Identity, AI and Incoming MandatesFinextra Promoted[Webinar] 2025 Fraud Trends: Synthetic Identity, AI and Incoming Mandates