Your browser does not support JavaScript!

Digital Operational and Cyber-Resilience

Current topics - Digitalisation and new technologies

Digital Operational and Cyber-Resilience

Context

Digitalisation and new technologies are deeply transforming the European financial system and related value chains with an increasing role played by third-parties such as providers of cloud services, data analytics and data centres. This increases the exposure of the financial sector to information and communication technology (ICT) risks such as cyber-attacks and system failures and also to third-party dependency risks.

In September 2020 the European Commission published the Digital Operational Resilience Act (DORA) proposal in the context of the Digital Finance Package, which is in the process of being adopted. DORA aims to ensure that in relation to their use of ICT, financial institutions in the EU can support the continued provision of services and thus preserve the stability of the EU financial system, in the event of any potential disruption or threat to operational resilience.

DORA proposes a comprehensive and harmonized framework for the management of ICT risks building on the operational resilience requirements embedded in the main financial regulations, existing EU cybersecurity policies such as the Network and Information Security (NIS) Directive and guidelines established by the European Supervisory Authorities (ESAs) for the outsourcing of cloud services. DORA also introduces measures for the management of ICT third-party risks including the oversight by the ESAs of providers deemed ‘critical’ for the EU financial sector.

Eurofi documents

Extracted from the main Eurofi publications (Regulatory Updates, Views Magazines and Conference Summaries)

Eurofi policy notes

Digital Operational Resilience Act (DORA): main proposals and pending issues - September 2021

Ensuring operational resilience at entity and industry level (cyber, outsourcing, operational risks…) - April 2020

Panel discussion summaries

Digital operational and cyber-resilience - Stockholm High Level Seminar - April 2023

Digital operational and cyber-resilience: expected impacts of DORA and pending issues - Prague Financial Forum - September 2022

Cyber and digital operational resilience policy proposals - Paris High Level Seminar - February 2022

Digital operational and cyber-resilience - Ljubljana Financial Forum - September 2021

Eurofi Views Magazine chapters

Digital operational and cyber-resilience - April 2023

Margarita Delgado - Banco de España | Gerry Cross - Central Bank of Ireland | Samu Kurri - Finnish Financial Supervisory Authority (FIN-FSA) | François-Louis Michaud - European Banking Authority (EBA) | Jason Harrell - The Depository Trust & Clearing Corporation (DTCC)

Digital operational and cyber-resilience - September 2022

Steven Maijoor - De Nederlandsche Bank | Emmanuel Rocher - Autorité de Contrôle Prudentiel et de Résolution | Petra Hielkema - European Insurance and Occupational Pensions Authority | Ksenia Duxfield-Karyakina - Google Cloud | Stephen Hester - Nordea Group

Cyber and digital operational resilience policy proposals - February 2022

Dominique Laboureix - Autorité de Contrôle Prudentiel et de Résolution | José Manuel Campa - European Banking Authority | Margarita Delgado - Banco de España | Jens Obermöller - Federal Financial Supervisory Authority, Germany | Jason Harrell - The Depository Trust & Clearing Corporation | Scott Mullins - AWS Worldwide Financial Services | Laurence Molinier - Deloitte

Digital operational and cyber-resilience - September 2021

Joachim Wuermeling - Deutsche Bundesbank | Billy Kelleher - European Parliament | Ana Teresa Moutinho - European Insurance and Occupational Pensions Authority | Christopher P. Buttigieg - Malta Financial Services Authority | Jason Harrell - The Depository Trust & Clearing Corporation | Lorelien Hoet - Microsoft