Digital Operational and Cyber-Resilience
Digital Operational and Cyber-Resilience
Context
Digitalisation and new technologies are deeply transforming the European financial system and related value chains with an increasing role played by third-parties such as providers of cloud services, data analytics and data centres. This increases the exposure of the financial sector to information and communication technology (ICT) risks such as cyber-attacks and system failures and also to third-party dependency risks.
In September 2020 the European Commission published the Digital Operational Resilience Act (DORA) proposal in the context of the Digital Finance Package, which is in the process of being adopted. DORA aims to ensure that in relation to their use of ICT, financial institutions in the EU can support the continued provision of services and thus preserve the stability of the EU financial system, in the event of any potential disruption or threat to operational resilience.
DORA proposes a comprehensive and harmonized framework for the management of ICT risks building on the operational resilience requirements embedded in the main financial regulations, existing EU cybersecurity policies such as the Network and Information Security (NIS) Directive and guidelines established by the European Supervisory Authorities (ESAs) for the outsourcing of cloud services. DORA also introduces measures for the management of ICT third-party risks including the oversight by the ESAs of providers deemed ‘critical’ for the EU financial sector.
Eurofi documents
Extracted from the main Eurofi publications (Regulatory Updates, Views Magazines and Conference Summaries)
Eurofi Views Magazine chapters
Digital operational and cyber-resilience - April 2023
Margarita Delgado - Banco de España | Gerry Cross - Central Bank of Ireland | Samu Kurri - Finnish Financial Supervisory Authority (FIN-FSA) | François-Louis Michaud - European Banking Authority (EBA) | Jason Harrell - The Depository Trust & Clearing Corporation (DTCC)
Digital operational and cyber-resilience - September 2022
Steven Maijoor - De Nederlandsche Bank | Emmanuel Rocher - Autorité de Contrôle Prudentiel et de Résolution | Petra Hielkema - European Insurance and Occupational Pensions Authority | Ksenia Duxfield-Karyakina - Google Cloud | Stephen Hester - Nordea Group
Cyber and digital operational resilience policy proposals - February 2022
Dominique Laboureix - Autorité de Contrôle Prudentiel et de Résolution | José Manuel Campa - European Banking Authority | Margarita Delgado - Banco de España | Jens Obermöller - Federal Financial Supervisory Authority, Germany | Jason Harrell - The Depository Trust & Clearing Corporation | Scott Mullins - AWS Worldwide Financial Services | Laurence Molinier - Deloitte
Digital operational and cyber-resilience - September 2021
Joachim Wuermeling - Deutsche Bundesbank | Billy Kelleher - European Parliament | Ana Teresa Moutinho - European Insurance and Occupational Pensions Authority | Christopher P. Buttigieg - Malta Financial Services Authority | Jason Harrell - The Depository Trust & Clearing Corporation | Lorelien Hoet - Microsoft