Site Search

Menu

Services

Menu

Private Wealth & Entrepreneurs

Menu

Family business & SME consulting

Featured

Artificial Intelligence

Menu

Events

Loading Results

The next big beast on the regulatory horizon

Digital Operational Resilience Act (DORA)

On 24 September 2020, the European Commission published its draft Digital Operational Resilience Act (DORA) as part of the Digital Finance Package (DFP). The legislative proposal largely builds on regulatory initiatives introduced by various European regulators, including the European Central Bank (ECB), and combines them in one regulation. DORA shifts the focus from only guaranteeing firms’ financial resilience to also ensuring they can maintain resilient operations through an incident of severe operational disruption.

DORA and its impact on Swiss financial entities and ICT service providers

Check if you are impacted

Background

The need for legislative action follows from the increasing reliance of the financial market on information and communication technologies (ICT). This is due in part to the Covid-19 crisis, which acts as a catalyst as financial firms rely even more on their digital systems, starting with remote access from the home office to payment services and all sorts of complex financial services. Consequently, the voluminous DFP presented by the Commission includes, among others, the following:

  • a digital finance strategy,
  • legislative proposals on crypto-assets and digital resilience, and
  • a renewed retail payments strategy.

The goal is to create a competitive EU financial sector that gives consumers access to innovative financial products while ensuring consumer protection and financial stability and turning Europe into a global digital player.

DORA at a glance

DORA aims to establish a comprehensive and cross-sectoral digital operational resilience framework with rules for all regulated financial institutions. Banks, stock exchanges, clearing houses as well as fintechs will have to respect strict standards to prevent and limit the impact of ICT-related risks.

DORA lays down uniform requirements for the following topics. We summarised the most important for you: 

  • Streamline and upgrade existing rules on ICT governance 
  • Internal controls and governance structures for ICT risks 
  • Monitoring of ICT risk management 
  • Approval and control processes, ICT investments and training
  • Establish a LCM process to monitor and log ICT-related incidents
  • Manage ICT risks
  • Maintain resilient ICT systems and tools
  • Submit initial, intermediate and final reports on ICT-related incidents
  • Establish a framework for critical ICT third-party risks
  • Review ICT services provided by ICT third-parties
  • Control your outsourcing contracts
  • Test ICT risk management frameworks on a regular basis (SWOT)
  • Ensure the prompt implementation of corrective measures
  • Testing requirements will be proportionate to a financial entity’s size, business and risk profile

Who is impacted?

Basically every financial market participant is impacted by DORA, such as banks, investment firms, management companies, crypto asset providers, insurance companies, trading venues and more. DORA introduces new compliance obligations, so be ready for the digital finance packages and start early with an impact assessment. DORA will be published in the Official Journal of the European Union and will enter into force. The Act is expected to become applicable around Q1 2023.

How can PwC help you?

Due to our broad experience regarding the implementation of new regulations, our experts can help you to understand the new obligations and support you in the ICT transformation. Understanding the obligations is key for a proper transformation.

  1. DORA – ICT regulatory gap analysis

  2. Design ICT risk compliant management framework 

  3. Digital operational resilience testing

  4. Design information sharing arrangements

  5. Support in the ICT transformation 

Please see our dedicated services offering to help you comply with all necessary regulations. Let us do the work so that you can focus on your core business.

Related content

Contact us

Dr. Antonios Koumbarakis

Dr. Antonios Koumbarakis

Partner, Sustainability & Strategic Regulatory, PwC Switzerland

Tel: +41 58 792 45 23

Linkedin Follow Email
Alexandra Burns

Alexandra Burns

Partner, Leader Financial Services Risk Consulting & Internal Audit, PwC Switzerland

Tel: +41 58 792 46 28

Linkedin Follow Email
Patrick Akiki

Patrick Akiki

Partner, Financial Services Market Lead, PwC Switzerland

Tel: +41 58 792 25 19

Linkedin Follow Email
Matthias Leybold

Matthias Leybold

Partner Cloud & Digital, PwC Switzerland

Tel: +41 58 792 13 96

Linkedin Follow Email
Moritz Obst

Moritz Obst

Strategic Regulatory & Sustainability Services, Legal, PwC Switzerland

Tel: +41 58 792 47 19

Linkedin Follow Email
Services Assurance Consulting Corporate Support Services Deals Global Markets Legal People and Organisation Private Wealth SME and Family Business Tax Advice
Industry Sectors Energy Financial Services Government and Public Sector Health care Industrial Manufacturing Real Estate Retail and Consumer Goods Pharmaceuticals and Life Sciences Sports Business Advisory Technology, Media and Telecommunications
Today's issues Artificial Intelligence Workforce of the Future Finance Transformation Customer Transformation Cybersecurity Data & Analytics ESG: Criteria and Implementation
About PwC Contact Press Locations Organisation and Management Purpose, Values and Code of Conduct Reports Corporate Sustainability Our History Alumni
Careers Open Positions Career Events Experienced Hires Graduates Students Apprentices PwC as an Employer PwC's Career Blog
Research & Insights Our latest insights Subscribe to PwC insights Preference Centre

© 2018 - 2024 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.