Die Bewältigung von DORA ist eine Herausforderung für das gesamte Unternehmen – nicht nur für das IT-Team

The enforceable deadline for DORA is now under a year away and organisations in the FS sector are in a difficult position. Preparing for any change in regulation is hard enough, but with the European Banking Authority yet to publish the final technical specification or a list of critical IT providers, businesses are effectively still in the dark in terms of the detail.

Gambling by taking a ‘wait and see’ approach is unlikely to impress the regulator. However, if being fully compliant by 17th January 2025 is unrealistic, demonstrable progress and having a clear plan to meet all requirements within a reasonable timeframe should mean escaping the harshest punishments.   

Wie können sich Finanzunternehmen angesichts des Fehlens endgültiger technischer Richtlinien am besten auf DORA vorbereiten? Für viele wird es erforderlich sein, gegen die herkömmliche Meinung zu verstoßen und zu akzeptieren, dass DORA in erster Linie eine geschäftliche Herausforderung und nicht nur ein Technologieproblem ist.

Ja, es stimmt, dass sich DORA hauptsächlich mit der Cybersicherheit und dem Cloud-Konzentrationsrisiko beschäftigt. Es stimmt auch, dass Technologie ein wesentlicher Bestandteil jeder Compliance-Strategie ist. Doch Sicherheit ist zu einem der wichtigsten Themen für Unternehmensleiter geworden. A

Gartner Board of Directors-Umfrage 2022 fanden heraus, dass 88 % der Vorstandsmitglieder Cybersicherheit als Geschäftsrisiko einstuften, während nur 12 % sie als Technologierisiko bezeichneten.

Besitz ergreifen

I recently met with a customer that has been involved in a months-long argument between the IT department and the compliance team about who was responsible for DORA in their business. This argument has distracted both teams and neither are any clearer from where they need to start from.  

The reality is that the whole business needs to get behind it, and everyone in the organisation will have some role to play. This means a cultural change at every level and the recognition that flexibility will be important at a time of momentous change for FS – similar cloud-related regulations will come into effect in other geographies and while new AI policies will also impact the sector.

Weiter gehts

Das Unternehmen hat also kollektiv akzeptiert, dass es ein Problem hat. Was können sie zur Vorbereitung tun?

Firstly, it is a case of identifying the key stakeholders and assigning clear roles and areas of ownership. Article four  of DORA firmly places responsibility of compliance on senior management, meaning it is essential that it is on the C-suite agenda. These key stakeholders should, in effect, create a working group responsible for delivering compliance as well as having a clear knowledge and understanding of the Act and the articles within it.

The next step is then looking at where an organisation already complies with DORA and identifying areas that will require change, investment, or development. Businesses may be surprised to find how much of it they are already doing right. But until you conduct this exercise it will be impossible to know what requires investment, whether that is skills, procedures, policy, or technology.

These steps will pose a significant challenge for larger organisations which due to their scale can be very siloed. This is where nurturing the right culture will be essential. Working across silos on complex projects can be extremely difficult, particularly when you bring together departments or business units that never normally speak to each other. But by opening that dialogue and understanding the challenges that each other are facing, they can learn how to help solve each other’s challenges as well as their own.

Einen Vorsprung gewinnen

One thing that’s certain is that DORA will not be the last piece of major technology-focused regulation to trouble FS businesses in the next few years. But putting most of the transformation burden of at the IT department’s door is unlikely to result in the smoothest transition.

Organisations that establish effective cross-department working practices and adopt the necessary cultural changes are likely to make light work of their compliance obligations. Numerous upcoming regulation changes could mean that perfecting the process now could deliver an edge over less enlightened competitors. 

• SEO-gestützte Content- und PR-Distribution. Holen Sie sich noch heute Verstärkung.
• PlatoData.Network Vertikale generative KI. Motiviere dich selbst. Hier zugreifen.
• PlatoAiStream. Web3-Intelligenz. Wissen verstärkt. Hier zugreifen.
• PlatoESG. Kohlenstoff, CleanTech, Energie, Umwelt, Solar, Abfallwirtschaft. Hier zugreifen.
• PlatoHealth. Informationen zu Biotechnologie und klinischen Studien. Hier zugreifen.
• Quelle: https://www.finextra.com/blogposting/25764/tackling-dora-is-a-challenge-for-the-entire-business–not-just-the-it-team?utm_medium=rssfinextra&utm_source=finextrablogs