​Operational resilience has completed its transition from buzzword to boardroom priority. Consumers and corporations are facing off against a multi-faceted threat landscape like never before. Deep fakes, hackers-for-hire, byzantine regulatory environments – the list goes on (and on).

Naturally, the changing tides necessitated a new risk management framework like the EU’s DORA (Digital Operations Resilience Act), and with a compliance deadline of January 1st, 2025, the scramble to get ready is on.

While the majority of in-scope firms report to have completed the first steps, a lack of clarity is creating a sense of uncertainty among leaders.

Here at Broadgate, we’ve been speaking to a range of financial decision-makers to get a better grasp on how the financial services space is preparing for the changes. Check out the insights below.  

Leaning on a Culture of Compliance

There is some sentiment around DORA manifesting as a tick-box exercise rather than a transformational approach to risk management. Developing (and leaning on) a culture of risk and compliance can help avoid this and instead embrace DORA for the transformational opportunity it represents.

This connects to what many top compliance candidates are calling out for – a business that recognises the importance of having an embedded, adaptable, risk program and culture that allows space for proactive compliance. Those who fail to embed this culture risk falling short when it comes to the implementation date (like we saw in the UK when the FCA rolled out the new Consumer Duty Act).

Knowledge Sharing and Tech-Savvy Leadership

One of the more prominent barriers to progress that we’ve noticed recently is the lack of technical competency at the board level and the filter-down effect that has on operational resilience (particularly when AI is involved). Transparency, accountability, collaboration, and technical competence at the leadership level are vital at every touchstone of a digital transformation project.

Plus, competitor collaboration is set to become more popular as FinTechs increasingly seek valuable partnership opportunities with traditional banks. With a good strategy, banks can create an agile, compliant ecosystem through collaboration – leveraging the innovative capabilities of FinTechs while maintaining the regulatory rigour and customer trust that traditional banks are known for.

Incident Resource Planning

Regular testing is a must – your incident response plan is only as strong as your team's ability to execute it under pressure. Testing will help make consistent improvements through vulnerability detection, cultivating a culture of improvement (the cornerstone of cybersecurity).

DORA sets out some reporting obligations for financial entities in Article 17 – ICT Related Incident Management Processes. It’s important to familiarise yourself with the guidelines to help you build a comprehensive response plan.

A Rush to Meet Regulatory Technical Standards?

With a December finalisation of the RTS drafts scheduled, firms might be stuck with very little time to prepare for DORA’s enforcement date. ‘Act now!’ Is the general market sentiment.

Have you got the right people in place? Top compliance talent is tough to come by at the best of times. Broadgate’s specialist recruiters are here to help. Find out more about our marketing-leading recruitment service here: