Start Your Expedition

The Digital Operational Resilience Act

With the Digital Operational Resilience Act (DORA), the EU is responding to the increasing threat to the financial sector from cyberattacks on information and communication technology (ICT) service providers.

 

What's it about?
New Regulation Aspects
Needs for Action

The EU's Digital Operational Resilience Act

With the DORA Regulation, the EU aims to strengthen the resilience of financial services institutions to ICT and cyber risks.

DORA explicitly refers to ICT risks and sets out rules for risk management, incident reporting, operational resilience testing and third-party monitoring of ICT risks. DORA requires financial institutions and their management bodies to comply with these rules.

 

Contact us

What's new?

As part of the Digital Operational Resilience Act, companies are now more responsible for ensuring effective ICT risk management. The responsibility for complying with regulatory-compliant ICT risk management now also lies personally with the management bodies.This includes the establishment and ongoing maintenance of robust ICT systems that remain functional even under stressful conditions. The establishment of processes for recognising, handling, monitoring and logging ICT-related incidents is also essential.

The use of standardised templates for reporting serious incidents is prescribed, as are intensified tests to check operational stability. In addition, continuous monitoring of the risk posed by third parties is necessary throughout the entire outsourcing life cycle. The monitoring of critical third-party ICT service providers will be harmonised through new powers of the European supervisory authorities.

Contact us

What do financial service providers need to do now?

Creating a resilient digital infrastructure requires a clearly defined strategy for digital operational resilience and the implementation of a business continuity policy for information and communication technology (ICT). Systematic measures for recognising ICT incidents and a process for constantly updating and adapting early warning indicators are also necessary.

The establishment of an ICT incident management process and the definition of assessment criteria for ICT incidents are further critical fields of action. A comprehensive test programme for ICT tools ensures that weaknesses are identified at an early stage. In addition, the strategy and documentation for IT outsourcing needs to be adapted in order to strengthen the management of third-party risks. Furthermore, annual penetration tests for ICT systems must be successfully completed, potentially even with the support of specialized service providers, through a program for "Advanced Threat Led Penetration Tests (TLPT)."

 

Contact us

" At 4C, we understand the requirements that DORA places on financial services institutions and support companies in overcoming associated challenges. "

Daniel Lovric | Patner CCO Advisory 4C GROUP

Your Benefits

  • The use of the 4C maturity model enables the determination of the maturity level according to the DORA requirements. 
  • Mapping all DORA requirements and comparing them with additional specifications. 
  • Our dynamic teams stand out for their ability to provide independent and objective consultation on an equal footing. 
  • The ideal combination of industry expertise, regulatory knowledge, and IT management allows us to offer tailored solutions that meet the specific needs of our clients.

 

Contact us

Our Scope of Service

Digital Operational Resilience Act der EU

 

"The Banking industry is already following strong compliance and regulatory standards, however compliance management systems are yet not so established in other industry sectors. Dr. Heiko Mauterer and Daniel Lovric from 4C GROUP joined my team to give us a presentation on the recent market developments and [..] offering the opportunity to make professional Compliance Management a real asset."

Anna Issel Head Anti-Financial Crime International Private Bank | Deutsche Bank

Our Approach

1. Review

  • Relevant current/planned governance structures & processes
  • Consideration of target structures (regulatory) implementation project
  • Prioritisation of DORA focal points according to business model

2. GAP-Analysis

  • Individualisation 4C maturity model
  • Selection of additional relevant regulatory requirements
  • Documentation of the perceived actual state
  • Assessment of the maturity level as the distance to the target status ("new requirement" to already "fulfilled")

3. Definition of measures

  • Joint, risk-oriented prioritisation of adaptation needs
  • Derivation of measures from maturity level per identified GAP
  • Content-related target definition together with the implementing department incl. indicative cost estimate
  • Development of decision templates for committees

4. Operationalisation

  • Comparison with actual project portfolio and prioritisation
  • Integration into existing projects/ setting up implementation initiatives
  • Progress and success monitoring (via trend in the maturity model) and visualisation in the 4C dashboard
  • Support with change management incl. communication

More Topics

Fighting fraud and corruption

Prevention in the fight against fraud and corruption

More
Compliance Strategy

Compliance with Foresight: Secure Your Business, Shape the Future

More
Portfolio Emission: PCAF

Let's drive your sustainable transformation and make your company a pioneer in ESG compliance.

More

Your Experts

Daniel Lovric

Partner

To profile
Lucas Bueckemeyer

Manager Banking & Compliance

To profile
Dr. Heiko Mauterer

Senior Partner

To profile
Michael Schmitt

Manager Banking & Compliance

To profile

Jobs

Feel free to reach out to us.

We would like to point out that this website only provides a limited insight into our services. Our expertise and range of services cannot be fully represented on this platform. For personalized advice and to address your specific concerns as effectively as possible, we invite you to contact us directly to offer you a tailored solution.

Thank you for your trust. We look forward to hearing from you.

Claudia Bauer

Head of Marketing & Business Development

+49 89 599 882 0

Follow us:
To profile
Maike Ring

Expert Marketing & Business Development

+49 89 599 882 0

Follow us:
To profile

Your non-binding enquiry

We appreciate your message and will get back to you promptly. You can find information about data processing in our data protection notice.
Submit a non-binding inquiry
Contact us for a non-binding discussion and tell us about your concerns.