A look at DORA deadlines from Conga;
The European Union’s (EU’s) Digital Operational Resilience Act (DORA) entered into force on 16th January 2023, with an application date set for this Friday, 17th January 2025. The legislation, which mandates that financial institutions strengthen their IT security and operational resilience, has forced businesses to adopt stringent new protocols or face serious penalties. As the transition period draws to a close, organisations need to remain vigilant and ensure that they and their partners are fully compliant.
Jason Smith, Senior Principal, Strategy & Transformation, Conga offers the following statement warning organisations to remain vigilant:
“DORA was designed to reduce the likelihood of operational disruption. Initially, leaders expressed concerns over the scope of the fines and complexity of aligning with DORA’s mandates. The penalties for noncompliance are severe, especially for those businesses that are considered critical third parties (CTPs). For organisations, fines include two percent of a firm’s total annual worldwide turnover; for individuals fines can reach €1,000,000. Whereas for third-party providers, penalties can be as much as €5,000,000. Naturally, fines vary depending on the severity of the violation and the entity’s cooperation with authorities.
“Ahead of the deadline, organisations have scrambled to ensure that their systems, governance structures and reporting processes meet the new standards. Financial institutions have accelerated investments in cybersecurity infrastructure, conducted rigorous testing of their IT frameworks, and enhanced third-party risk management practices. The more effective firms would have implemented a centralised contract lifecycle management (CLM) system to automate vendor risk assessments and ensure contractual agreements meet the new standards. Firms without the technologic infrastructure may still have gaps in their third-party risk oversight.
“Now, as the transition period draws to a close, organisations must remain vigilant. Whilst the main concern is whether financial institutions and their partners are fully compliant, DORA is not a one-time effort; firms must continuously refine their resilience strategies and stay prepared for potential regulatory updates. Organisations should remain proactive, ensuring they meet the current requirements but are also in the best position to adapt to future legislation. The post-DORA landscape highlights a clear lesson: operational resilience is now a strategic imperative.”
Conga recently launched a technical whitepaper advising customers on how to master DORA compliance: https://conga.com/resources/mastering-dora-compliance
Be the first to comment