With DORA firm IT obligations for the financial sector

DORA applies to the financial sector

DORA stands for Digital Operational Resilience Act and has been in force since January 2023. The new legislation applies exclusively to financial organizations such as banks, insurers, pension funds, accounting firms, payment service providers, fintech companies and securities dealers. There is a transition period until January 2025 to comply with the new legislation.

The new legislation involves a lot of extra work 

On an organizational and technical level, the sector faces many additional obligations. Processes must be in order, as must the allocation of responsibilities. Risks must be better mapped out and better managed, also in collaboration with chain partners. Stricter requirements also apply to incident management, covering the recording of incidents, the process of handling them and reporting them to the supervisor. In addition, it is necessary to periodically test digital security and regularly review risk management. How far the measures should go depends on the size, importance and risk profile of the financial organization.

High fines lurk

The Financial Services and Markets Authority (FSMA) will monitor compliance with DORA. Failure to comply with the new legislation could leave organizations facing large fines. These can amount to as much as 1 or 2% of global turnover. The regulator may even revoke the license if organizations default.

How does DORA relate to NIS2?

Like other vital and important organizations in Belgium, the financial sector is also affected by NIS2. This European Network and Information Security Directive was also adopted in January 2023 to increase resilience to cyber threats. NIS2 will be translated in Belgium into the new NIS2 law, which is expected to take effect in October 2024. So financial organizations have to deal with two new laws, although DORA is leading. One difference with NIS2 is that DORA is the same in every European country. This is a big advantage for European cooperation in the financial sector.

Read our article for more information about NIS2. 

Managing risks together with the chain partner

So financial organizations have to deal with DORA and NIS2. It requires a lot of knowledge to keep information and network systems cyber-secure and meet legal obligations. That knowledge is not always available, especially given the tight labor market. As a provider of digital infrastructure for critical sectors, we have a great deal of knowledge about safe and reliable data traffic. This allows us to advise our clients on the measures needed to control risks. We follow developments closely and continuously guarantee the stability and reliability of our network. 

We have our processes firmly in place. This starts with the construction and maintenance of our fiber optic connections, where we work exclusively with permanent certified contractors. Our Network Monitor Center (NMC), with its own in-house specialists, monitors the entire network 24/7, 365 days a year, to prevent or quickly resolve any disruptions. We deliver your own, redundantly laid fiber-optic connection with a minimum uptime guarantee of 99.9%. 

Eurofiber is proven to be well in control:

- ISO 9001 certification for quality

- ISO 27001 certification for information security

- ISO 14001 certification for environmental management

- ISAE 3402 type II audit opinion.