What is DORA?

Digital Operational Resilience Act (DORA) The Digital Operational Resilience Act (DORA) is a regulation introduced by the European Union aimed at increasing the resilience of financial institutions to technology-related risks. DORA focuses on ensuring that the financial sector is well-prepared for various IT incidents, such as cyberattacks or system failures.

Objectives of DORA

  • Enhanced security: Strengthening the resilience of financial institutions against digital threats
  • Risk management: Introducing effective strategies for managing technology risks
  • Data protection: Ensuring better protection of customer data and continuity of service

Scope of Application

DORA applies to a wide range of financial institutions, including:

  • Banks
  • Investment firms
  • Insurance companies
  • Pension fundsOther entities regulated under EU financial legislatio

Key Regulatory Areas

  • Technology risk management: Requirement to identify, assess, and manage risks related to IT systems
  • Incident response: Obligation to have response plans in place, including incident reporting and root cause analysis
  • Resilience testing: Regular testing of IT systems to assess their ability to withstand disruptions and attacks
  • Third-party risk management: Monitoring risks associated with external service providers
  • Supervision and reporting: Requirements to report incidents to supervisory authorities

Penalties for Non-Compliance

Institutions that fail to comply with DORA may face:

  • Financial penalties
  • Operational restrictions imposed by supervisory bodies

Benefits of DORA

  • Improved security: Better protection against technological threats
  • Increased trust: Greater customer confidence in financial institutions
  • Crisis preparedness: Enhanced ability to respond to incidents, reducing the cost of tech-related crises

Implementation Requirements

Financial institutions must take specific steps to comply with DORA, including:

  • Investing in IT infrastructure
  • Training staff
  • Developing risk management policies

Supervisory Authority in Poland

In Poland, the Polish Financial Supervision Authority (KNF) will be responsible for monitoring and enforcing compliance with DORA.

 

Key Compliance Requirements

  • Develop a technology risk management strategy – identify and assess threats
  • Create incident response plans – include procedures for reporting and analysis
  • Conduct regular IT system tests – ensure resilience to various scenarios
  • Monitor third-party risks – assess risks from external services
  • Report major incidents to KNF – all significant IT incidents must be reported

Effective Date

DORA will come into force in Poland on January 17, 2025. By that date, financial institutions must implement the required procedures and systems.