Operational Resilience: Countdown to DORA

On October 24th, FinTech North hosted the webinar “Operational Resilience: Countdown to DORA” in partnership with us at Escode. This virtual event brought together 70 attendees from the FinTech community to address the urgent need to prepare for the Digital Operational Resilience Act (DORA) ahead of the January 17, 2025 deadline.

For those who couldn’t attend, you can watch the webinar here.

Joe Roche, General Manager at FinTech North, opened the session by discussing FinTech North's strategic goals and emphasising the importance of events like this for fostering collaboration and sharing best practices among industry leaders.

Adrian Ah-Chin-Kow, Escode’s Global Commercial Director, followed with an insightful overview of the role of software escrow in risk mitigation, setting a strong foundation for the discussion on DORA. He highlighted the urgency of regulatory compliance and how organisations can protect their operations against disruptions.

Watch the Webinar

Understanding DORA

Adrian was joined by Wayne Scott, Escode’s Regulatory Compliance Solutions Lead, to discuss DORA and its impact on operational resilience in the financial industry. In their conversation, Wayne and Adrian covered the fundamentals of the Digital Operational Resilience Act (DORA), emphasising its role in enhancing the operational resilience of financial institutions. They defined operational resilience as the capacity to prepare for and recover from disruptions while maintaining critical functions. DORA imposes stringent requirements not only on financial institutions but also on their critical third parties.

Wayne stressed the importance of being DORA-ready and advocated for proactive measures, including comprehensive assessments to identify compliance gaps. Continuous evaluation of compliance status is essential, as regular gap analyses will help identify areas needing improvement. 

Despite the looming deadline, many organisations remain unprepared for DORA. A key issue is the lack of assigned ownership for risks such as supplier failure, service deterioration, and concentration risk. Wayne explained that these risks cannot be effectively mitigated by cybersecurity measures alone; they require strategic management at the highest organisational levels.

Wayne explained how Escode can help organisations meet DORA's requirements, including the development of stressed exit plans. Through Escrow and Verification Services, institutions can simulate disruptions such as supplier failure and insolvency, ensuring they have the necessary resources to rebuild and maintain critical software.

As we move closer to the DORA deadline, it is crucial for organisations to act swiftly and strategically to strengthen their operational resilience.

Expert Panel Discussion

Led by Angela Yore, CEO of SkyParlour, industry experts explored DORA and its implications. The panel discussion and Q&A brought invaluable insights, with top voices in the industry discussing practical strategies for building operational resilience.

Panel Highlights:

• Wayne Scott: Emphasised that DORA presents an opportunity for FinTechs to differentiate themselves by demonstrating resilience and reliability, even in the face of potential operational failures. He stressed the importance of ongoing scenario testing and the need to “embrace failure – if you’re passing all of your scenario tests, you’re doing something wrong.”
• Jawad Kiani, Compliance Manager at Lenvi: Explained that while frameworks for operational resilience have existed, DORA formalises these requirements, impacting over 20,000 organisations. He emphasised that compliance is crucial for organisations of all sizes and maturity levels, particularly for FinTechs expanding into the EU.
• Richard Curtis, Technology Assurance Director at RSM: Warned against over-reliance on single service providers (concentration risk), promoting diversification as a resilience strategy. He also pointed out that “whilst the UK may not adopt DORA in its entirety, the UK will tailor existing regulatory requirements.” Richard emphasised that firms must undertake a comprehensive gap analysis to assess their current risk management processes and adjust for DORA’s requirements. 
• Jackie Kingham, Director of Business Transformation at Raisin: Provided practical steps compliance teams should take, such as conducting regular audits and testing with third-party vendors. She highlighted FinTechs' agility in making compliance a competitive advantage. “FinTechs are in a good position where they can change and adapt – a real opportunity to turn ‘burden’ into competitive advantage against larger organisations because of speed and agility.”

Angela concluded by recognising the specific challenges SMEs face with DORA but encouraged viewing resilience as an ongoing responsibility.

The panel reached a consensus that operational resilience is not just about compliance but a strategic asset for competitive advantage. They stressed the importance of continuous improvement, and scenario testing to meet the evolving standards of DORA and future global regulations. DORA marks a pivotal shift in operational resilience for the financial sector, setting a new standard for risk management and business continuity.

DORA and operational resilience are both complex and highly relevant topics in today’s fast-evolving financial landscape. These are cross-sector and cross-country issues that impact a wide array of organisations, underscoring the urgent need for all to adapt to regulatory changes and strengthen their resilience strategies.

You can watch the webinar here.

We’re excited to continue supporting businesses in navigating the regulatory environment, reinforcing our commitment to operational resilience. Thank you to everyone who attended, the speakers for sharing their expertise, and to FinTech North for partnering with us for this insightful session.