Ana Martínez-Pina analyses the DORA Regulation, a breakthrough in information and communication technology (ICT) risk management | The Legal Industry Reviews

Gómez-Acebo & Pombo’s Financial Regulatory and Insurance Director and partner, Ana Martínez-Pina, explores the impact of the DORA Regulation on the digital resilience of the financial sector.

The use of ICTs in the daily operations of entities that provide financial services (banks, insurance companies, investment services companies, asset managers, etc.) is growing exponentially. This offers undoubted advantages such as greater agility and lower costs, but it has also led to the appearance of new risks that must be managed.

In addition to ‘traditional’ risks such as market, credit, liquidity and market conduct risk, as well as the more recent sustainability risk, there is the risk associated with cyber threats and other disruptions that could affect the activity of institutions. The need to manage this and ultimately protect the customer has led to the adoption of the DORA Regulation.

Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on the digital operational resilience of the financial sector, better known as the DORA Regulation, will enter into force on 17 January 2025.

The purpose of DORA is to provide the financial sector with a high level of digital operational resilience by establishing uniform requirements for the security of the networks and information systems that underpin its business processes. The aim is to ensure that all financial institutions in the EU, which are increasingly interconnected, apply the same measures to manage ICT risk.

Download full article here

View document