How to meet the 17 January 2025 deadline to comply with Regulation (EU) 2022/2554 (Digital Operational Resilience Act)? With the help of RegTech solutions created for compliance
From Cyber Security to Risk Management: what will be the impact of DORA on financial institutions?
The so-called “DORA” regulation is the Digital Operational Resilience Act, which entered into force within the European Union on 17 January 2023 and relates to digital operational resilience for the financial sector. This is the Regulation (EU) 2022/2554 of 14 December 2022, to which financial operators will have time until 17 January 2025 to comply. And there are indeed many financial operators affected: credit and payment institutions to electronic money institutions, investment firms, cryptocurrency service providers, central securities depositories, alternative investment fund managers, and management companies. But the DORA regulation has impacts also on insurance and reinsurance companies, insurance, reinsurance and ancillary insurance intermediaries, information and communication technology (ICT) service providers, and many others in the industry. In short, the entire EU financial ecosystem will have to come to terms with the DORA, burdening organizations’ compliance departments with a lot of work and responsibilities.
The main changes introduced by DORA: highlights of the EU regulations on Digital Operational Resilience
Before finding out how Aptus.AI’s RegTech platform can speed up and make compliance with the DORA more effective, it is useful to know the main obligations that this document will introduce within the EU, distinguished by regulatory area.
- Governance and internal organization
Set up internal policies that ensure effective and prudent control of ICT risks related to Cyber Security and guarantee business continuity; implement systems and recovery plans; provide in-house professionals and appropriate tools to detect vulnerabilities, threats, incidents and cyber attacks; develop specific communication plans to customers. - Cyber Security & Risk Management
Adopt an appropriate Cyber Risk management framework, through ICT tools and systems such that the impact of related risks is minimized, with an end-to-end view of business processes; anticipate and quickly identify sources of risk; adopt mechanisms to detect abnormal activities and implement appropriate protection and prevention modes; classify cyber threats and incidents related to ICT vendors; create a cyber incident reporting system and provide information sharing protocols on cyber threats; conduct digital operational resilience testing; and adopt a system to manage cyber risks arising from third parties.
A very dense, but still not exhaustive, list of activities to be completed by financial operators within the next six months. Without forgetting that the DORA has various interconnections with other regulations in the field of Cyber Security, both at the European level (NIS 1 Directive, NIS 2 Directive, TIBER EU Framework, EBA Guidelines, MiFID II, GDPR, EIOPA Guidelines) and at the Italian level (National Cyber Security Perimeter – PSNC -, Bank of Italy Circular 285, IVASS Regulation). It seems clear, therefore, that the most complex challenge for financial operators is to identify the regulatory delta between the obligations introduced by the DORA and the obligations already carried out under previously issued regulations, so as to assess the real impact that the introduction of the DORA has on their organization.
Calculating the impact of DORA regulations is easy… with Aptus.AI’s platform
In order to manage the transposition of the DORA accurately and as quickly as possible, compliance teams need technologies that are adequate for this task, even considering the complexity of the regulation. And that’s where Aptus.AI’s RegTech solution comes in, since, thanks to a proprietary machine-readable format of financial regulations, it can automatically extract DORA requirements and regulatory obligations, while also taking into account internal processes and policies. This automated analysis using Artificial Intelligence – also integrated with Generative AI tools – provides fast and accurate first-impact analyses on every regulatory perimeter, including Cyber Security, in which DORA regulation falls. In a multi-regulatory and cross-country context such as the EU one, Aptus.AI’s platform enables organizations not only to reduce the time and cost of transposing regulatory updates, but to speed up the analysis and identification of their impacts, thus optimizing compliance processes.
How to make DORA transposition fast and efficient? With Aptus.AI’s RegTech solution!
Now that we know more about the content of the DORA and the complexity to which this regulation exposes compliance teams, it is time to understand how Aptus.AI’s solution can optimize financial institutions’ compliance processes in this context.
First of all, Aptus.Outlook allows for the analysis of regulatory documents before they are officially published, thus preparing in advance for future DORA updates and new documents that the EU will issue in the area of Cyber Security, so that compliance activities needed to adapt to the European regulatory framework in this area can be planned.
In addition, thanks to the Aptus.Discovery feature, it is possible to perform an advanced internal search within the regulatory text of the DORA to immediately identify the obligations introduced, possible sanctions, and all useful information for the transposition of the standard.
Finally, to make the navigation of the DORA even more intuitive, fast and effective, there is the Aptus.Chat, a Generative AI conversational interface that allows users to query the regulations in natural language, obtaining summaries of the legal text (useful for quickly identifying the content of the document and the new features introduced) and support in identifying the parts of the document relevant to your search, from the chat responses.
Request a demo to learn how these features optimize compliance and to bring your organization into the AI era.