DORA: Enhanced responsibility of senior management of financial institutions

Co je nařízení DORA?
With the Digital Operational Resilience Act (DORA) comes new rules for financial institutions, but with them comes increased accountability for the senior management of these entities. The management will have a key and active role in managing information and communication technology (ICT) risk and the overall digital operational resilience strategy. What exactly does the new responsibility for senior management of financial institutions mean?
Which financial institutions will be affected by DORA?

Starting in January 2025 , the Regulation will bring new obligations for a wide range of financial institutions. For example, banks, cryptoasset service providers (which will be regulated by the Cryptoasset Markets Regulation), insurance companies, insurance intermediaries and central securities depositories will have to comply with the obligations. However, this is only a basic list of the more than 20 different types of financial entitiesthat will be subject to the obligations under DORA.

The Regulation also lists several exemptions. These include, for example, insurance intermediaries, reinsurance intermediaries or supplementary insurance intermediaries that are micro, small or medium-sized enterprises. The Regulation will also not apply to occupational pension institutions that operate pension plans with no more than 15 participants in total.

Senior management responsibilities

The DORA regulation emphasises that senior management is responsible for setting and approving all measures related to the ICT risk management framework. The senior body must also be continuously involved in monitoring the monitoring of ICT risk management and has a duty to actively contribute to the overall digital operational resilience strategy.

The approach of senior management should go beyond simply ensuring the resilience of ICT systems. It should then also focus on the company's employees and processes through internal policies. Indeed, the aim is also to ensure strong cyber risk awareness for all employees of the financial entity.

Senior management has the responsibility for approval/acceptance:
Other responsibilities for senior management:
Training of senior management in cyber security

The DORA regulation does not forget about the education of senior management itself. Indeed, it provides for an active effort by members of the management body to acquire sufficient and up-to-date knowledge necessary to make informed assessments of ICT risks and their impact on the company's operations.

This training is not intended to be a formal matter but requires regular specific training that is relevant to the specific ICT risks in the company. In this way, DORA seeks to ensure that the governing body is always able to respond effectively to new cybersecurity challenges and threats.

Get ready

We can help you to prepare your company for the new DORA regulation

More articles

Even when working from home, you're not out of reach of cyber threats. How to protect yourself in the home office? Here are tips to help keep your company data safe.
Certification can also help companies strengthen their security. How can certification according to the EU Cybersecurity Act contribute to compliance?
The holiday season brings great discounts but also an increased risk of scams. How can you protect yourself? Here are 8 tips for safe online shopping.

Newsletter

Do you want to be sure that your company is protected from cyber threats and at the same time comply with the applicable legislation? Sign up for the newsletter and get practical advice from our legal consultants.

By clicking submit, you consent to the processing of your personal data for marketing purposes.