The Digital Operational Resilience Act (DORA) legislation came into force in the European Union (EU) on 16 January this year and that seeks to enhance the operational resilience of the financial sector. The proposed regulation aims to ensure that banks, financial market infrastructures, and other financial institutions are capable of withstanding major disruptive events, such as cyber-attacks, IT failures, and natural disasters. Regulated firms have until the end of 2024 to be fully compliant but all organisations across the financial sector should start preparing now.
The impact of DORA on fintechs will be significant, as these companies are increasingly becoming an integral part of the financial ecosystem. It doesn’t matter if the business is based in the EU or not, if the fintech trades within the EU financial services industry, you must abide by DORA.
The main objective of DORA is to establish a harmonized framework for digital operational resilience across the EU. The proposed regulation will apply to a broad range of financial entities, including banks, payment institutions, electronic money institutions, and trading venues. Fintechs, including neobanks, digital payment providers, and cryptocurrency exchanges, will also be subject to the new regulation.
One of the key implications of DORA for fintechs is that they will have to comply with the same set of operational resilience requirements as traditional financial institutions. This means that fintechs will have to ensure that their IT systems and processes are robust and resilient to withstand operational disruptions. For instance, fintechs will need to establish effective cybersecurity measures to prevent cyber-attacks and data breaches, and they will need to have contingency plans in place to deal with IT failures and other disruptive events.
Another significant impact of DORA on fintechs is that they will have to report any major incidents that affect their operations to the relevant regulatory authorities. Fintechs will have to provide timely and accurate information about the incident, including its causes, impact, and measures taken to mitigate it. This reporting requirement will increase transparency and accountability in the fintech sector, and help regulators to better understand the operational risks faced by fintechs.
The proposed regulation will also introduce new requirements for third-party service providers, which are increasingly used by fintechs to outsource their IT operations. Under DORA, fintechs will have to ensure that their third-party providers are also compliant with the new operational resilience standards. Fintechs will have to assess the risks posed by their third-party providers, and take appropriate measures to manage these risks.
The Digital Operational Resilience Act will have a significant impact on fintechs operating in the EU. Fintechs will have to comply with the same operational resilience requirements as traditional financial institutions, and report major incidents to regulators. Fintechs will also have to ensure that their third-party service providers are compliant with the new regulation. While these new requirements may increase compliance costs for fintechs, they will ultimately enhance the resilience of the financial sector and protect consumers from the risks of operational disruptions.