How DORA will impact incident management at financial entities

The Digital Finance Strategy aims to support digital finance in Europe while maintaining financial stability and consumer protection. Its three main components include the Digital Operational Resilience Act (DORA), Markets in Crypto-assets (MiCA) Regulation, and a proposal on Distributed Ledger Technology (DLT). The proposed DORA is designed to address increasing information and communications technology (ICT) risks in the financial services sector. It will apply to various financial entities such as credit institutions, electronic money institutions, investment firms, insurance undertakings, reinsurance undertakings, and critical ICT third-party service providers. The proposal focuses on improving incident management at financial entities by introducing better ICT risk management and governance, enhancing incident reporting, ensuring strategies for managing ICT third-party risks, and implementing resilience assessments. Financial institutions will be required to establish and apply incident management processes, classify incidents according to shared criteria, report major ICT-related incidents to the competent authority using a harmonized report framework, and involve senior management in incident management. Non-compliance with DORA could result in significant repercussions, including temporary or permanent cessation of practices or conduct deemed necessary by authorities.