What Does DORA Mean for the EU Fintech Landscape?
Finance is more digital than ever, but these technological advancements also bring risks and a new age of cyber threats. In response, the E.U. launched the Digital Operational Resilience Act (DORA). Doctor of Science and Blackcatcard CTO Olegs Cernisevs suggests how this will impact the fintech landscape.
Cyberattacks on EU financial infrastructure more than doubled in 2023, and with the growth of AI, predictions point to a steady increase in cyberattacks in 2024. The thought of AI-powered cyberattacks is scary, and rightfully so. Cybersecurity is more important than ever, and digital resilience must be a top priority for European financial institutions.
The Digital Operational Resilience Act (DORA) entered into force on 16 January 2023 and will apply on 17 January 2025. DORA aims to ensure financial institutions such as banks, investment firms, trading platforms, among others, have a much more resilient and secure ICT infrastructure against potential cyber threats. DORA is aimed to prevent cases like the recent global IT outage.
What does DORA cover and how must financial institutions act to safeguard their digital operations?
First and foremost, the priority of the Digital Resilience Act is ensuring financial institutions’ ICT departments are resilient to these threats by focusing on several crucial areas such as:
. ICT risk management: Institutions must account for their ICT department organisation, risk-management framework, protocols, and applications, among others.
. IT third-party risk management: Financial institutions must monitor third-party risk and conduct analysis throughout the contract duration.
. IT incident reporting: If an incident occurs, institutions must monitor, log, classify, and report the incident to the designated party.
. Testing operational resiliency: Institutions must create testing programmes and constantly monitor their IT security resilience to establish a risk base.
. Information exchanges: The DORA Act encourages financial institutions to share information and intelligence on cyber threats by notifying the authorities.
How will DORA impact the EU fintech landscape?
There's no doubt the European fintech landscape will change, as Blackcatcard’s CTO Olegs Cernisevs put it perfectly in his interview at Money 20/20. Financial organisations must constantly evaluate, manage, and hedge their risk tolerance. This means everything will be much more plan-oriented than action-oriented.
There are events most organisations don't plan for — from internet or electricity shortages to even cyberattacks as DORA wants to prevent. Creating a sturdy ICT security practice takes time and effort, but it also creates business resiliency and stability, which are very important but sometimes easily dismissed.
New regulations always lead to challenges, like the MiCA Act, for example, which made crypto platforms just as compliant as any other financial platform. DORA will force management to take a much more proactive stance and constantly stress-test their IT operational resiliency. Conversely, fintech managers must ensure suppliers and business partners take their IT security seriously with their third-party risk management.
At Blackcatcard, as Olegs discussed, we view regulations as challenges to improve our offerings, and we want to create a robust product our end users will love. We offer a seamless crypto integration into traditional online banking, and for that to happen, we must be ahead of the curve when it comes to regulations and eventually use that fact to stand out.
What challenges does DORA present for the fintech B2B space?
Fintech business-to-business (B2B) is also up for a lot of scrutiny regulation-wise. Companies must work even closer with the businesses they collaborate with. CFOs and CROs have to take a more active stance due to the obligatory third-party risk evaluations and information exchange.
To put it simply, all parties must ensure that everyone is responsible. As Olegs mentioned correctly, synergy is crucial, and we do play a role in ensuring our partners’ IT security is up to standards. Constant communication and collaboration is the only way all parties benefit.
At Blackcatcard we know this, and for our B2B clients, we offer unique features and solutions for businesses seeking to open up a digital corporate account. We create embedded fintech solutions tailored to their specific industry requirements — and foster synergy too: offering our clients unique, catered solutions for their own client needs.
How is Blackcatcard preparing for the DORA Act and what can fintech businesses take from it?
Blackcatcard is powered by Papaya Ltd., which as a fintech institution registered and headquartered in Malta, cooperates closely with European regulators to ensure full alignment with DORA and all other regulations. We’re also working closely with our third-party providers and ensuring we’re all on the same page for this act.
Regulations can look scary and challenging, but we perceive them as an opportunity to improve the safety and resilience of our products for the end user.
**************
Make sure you check out the latest edition of FinTech Magazine and also sign up to our global conference series – FinTech LIVE 2024.
**************
FinTech Magazine is a BizClik brand.