Opening pan-DORA’s box: Navigating the practical challenges of the EU’s Digital Operational Resilience Act
Abstract
The Digital Operational Resilience Act (DORA) establishes comprehensive information and communication technology (ICT) risk management requirements for EU financial entities, applying from 17th January, 2025. It mandates new frameworks for operational resilience testing, third party risk management and incident reporting, while requiring extensive provisions to be embedded in contractual arrangements with ICT third party service providers. Implementation challenges include regulatory delays, complex register of information requirements and difficult contract negotiations. To navigate DORA’s complexities, financial entities should establish cross-functional governance, prioritise contract remediation by criticality and implement proportionate compliance approaches tailored to their specific risk profiles and operational circumstances. This article is also included in The Business & Management Collection which can be accessed at https://hstalks.com/business/.
The full article is available to subscribers to the journal.
Author's Biography
Nathaniel Lalone is a dual-qualified lawyer (England, New York) and a leader in the field of providing cross-border regulatory and compliance advice to market infrastructures as well as sell-side and buy-side firms active in the over-the-counter derivatives, futures and securities markets. Nate is sought out by clients for his ability to manage their legal and regulatory risks while helping them achieve their commercial goals. Since the financial crisis, regulation of financial markets and products has increased considerably, which has challenged existing market structures while prompting a wave of innovations and new ways of thinking. Incumbents and disruptors both compete to bring groundbreaking solutions to market while contending with overlapping, and sometimes contradictory, legal and compliance obligations. Drawing on his vast cross-border experience and deep understanding of both US and UK/EU law and regulation, Nate is able to distil complexity into clear, commercially sensible solutions to cutting-edge and often first-of-their-kind questions.
Ciara Watson focuses her practice on financial markets and funds. She has previous experience working in large financial institutions and uses the knowledge and expertise gained to deliver commercially focused advice to clients. Ciara works with a range of market participants who grapple with regulatory and compliance matters across the financial services sector. She advises clients on a broad spectrum of matters from reviewing and negotiating trading documentation to updating policies and procedures and providing regulatory insights and recommendations. Prior to joining Katten Muchin Rosenman UK LLP, Ciara worked in New York in the Markets Legal Department of a swap dealer. She also worked in the Regulatory Transformation team of a global investment institution. As a result, she understands and appreciates the complex regulatory issues that firms face in the financial services sector.
