Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Is DORA the dawn of a new era for cybersecurity compliance in the EU's financial sector?
Journal of Financial Compliance,
8
(1),
32-42
(2024)
Abstract
This paper aims to set out the application of Regulation (EU) 2022/2254, the Digital Operational Resilience Act (DORA), to analyse its main obligations, its impacts on the current financial ecosystem and on the future culture around cybersecurity in the financial sector. The paper focuses on the main pillars around which the regulation has been built, and its aim is to assist compliance officers and non-technical personnel to assess the impact of DORA within their organisation. The authors offer an overview of DORA because the first step to address the implementation of a new regulation is having a clear view on all areas involved and the intensity of the changes. DORA will require a deep review of current documentation and processes: legal departments will have to ensure the agreements in place with IT providers comply with the new requirements, which entails new processes and the ability to follow the new contractual obligations; risk officers will need to work closely with the IT department, middle-back office and the compliance department to ensure they are all proactively involved in the implementation and monitoring of the new processes and that such procedures and the IT tools integrated are constantly suitable to serve the organisation's need. Furthermore, management will be involved in DORA implementation and will bear responsibility for information and communication technology topics and, consequently, it will be incentivised to pay attention to and invest in information security. Meanwhile, carrying out a pre-assessment at organisational level to understand business impacts and drafting an implementation plan so as to be ready for January 2025, when DORA comes into effect is highly recommended.
Keywords: cybersecurity; compliance; European digital finance package; financial industry
The full article is available to subscribers to the journal.
Author's Biography
Antonio Giannino is the managing partner for AmagisTech, a subsidiary of Amagis specialising in cybersecurity, and co-founded Amagis Consulting Ltd, a subsidiary of Amagis that specialises in risk, compliance and financial structuring. In particular, Amagis Consulting co-developed Mitigate, a compliance software to meet anti-money laundering/combatting the financing of terrorism requirements that are now integrating a standard rule-based approach with artificial intelligence, while AmagisTech is a Google Cloud Partner focused on integrating, managing and advising on cloud and cyber products and solutions. Antonio has been appointed to the Digital Committee of the Federation of European Risk Management Associations and read for an MSc Magna Cum Laude in economics and social sciences.
Francesca Valenti is the Legal Counsel of AmagisTech and the Money Laundering Reporting Officer of White Exchange Group. Francesca graduated in law from the Catholic University of the Sacred Heart in Milan (First Class) with a dissertation in criminal procedural law focused on corporate governance and compliance. She has published papers on compliance and regulatory matters in several journals, such as Rivista di Corporate Finance (Giappichelli Editore), Giurisprudenza Penale and the Journal of Securities Operations & Custody.
Federico Sertori currently serves as Legal & Compliance Officer at Cargolux Italia S.p.A. and previously served as Legal Adviser in AmagisTech Ltd and in the White Exchange Group. Having graduated in law from the University of Bergamo, he pursued a postgraduate master (master di secondo livello) in intelligence and information and communication technology from the University of Udine. Federico has experience in supporting companies with operations concerning corporate law, commercial law and activities related to the intersection between data governance, emerging technologies and the law.
