What to Expect From the EU’s Digital Operational Resilience Act (DORA)

      Dublin / New York, June 20, 2023 – In force since January 2023, the EU's Digital Operational Resilience Act (DORA) aims to ensure that all participants in the financial system have the necessary safeguards in place to mitigate cyber-attacks and other digital risks.

      The DORA rules will become fully applicable on 17 January 2025.

      The 5 Pillars of the Digital Operational Resilience Act

      DORA is already having a significant impact on fund managers across the EU region. It sets out measures that are divided into 5 pillars:

      1. ICT Risk Management

      The DORA ICT risk management framework put the onus with the management body of the firm for identifying and managing relevant risks. ICT (Information and communication technology) risk management focuses on protecting the confidentiality, integrity, and availability of an organization’s digital assets, including data, applications, networks, and hardware. It aims to minimize the potential negative impact of ICT-related risks on business operations, reputation, and overall security.

      The DORA is an ongoing process that requires continuous monitoring, evaluation, and adaptation to evolving risks and technologies. To comply with this requirement, fund managers must develop comprehensive frameworks for risk identification, assessment, and mitigation.

      2. ICT-related Incident Management, Classification and Reporting

      The DORA aims to enhance regulatory reporting and transparency across financial entities, so fund managers should prepare for more comprehensive reporting requirements relating to operational resilience along with increased regulatory oversight and scrutiny.

      DORA will introduce standardized incident reporting and communication protocols within the industry to ensure greater transparency and accountability within the industry. These requirements will be challenging for many asset management firms who will need to improve their process of collecting, analyzing and disseminating information about ICT threats and cyber-attacks.

      3. Digital Operational Resilience Testing

      The DORA sets out comprehensive guidelines and requirements for fund managers to ensure their digital infrastructures can withstand disruptions and effectively recover in the event of an incident. The onus has been placed on the management body of the firm to perform and address assessments on a regular basis, such as vulnerability assessments and network security assessment.

      4. Information Sharing Arrangements

      Financial entities may exchange cyber threat information and intelligence. Information sharing is a crucial aspect of cybersecurity as it enables the timely exchange of relevant threat intelligence, vulnerabilities, and best practices among different stakeholders. This sharing of information helps to improve situational awareness, enhance the ability to detect and respond to cyber threats, and ultimately strengthen the overall security posture of organizations and networks.

      Fund managers will likely face stricter requirements for data quality, integrity, and accessibility. They can also expect increased scrutiny on data privacy and protection, including compliance with the EU General Data Protection Regulation (GDPR).

      5. Managing of ICT Third-Party Risk

      DORA places significant emphasis on the management of risks arising from third-party service providers. In today’s interconnected business environment, organizations often rely on third-party vendors for various ICT services such as cloud hosting, software development, infrastructure management, and data processing.

      DORA imposes stricter regulations on outsourcing activities and third-party risk management. As a result, financial entities need to conduct thorough due diligence when engaging third-party service providers, ensuring they meet the required standards of operational resilience and cybersecurity. We are seeing more robust contractual arrangements, including clear provisions for monitoring and managing third-party risks.

      How Waystone can help

      Des Johnson, Global Chief Revenue Officer at Waystone, says “DORA is a transformative regulatory initiative designed to enhance operational resilience within the financial services industry. With our deep understanding of the fund management industry and commitment to regulatory compliance, Waystone is well-positioned to assist fund managers in navigating the complexities of DORA implementation. We recognize the significance of DORA and are committed to helping fund managers navigate the complexities of DORA and ensure compliance with the forthcoming regulations”.

      About Centaur Fund Services

      Centaur Fund Services, a Waystone Group company, is a leading fund administrator with offices in the United States, Bermuda, Canada, Cayman, Ireland, London, Luxembourg and the Philippines. Centaur delivers independent fund administration, fiduciary and regulatory services globally to the alternative investment fund industry, focusing on hedge funds, private equity, credit and real estate funds, family offices and ILS funds.


      About Waystone

      Waystone is the leading provider of institutional governance, risk and compliance services to the asset management industry.

      Partnering with institutional investors, investment funds and asset managers Waystone builds, supports and protects investment structures and strategies worldwide. With over 20 years’ experience and a comprehensive range of specialist services to its name, Waystone is now supporting asset managers with more than US$2Tn in AUM.

      Previous post Next post

      More like this

      Vanora Madigan – Irish Fund Council Elections

      Vanora Madigan, Global Head of Public Affairs, Waystone is running for Council member with Irish Funds.
      Read more

      Fund Administrators: A Rising Force in the World of Private Capital

      Dublin / New York, June 27, 2023 – In recent years, Private Equity (PE) Managers have driven a remarkable surge…
      Read more

      Cayman Islands Satisfies All FATF Recommendations

      Dublin / New York, June 28, 2023 – The Financial Action Task Force (FATF) recently confirmed that the Cayman Islands…
      Read more

      US Partnership Representative Services for Singapore Variable Capital Companies (VCCs)

      While VCCs are generally exempt from US taxation however below are some of the examples that may require a IRS…
      Read more

      New CIMA Rule on Corporate Governance for Regulated Entities – what you need to know

      Further to our recent alert issued on 15 May 2023, the Cayman Islands Monetary Authority (“CIMA”) has published a new…
      Read more

      Waystone spotlight: fund administration services

      As investor demands rise, client service becomes the most important differentiator for fund administrators
      Read more