Previous
Why Suade welcomes DORA for a resilient banking industry
Photo by JC Dela Cuesta / Unsplash

Why Suade welcomes DORA for a resilient banking industry

The Digital Operational Resilience Act (DORA) came into effect in the EU on 17 January 2025, introducing a regulatory framework to strengthen the digital resilience of financial institutions and their critical ICT service providers. With rising cyber threats, operational disruptions, and regulatory scrutiny, banks and financial firms must ensure their digital infrastructure remains secure and resilient. 
While DORA applies in the EU, it is also prompting banks in other jurisdictions to consider their IT outsourcing arrangements. 
 
At Suade, we view DORA as a crucial step in safeguarding the financial ecosystem and reinforcing a robust, technology-driven future for the banking industry. 

Timeline for implementing legislative acts

The three European Supervisory Authorities (the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA) and the European Securities and Markets Authority (ESMA)), are preparing a set of policy products to enable the application of DORA.

Timeline:

ESMA, Digital Operational Resilience Act (DORA), 2025


 
The importance of DORA for the banking industry 

DORA brings transformational changes that reinforce the financial industry’s ability to operate in a secure, compliant, and resilient manner. Here’s why it matters: 

  1. Greater transparency & accountability: Institutions must establish clear governance structures and ensure board-level oversight on ICT risk management. 
  2. Better incident reporting & response: Firms must detect, classify, and report major ICT-related incidents to regulators within strict timelines. 
  3. Proactive risk mitigation: Continuous stress testing, risk assessments, and recovery strategies will help firms identify weaknesses before crises occur.  
  4. Stronger supply chain oversight: Financial institutions will need to scrutinise third-party service providers to prevent potential systemic risks arising from outsourcing. 

 
What DORA means for ICT service providers 


At Suade, regulatory resilience has always been a priority. Years before DORA took effect on 17 January 2025, we had already aligned with its key requirements, reinforcing our role as a responsible and secure ICT service provider. 

For example, DORA mandates that third-party ICT suppliers undergo annual ‘threat-led penetration testing’ (a simulated attempt to break into a system, to test its resilience), which Suade had been conducting for years to ensure the highest levels of security and resilience. It also requires suppliers to have robust business continuity and disaster recovery plans, and to follow modern standards in protecting physical and digital information. 

We welcome measures that strengthen financial resilience—it's at the core of what we do. Suade was built to help financial institutions manage risk and maintain stability, and our DORA compliance is a testament to that commitment.  

Start a conversation

Subscribe to our Reg Round Up

Register your interest here

At Suade, we take your privacy and the protection of you personal data very seriously. You can read our website's Privacy Policy here to find out more about how we do this. By clicking 'I Accept' you agree to the terms of our Privacy Policy