Traditional IT has moved from being a supportive function, into ICT and digital solutions being the very foundation on which many businesses operate. The responsibility of managing ICT and security risks is still placed with the IT department and results in an increased pressure on CTO and CIOs. Valuable time is being lost on governance, risk management and reviews instead of discussing technical or business progress.
Increased focus on ICT governance
The upcoming challenge will be to implement and maintain the operational resilience outlined in DORA through the implementation of an integrated framework for managing ICT and security risks. In other words: organizations will need to ensure resources for ICT governance. It is tempting to put this responsibility on existing resources, whether they are CTOs or CIOs. As they are already experiencing an increased workload in today’s digital environment, organizations will need to evaluate if this is a long-term sustainable solution.
ICT risk management across the financial sector
In the last decades the use of ICT has gained a pivotal role in finance, assuming critical relevance in the operation of daily functions of all financial entities. DORA, unlike previous regulations, addresses a wide range of different financial entities in the market. For example banks, insurance companies, payment service companies have to adhere to DORA. Additionally other types of firms such as crypto service companies, central securities depositories, central counterparties, investment funds including AIF, crowdfunding, and third parties are also addressed in the regulation. This is the first time where ICT third parties must adhere to financial regulation and formal financial authority reviews.
FCG help you navigate
FCG has assisted numerous financial service entities adhering to the EBA, EIOPA ICT and security risk management regulations and prepared them for the introduction of DORA. Furthermore, we have assisted third-party providers with DORA adoptions. We believe that if the financial institutions adhere to the EBA or EIOPA regulation much of the work has already been made and only adjustments are needed. For firms that are not under the EBA or EIOPA regulation, significant adjustments will have to be made to comply with DORA.
Want to find out how FCG can help you?