How financial institutions can deliver value from investments in digital operational resilience
The Digital Operational Resilience Act (DORA) is landmark legislation in the European Union (EU) designed to strengthen the operational resilience of the financial sector, making it fit for purpose in the digital age.
DORA has several objectives, including comprehensively addressing information and communications technology (ICT) risk management in the financial services sector and harmonizing ICT risk management regulations already existing in individual EU Member States.
Building the required level of digital operational resilience under DORA is essential for all financial institutions within the scope of the regulation. In other words, there is no one-size-fits-all path to solving the DORA problem.
On the surface, this may seem to complicate matters. However, the flip side is that each organization has the option to plan its specific DORA journey, prioritizing based on business and risk information, recognizing the starting point on the path to deriving maximum value from its investments.
Building on what we know about digital investments that deliver transformational value, we suggest that companies focus on increasing digital operational resilience by emphasizing mastery of foundational capabilities in four key areas:
- dAtta
- owork
- RISK Management
- allAutomation and AI
By reimagining how a smart combination of technologies can improve the alignment of data, operations, risk and automation capabilities, and by enabling the right talent and processes to apply digital will and digital skills to implementation, financial institutions can tackle the DORA challenge. It can be solved. Be sustainable and realize your business ambitions. We recommend that financial services organizations focus on:
- Built-in security and reliability across ICT assets
- Drive proactive, high-priority risk mitigation
- Continuous monitoring and rapid response to threats
- Adaptive business continuity and data recovery support
- Promotes interoperability and technology selectivity
- Build enhanced and streamlined governance
- Improved operational and strategic decision making
- Prioritize resource allocation based on business service importance
To achieve the above goals, organizations must focus on their ability to adapt and recover from shocks and disruptions. These disruption scenarios may include man-made threats (e.g. physical attacks, cyber-attacks, IT system outages, third and fourth party risks) and natural disasters (e.g. fires, floods, severe weather and pandemics).
We believe that building digital operational resilience to meet DORA’s requirements and goals is far from a “one-time” compliance task. The journey to strategically build digital operational resilience should begin with prioritizing critical capabilities. Organizations must then look deeper into the processes, technology interconnections, and interdependencies across the enterprise.
We understand that macroeconomic conditions can be challenging. With competition fierce and margins tight for financial institutions, it can be easy to write off DORA as yet another costly compliance obligation in an already struggling range of businesses.
However, we believe that DORA is an opportunity to transform compliance costs into a series of strategic investments aimed at achieving higher business outcomes. By embracing this mindset, financial institutions can drive both regulatory compliance and long-term digital business value through investments in digital operational resilience. IBM® has the skills and technology to help you on your DORA journey and realize the strategic benefits of your investment.
Let’s create something that changes everything.
Learn how IBM can help you navigate your DORA journey.