DORA
Legal and business support in implementing DORA in your financial institution
marki fintech, z którymi pracowaliśmy
what is DORA?
Comprehensive protection of the financial sector
DORA (Digital Operational Resilience Act) is a key European Union regulation aimed at strengthening the digital operational resilience of the financial sector. It introduces a comprehensive regulatory framework to ensure that financial institutions can survive, adapt and thrive in the face of cyberattacks and other technological disruptions.
Response to growing threats
The DORA regulation is a response to growing cyber threats and the increasing digitization of financial services. The regulation introduces uniform requirements regarding the security of networks and IT systems, IT risk management, incident reporting and digital immunity testing.
What does this mean for your institution?
As a financial institution, implementing DORA means that you must review and adapt processes related to cybersecurity, business continuity and IT risk management. Our experience in the area of compliance and regulation of the financial sector allows us to effectively support you in this process.
Who DORA applies to
The DORA regulation has a broad scope and covers virtually all financial sector entities in the European Union, including:
Payment institutions
both MIP and KIP
payment-institutions/
banks
Investment companies
Crypto asset service providers
Payment institutions
Insurance and reinsurance companies
Key metrics administrators
Trade and securitization repositories
Pension funds
Rating agencies
ICT service providers for the financial sector
Small Payment Institution
DORA is crucial for payment institutions that process huge volumes of transactions and sensitive data every day. Payment institutions, both Small Payment Institutions (MIP) and National Payment Institutions (KIP), face the challenge of adapting their systems and processes to the new requirements.
The regulation takes into account the principle of proportionality, which means that smaller entities such as MIP can benefit from simplified procedures, but the basic requirements regarding security and operational resilience remain mandatory for all market participants.
How we will help you with DORA
Our comprehensive support offer in implementing and maintaining compliance with the DORA regulation
Determining the scope of application of DORA and NIS2
We will verify the extent to which DORA applies to your organization and determine whether full implementation of the regulations is necessary or whether it is worth using a simplified process. As part of the DORA implementation, we will also prepare you for NIS2 - if you are subject to the provisions of this directive.
Identifying processes and resources
We will help you determine all processes and key resources related to information processing and digital resilience of your organization. We will also focus on processes in which external suppliers (outsourcers) are involved.
Risk analysis
We will analyze the risks related to your digital immunity and the processing of information, including personal data. This analysis will be an important element of your Risk Management System and Digital Resilience Strategy.
Selection of digital immunity solutions
We will help you choose appropriate solutions in the field of digital immunity and information protection to minimize the associated risks.
Implementation of appropriate information management standards
We will support your company in developing and implementing appropriate information management standards, including internal communication. We prefer an approach based on ISO standards, adapted to the scale of operations and capabilities of your organization.
Defining a clear division of responsibilities
We will support you in adapting your organizational structure to the requirements of DORA, as well as the Principles of Corporate Governance for Supervised Institutions and the expectations of the Polish Financial Supervision Authority. In addition to support in the implementation of DORA, we can provide your company with constant support of people responsible for coordinating the implementation of supervisory duties.
Creating backup management rules
We will work together to determine which information you process should be copied as required by DORA or other regulations. We will develop appropriate rules for creating, storing, testing and restoring backup copies. We can also supervise their compliance.
Implementation of redundant IT environments
We will help you identify processes that require redundant or backup IT environments. We will develop appropriate procedures and analyzes related to this. At the same time, we will support you in the selection of external suppliers.
Development and implementation of Business Continuity Plans
We will develop Business Continuity Plans for you, covering not only ICT environments, but also the entire activities of the organization. Together we will select optimal solutions so that your organization is prepared for various scenarios.
Establishing digital resilience testing plans and procedures
We will prepare appropriate procedures and digital resilience testing plans for you, tailored to the size and capabilities of your company and the risks it is exposed to. We can also support you in supervising the implementation of appropriate tests.
Creation of incident response plans
We will create incident response plans for you, including incidents classified as significant. Thanks to this, your organization will know how to proceed in the event of an unfavorable event.
Defining the rules of cooperation with external suppliers
We will develop procedures for cooperation with outsourcers and prepare standard contract clauses compliant with DORA and other requirements. Additionally, we can provide support in the constant monitoring of cooperation with external suppliers required by DORA.
Training of the Management Board, employees and associates
We will prepare and conduct required training in the field of information security (including GDPR), digital immunity and risk analysis. We will also provide dedicated training for the Management Board required by DORA. Additionally, we will develop short e-learning that you can use for onboarding new employees and co-workers.
our DORA experts
Meet our FinTech team, which has been effectively supporting financial institutions in implementing regulations and compliance requirements, including DORA, for years, ensuring digital resilience and operational security.
Why is it worth trusting our experts?
- Comprehensive understanding of DORA regulations and related challenges
- Extensive experience in implementing similar regulations
- A practical approach to solving compliance problems
- Individual solutions tailored to the needs of your organization
Tomasz Klecor
Managing Partner
FinTech navigator. Lawyer.
Paweł Geremek
Attorney-at-law
ISO 27001 Auditor