The EU’s Digital Operational Resilience Act (DORA) aims to promote, improve and ensure operational resilience within the financial services sector.

In September 2020 the European Commission proposed an entirely new regulatory framework for digital risk management for financial entities and certain ICT service providers. The proposal for a regulation on digital operational resilience for the financial sector, also known as the Digital Operational Resilience Act, or DORA, aims to improve ICT risk management in finance.

One of the main goals of the Digital Operational Resilience Act is to harmonise the rules on ICT risk management and DORA’s scope of application is very broad. It covers all financial actors from credit institutions to AIFMs, payment institutions, insurance companies and statutory auditors. 

KPMG can perform the maturity assessment in line with DORA’s scope to determine where your organisation currently sits. Our involvement provides you with a GAP Analysis where we will support the regulatory directive implementation.

Although DORA is yet only a proposal, financial entities are advised to start familiarising themselves with the vast range of proposed requirements. Some of the requirements will not pose major changes to current frameworks and arrangements whereas others will require a lot of time, coordination and effort from very different professionals within organisations.

We, at KPMG, frequently provide cross-professional advice in the field of ICT risk management, cyber security and data protection and are used to bringing together different stakeholders in our clients' organisations. Please reach out to us if you’re interested in hearing more.