TLDR:
- European banks and their tech suppliers will face increased scrutiny under the Digital Operational Resilience Act (DORA) starting in January 2025.
- The law requires banks to manage IT risks, test digital resilience, share cyber threat intelligence, and manage third-party risks.
Banks and their IT providers in Europe will soon experience more rigorous scrutiny due to the Digital Operational Resilience Act (DORA) passed last year, set to be enforced in 2025. The law mandates stricter IT risk management, digital operational resilience testing, information sharing on cyber threats, and third-party risk management for banks. Companies must assess concentration risk in outsourcing operational functions to third-party providers, as these suppliers play a crucial role in delivering digital services to customers. Financial institutions will need to adopt solutions to uncover and manage dependencies with these third-party providers. DORA aims to prevent incidents like the CrowdStrike outage that caused IT disruptions across industries, emphasizing the importance of third-party vendors in maintaining resilient infrastructure. With the complexity of ecosystems increasing, banks and tech suppliers must understand industry risks and opportunities to ensure business continuity.