DORA on the horizon: How to forge operational resilience

Financial firms must adopt a multi-faceted approach to operational resilience, considering all aspects of their business processes

Add bookmark
James Dodson
James Dodson
08/08/2024

dora operational resilience

The Digital Operational Resilience Act (DORA) is set to crash into the UK and European financial services sector in January 2025, leaving unprepared organizations scrambling for cover. With a shocking 60 percent of firms still adrift in terms of their readiness to stand up to this new regulation, time is running out to chart a course towards compliance and robust operational resilience.

With the banking and financial service industry among the worst hit in the recent CrowdStrike IT outage crisis, it’s not a good time to be one of the many that do not have a DORA-related disaster recovery plan in place.

Don't miss any news, updates or insider tips from PEX Network by getting them delivered to your inbox. Sign up to our newsletter and join our community of experts. 

Planning is key

By focusing on key areas and adopting a strategic approach, firms can chart a course towards compliance and robust operational resilience. At the heart of DORA lies the imperative to enhance operational resilience, a concept that extends far beyond mere technological considerations. It encompasses the entire spectrum of business processes, demanding a holistic approach to weatherproofing an organization against digital disruptions.

First and foremost, firms must conduct a comprehensive assessment of their current operational resilience. This involves identifying weak points in disaster recovery strategies, pinpointing vulnerable customer segments and evaluating the potential impact of DORA on day-to-day operations. A thorough risk assessment can reveal quick wins and areas requiring immediate attention, providing a solid foundation for building resilience.

The impact of cloud technology

One crucial aspect of operational resilience is the ability to maintain critical functions during adverse conditions – and this is where cloud technology comes into play. Leveraging a cloud platform-as-a-service (CPaaS) is no longer a luxury but a necessity in the DORA era. Cloud solutions offer the flexibility and scalability needed to handle significant call volumes and ensure business continuity in the face of disruptions.

However, it’s important to note that simply adopting cloud solutions is not enough and adopting a “fire and forget” mentality can leave organizations vulnerable. Even with robust cloud contact center solutions, financial firms must demonstrate a solid disaster recovery plan and strategy. Recent high-profile outages serve as stark reminders that no organization is unsinkable, regardless of its technological prowess.

Referencing the recent CrowdStrike situation once more, CIOs are now also having a re-think about relying on a single legacy on-premise or cloud provider, and are instead aiming to back-up their systems on one or even two different suppliers.

The importance of a disaster recovery mindset

To truly enhance operational resilience, financial firms must adopt a proactive approach to testing and iteration. Regular disaster recovery testing, thorough documentation of resilience outcomes and capabilities, and continuous service evolution through re-iteration are all essential components of a DORA-compliant strategy. These practices not only bolster operational resilience but also provide the necessary proof for auditors and regulatory bodies.

The consequences of failing to enhance operational resilience can be severe, as evidenced by recent incidents across the financial sector. One UK retail and commercial bank learned this lesson the hard way, incurring a £48 million fine (more than US $62 million), losses exceeding £340 million (over $437 million) and the exodus of 60,000 customers. Above all, the long-term reputational damage was immeasurable.

 

“Winging it” is never a good idea

When critical incidents disrupt customer services, contact centers often bear the brunt of the storm. With new regulations looming, “winging it is not a viable strategy. Nor is blindly trusting a single public cloud contact center solution, as recent outages have demonstrated. Financial firms must adopt a multi-faceted approach to operational resilience, considering all aspects of their business processes.

Enhancing operational resilience in the context of DORA requires a holistic view of an organization’s digital ecosystem. This includes not only technological infrastructure but also the people, processes and policies that support it. Financial firms must ensure that their employees are well-trained in disaster recovery procedures, that communication channels remain open during crises and that decision-making processes are streamlined to facilitate rapid response to disruptions.

Maintain strong third-party relations and data management

Moreover, operational resilience extends to third-party relationships. In an increasingly interconnected financial landscape, the resilience of an organization is only as strong as its weakest link. DORA mandates rigorous oversight of third-party service providers, requiring financial firms to assess and manage the risks associated with their external partnerships. This includes a thorough review of existing contracts, service level agreements and contingency plans.

Data management and protection form another crucial pillar of resilience under DORA. Financial firms must ensure the integrity, availability and confidentiality of their data, implementing robust backup and recovery systems. This not only safeguards against data loss but also enables swift restoration of services in the event of any disruption.

Opportunity to strengthen processes and customer experience

As the January deadline approaches, enhancing operational resilience must be viewed not as a regulatory burden, but as an opportunity to strengthen business processes and improve customer experience. By investing in resilience, financial firms can not only weather regulatory storms but also gain a competitive edge in an increasingly digital financial landscape – customer loyalty and faith powered by brilliant customer experiences will be crucial.

The journey towards DORA compliance and enhanced operational resilience may seem daunting, but financial firms need not navigate these challenges alone. Partnering with experienced service providers – such as our team Sabio Group – can provide valuable insights, technological solutions and strategic guidance.

Those financial firms that adopt a comprehensive approach to DORA that encompasses technology, people, processes and partnerships will not only survive in the industry’s latest digital evolution but be in prime position to drive its future agenda.

Strategic Transformation & Operational Excellence Europe 2024

Meet and learn from the leaders and experts in the field of operational excellence, business process and digital transformation. Discover the latest tools and best practices for achieving customer-centricity, agility, and innovation. Register now and join the most influential community of business transformation and process professionals in Europe.

To view this content, please fill out the form to register and become a member.
Or, if you're already a member, sign in below to view.

Sign In

Please note: That all fields marked with an asterisk (*) are required.



By entering in your information and submitting the form, you give the sponsor permission to contact you regarding their product and you agree to our User Agreement, Privacy Policy, and Cookie Policy.

We respect your privacy, by clicking 'Subscribe' you will receive our e-newsletter, including information on Podcasts, Webinars, event discounts, online learning opportunities and agree to our User Agreement. You have the right to object. For further information on how we process and monitor your personal data click here. You can unsubscribe at any time.


RECOMMENDED