The Digital Operational Resilience Act (DORA) is set to crash into the UK and European financial services sector in January 2025, leaving unprepared organizations scrambling for cover. With a shocking 60 percent of firms still adrift in terms of their readiness to stand up to this new regulation, time is running out to chart a course towards compliance and robust operational resilience.
With the banking and financial service industry among the worst hit in the recent CrowdStrike IT outage crisis, it’s not a good time to be one of the many that do not have a DORA-related disaster recovery plan in place.
Planning is key
By focusing on key areas and adopting a strategic approach, firms can chart a course towards compliance and robust operational resilience. At the heart of DORA lies the imperative to enhance operational resilience, a concept that extends far beyond mere technological considerations. It encompasses the entire spectrum of business processes, demanding a holistic approach to weatherproofing an organization against digital disruptions.
First and foremost, firms must conduct a comprehensive assessment of their current operational resilience. This involves identifying weak points in disaster recovery strategies, pinpointing vulnerable customer segments and evaluating the potential impact of DORA on day-to-day operations. A thorough risk assessment can reveal quick wins and areas requiring immediate attention, providing a solid foundation for building resilience.
The impact of cloud technology
One crucial aspect of operational resilience is the ability to maintain critical functions during adverse conditions – and this is where cloud technology comes into play. Leveraging a cloud platform-as-a-service (CPaaS) is no longer a luxury but a necessity in the DORA era. Cloud solutions offer the flexibility and scalability needed to handle significant call volumes and ensure business continuity in the face of disruptions.
However, it’s important to note that simply adopting cloud solutions is not enough and adopting a “fire and forget” mentality can leave organizations vulnerable. Even with robust cloud contact center solutions, financial firms must demonstrate a solid disaster recovery plan and strategy. Recent high-profile outages serve as stark reminders that no organization is unsinkable, regardless of its technological prowess.
Referencing the recent CrowdStrike situation once more, CIOs are now also having a re-think about relying on a single legacy on-premise or cloud provider, and are instead aiming to back-up their systems on one or even two different suppliers.
The importance of a disaster recovery mindset
To truly enhance operational resilience, financial firms must adopt a proactive approach to testing and iteration. Regular disaster recovery testing, thorough documentation of resilience outcomes and capabilities, and continuous service evolution through re-iteration are all essential components of a DORA-compliant strategy. These practices not only bolster operational resilience but also provide the necessary proof for auditors and regulatory bodies.
The consequences of failing to enhance operational resilience can be severe, as evidenced by recent incidents across the financial sector. One UK retail and commercial bank learned this lesson the hard way, incurring a £48 million fine (more than US $62 million), losses exceeding £340 million (over $437 million) and the exodus of 60,000 customers. Above all, the long-term reputational damage was immeasurable.
“Winging it” is never a good idea
When critical incidents disrupt customer services, contact centers often bear the brunt of the storm. With new regulations looming, “winging it is not a viable strategy. Nor is blindly trusting a single public cloud contact center solution, as recent outages have demonstrated. Financial firms must adopt a multi-faceted approach to operational resilience, considering all aspects of their business processes.
Enhancing operational resilience in the context of DORA requires a holistic view of an organization’s digital ecosystem. This includes not only technological infrastructure but also the people, processes and policies that support it. Financial firms must ensure that their employees are well-trained in disaster recovery procedures, that communication channels remain open during crises and that decision-making processes are streamlined to facilitate rapid response to disruptions.
Maintain strong third-party relations and data management
Moreover, operational resilience extends to third-party relationships. In an increasingly interconnected financial landscape, the resilience of an organization is only as strong as its weakest link. DORA mandates rigorous oversight of third-party service providers, requiring financial firms to assess and manage the risks associated with their external partnerships. This includes a thorough review of existing contracts, service level agreements and contingency plans.
Data management and protection form another crucial pillar of resilience under DORA. Financial firms must ensure the integrity, availability and confidentiality of their data, implementing robust backup and recovery systems. This not only safeguards against data loss but also enables swift restoration of services in the event of any disruption.
Opportunity to strengthen processes and customer experience
As the January deadline approaches, enhancing operational resilience must be viewed not as a regulatory burden, but as an opportunity to strengthen business processes and improve customer experience. By investing in resilience, financial firms can not only weather regulatory storms but also gain a competitive edge in an increasingly digital financial landscape – customer loyalty and faith powered by brilliant customer experiences will be crucial.
The journey towards DORA compliance and enhanced operational resilience may seem daunting, but financial firms need not navigate these challenges alone. Partnering with experienced service providers – such as our team Sabio Group – can provide valuable insights, technological solutions and strategic guidance.
Those financial firms that adopt a comprehensive approach to DORA that encompasses technology, people, processes and partnerships will not only survive in the industry’s latest digital evolution but be in prime position to drive its future agenda.
[inlinead-1]