{"id":3521,"date":"2024-07-03T15:56:00","date_gmt":"2024-07-03T15:56:00","guid":{"rendered":"https:\/\/fintech.global\/globalregtechsummitusa\/?p=3521"},"modified":"2025-10-31T12:33:13","modified_gmt":"2025-10-31T12:33:13","slug":"how-should-regtechs-be-preparing-for-dora","status":"publish","type":"post","link":"https:\/\/fintech.global\/globalregtechsummitusa\/how-should-regtechs-be-preparing-for-dora\/","title":{"rendered":"How should RegTechs be preparing for DORA?"},"content":{"rendered":"<article id=\"post-19508\" class=\"post-19508 post type-post status-publish format-standard has-post-thumbnail hentry category-uncategorized tag-dora\">\n<div class=\"gdlr-standard-style\">\n<div class=\"blog-content-wrapper\">\n<div class=\"gdlr-blog-content\">\n<p><strong>The Digital Operational Resilience\u00a0<em>Act<\/em>\u00a0(DORA) is a EU regulation that entered into force on 16 January 2023 and is currently set to apply as of 17 January 2025. As the industry gears up for full implementation, how should firms be preparing for it?\u00a0<\/strong><\/p>\n<p>In the view of Donal Lawlor, head of sales at\u00a0<a href=\"https:\/\/www.viclarity.com\/eu\/\">ViClarity<\/a>, RegTech firms that are deemed to be critical third-party providers to financial services firms will need to ensure that due diligence processes over any subtractor meet the minimum resilience standards set out by the regulators.<\/p>\n<p>Lawlor exclaims that RegTechs will use the same five pillars as financial services firms. These are developing an inventory of critical systems, developing a testing programme, identifying the risks and mitigations associated with those systems failure, managing third-party risk management including exit and substitution planning and incident recording and reporting.<\/p>\n<p>\u201cIn-scope Regtech providers to financial services firms will play a key role in helping their clients become DORA compliant. We see closer collaboration between ICT providers (Regtechs) and their clients in terms of testing and TPRM. By understanding their client\u2019s obligations under DORA, and by supplying oversight data in a timely fashion, the RegTech can help their clients be ready for DORA,\u201d said Lawlor.<\/p>\n<p><strong>Common misconceptions<\/strong><\/p>\n<p>Darragh Hayes, CEO of\u00a0<a href=\"https:\/\/www.lei-worldwide.com\/\">LEI Worldwide<\/a>, believes that one of the common\u00a0 \u00a0misconceptions surrounding DORA is that it only applies to regulated financial institutions (FI) under ESMA.<\/p>\n<p>\u201cUnder DORA, each provider listed on a will need to be identified by way of Legal Entity identifier (LEI). Regtechs, fintechs, ICT providers, cybersecurity firms, system engineers and many more will be obliged to obtain an LEI Code come January if they are providing services to an FI under DORA,\u201d he claims.<\/p>\n<p>The LEI CEO added that the templates included in the draft ITS aim to identify unambiguously and consistently the ICT third-party service providers and the FEs using the LEI to enable an efficient aggregation of relevant information.<\/p>\n<p>Another misconception, Hayes professes, is that DORA only applies to EU firms. Organizations based outside of the EU, providing services to FIs within the EU will also be obliged to obtain an LEI come January.<\/p>\n<p>\u201cThis means that a fintech firm based in Silicon Valley or an IT consultancy in India would need to comply with DORA\u2019s provisions, including obtaining an LEI, if their service footprint extends into the European financial market,\u201d said Hayes.<\/p>\n<p>Morever, Hayes explained that there is a misconception that DORA\u2019s requirements are solely focused on cybersecurity.<\/p>\n<p>\u201cWhile cybersecurity is a crucial aspect, DORA\u2019s mandate is much broader, encompassing all facets of digital operational resilience. This includes not just data protection and cyber threat mitigation but also the robustness of digital systems, the resilience of infrastructures, and the ability to recover from ICT disruptions. Fintechs and other service providers must therefore look beyond cybersecurity measures and consider their roles in ensuring comprehensive digital resilience,\u201d explained Hayes.<\/p>\n<p>He added, \u201cIn light of this, Fintechs and Regtechs should ensure they are DORA compliant by obtaining an LEI well in advance of January, and also ensure that any element of their service that is outsourced to another service provider will also have one. The alternative is to be DORA non-compliant and running the risk that the FI client organization requests you to formally obtain an LEI, the FI is in breach of DORA or the relationship is ceased.<\/p>\n<p>\u201cIt is imperative for all affected entities to actively engage with the requirements of DORA, seek clarity on their obligations, however when it comes to the LEI component LEI Worldwide are running a DORA readiness campaign for both FIs and tech\/cybersecurity providers.\u201d<\/p>\n<p><strong>Plan ahead\u00a0<\/strong><\/p>\n<p>Allison Lagosh \u2013 head of compliance at\u00a0<a href=\"https:\/\/saifr.ai\/\">Saifr<\/a>\u00a0\u2013 stated that financial firms in scope will need to pay special attention and build in controls and procedures that comply with the regulation. It will also, she stated, impact firms doing business in the EU, similar in nature to GDPR protocols and scope.<\/p>\n<p>What are some of the impacts and requirements of the proposed rule? Lagosh explains one key area is around common standards.<\/p>\n<p>She said, \u201cDORA will subject all firms to a common set of standards to mitigate ICT risks. This means that financial institutions will need to adhere to specific guidelines related to their information and communications technology infrastructure.\u201d<\/p>\n<p>Another area is increased oversight. On this, firms will face enhanced regulatory oversight regarding their operational resilience.\u00a0This includes monitoring and reporting on their ICT systems, cybersecurity practices, and incident response capabilities.<\/p>\n<p>Risk assessment and testing will also be key. \u201cDORA may require firms to conduct regular risk assessments and testing of their ICT systems. This involves identifying vulnerabilities, assessing potential impacts, and implementing necessary safeguards,\u201d said Lagosh.<\/p>\n<p>A final area is incident reporting. Companies, Lagosh stated,\u00a0will need to promptly report any significant ICT incidents to relevant authorities. This ensures transparency and facilitates coordinated responses during crises.<\/p>\n<p>\u201cFirms can prepare by examining current practices and enhancing them to accommodate new standards. GAP analysis should be performed, and legal and compliance teams should be engaged to develop a program in advance of the compliance deadline,\u201d said Lagosh.<\/p>\n<p>According to Nathalie Aubry-Stacey, head of regulatory affairs &amp; compliance at\u00a0<a href=\"https:\/\/www.custodiatechnology.com\/\">Custodia<\/a>, said, \u201cDORA represents a significant shift in how financial entities must manage and report their operational resilience, particularly in relation to information and communication technology (ICT) risk. As this legislation comes into full effect in January 2025, the RegTech industry needs to proactively prepare to assist its clients in navigating these new requirements.<\/p>\n<p>\u201cEnhanced contractual documentation with clients will be crucial. DORA requires financial entities to maintain comprehensive documentation of their ICT risk management frameworks, including policies, procedures, and controls.<\/p>\n<p>\u201cObtaining and maintaining outside certifications will be essential for RegTech companies. Certifications such as ISO 27001 can serve as a demonstration of a firm\u2019s commitment to operational resilience and security. These certifications will help in meeting DORA\u2019s regulatory expectations RegTechs should prioritise achieving these certifications but also keeping them up-to-date, showcasing the ability to safeguard against ICT risks and ensuring continuous compliance with evolving regulatory standards.\u201d<\/p>\n<\/div>\n<div class=\"gdlr-single-blog-tag\"><\/div>\n<\/div>\n<\/div>\n<\/article>\n","protected":false},"excerpt":{"rendered":"<p>The Digital Operational Resilience\u00a0Act\u00a0(DORA) is a EU regulation that entered into force on 16 January 2023 and is currently set to apply as of 17 January 2025. As the industry gears up for full implementation, how should firms be preparing [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":3687,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false},"categories":[1],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.0 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How should RegTechs be preparing for DORA? - Global RegTech Summit USA<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/fintech.global\/globalregtechsummitusa\/how-should-regtechs-be-preparing-for-dora\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How should RegTechs be preparing for DORA? - Global RegTech Summit USA\" \/>\n<meta property=\"og:description\" content=\"The Digital Operational Resilience\u00a0Act\u00a0(DORA) is a EU regulation that entered into force on 16 January 2023 and is currently set to apply as of 17 January 2025. As the industry gears up for full implementation, how should firms be preparing [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/fintech.global\/globalregtechsummitusa\/how-should-regtechs-be-preparing-for-dora\/\" \/>\n<meta property=\"og:site_name\" content=\"Global RegTech Summit USA\" \/>\n<meta property=\"article:published_time\" content=\"2024-07-03T15:56:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-10-31T12:33:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/fintech.global\/globalregtechsummitusa\/wp-content\/uploads\/2024\/07\/giammarco-boscaro-zeH-ljawHtg-unsplash-5-696x464-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"696\" \/>\n\t<meta property=\"og:image:height\" content=\"464\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Editorial\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Editorial\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/fintech.global\/globalregtechsummitusa\/how-should-regtechs-be-preparing-for-dora\/\",\"url\":\"https:\/\/fintech.global\/globalregtechsummitusa\/how-should-regtechs-be-preparing-for-dora\/\",\"name\":\"How should RegTechs be preparing for DORA? - Global RegTech Summit USA\",\"isPartOf\":{\"@id\":\"https:\/\/fintech.global\/globalregtechsummitusa\/#website\"},\"datePublished\":\"2024-07-03T15:56:00+00:00\",\"dateModified\":\"2025-10-31T12:33:13+00:00\",\"author\":{\"@id\":\"https:\/\/fintech.global\/globalregtechsummitusa\/#\/schema\/person\/d25d670fca037052a277394a71dbed16\"},\"breadcrumb\":{\"@id\":\"https:\/\/fintech.global\/globalregtechsummitusa\/how-should-regtechs-be-preparing-for-dora\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/fintech.global\/globalregtechsummitusa\/how-should-regtechs-be-preparing-for-dora\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/fintech.global\/globalregtechsummitusa\/how-should-regtechs-be-preparing-for-dora\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/fintech.global\/globalregtechsummitusa\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How should RegTechs be preparing for DORA?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/fintech.global\/globalregtechsummitusa\/#website\",\"url\":\"https:\/\/fintech.global\/globalregtechsummitusa\/\",\"name\":\"Global RegTech Summit USA\",\"description\":\"The world&#039;s largest gathering of RegTech leaders &amp; innovators\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/fintech.global\/globalregtechsummitusa\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/fintech.global\/globalregtechsummitusa\/#\/schema\/person\/d25d670fca037052a277394a71dbed16\",\"name\":\"Editorial\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/fintech.global\/globalregtechsummitusa\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e25caf13ff74e4ec69c5895b17b6b1e0?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e25caf13ff74e4ec69c5895b17b6b1e0?s=96&d=mm&r=g\",\"caption\":\"Editorial\"},\"url\":\"https:\/\/fintech.global\/globalregtechsummitusa\/author\/editorial\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How should RegTechs be preparing for DORA? - Global RegTech Summit USA","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/fintech.global\/globalregtechsummitusa\/how-should-regtechs-be-preparing-for-dora\/","og_locale":"en_US","og_type":"article","og_title":"How should RegTechs be preparing for DORA? - Global RegTech Summit USA","og_description":"The Digital Operational Resilience\u00a0Act\u00a0(DORA) is a EU regulation that entered into force on 16 January 2023 and is currently set to apply as of 17 January 2025. As the industry gears up for full implementation, how should firms be preparing [&hellip;]","og_url":"https:\/\/fintech.global\/globalregtechsummitusa\/how-should-regtechs-be-preparing-for-dora\/","og_site_name":"Global RegTech Summit USA","article_published_time":"2024-07-03T15:56:00+00:00","article_modified_time":"2025-10-31T12:33:13+00:00","og_image":[{"width":696,"height":464,"url":"https:\/\/fintech.global\/globalregtechsummitusa\/wp-content\/uploads\/2024\/07\/giammarco-boscaro-zeH-ljawHtg-unsplash-5-696x464-1.jpg","type":"image\/jpeg"}],"author":"Editorial","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Editorial","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/fintech.global\/globalregtechsummitusa\/how-should-regtechs-be-preparing-for-dora\/","url":"https:\/\/fintech.global\/globalregtechsummitusa\/how-should-regtechs-be-preparing-for-dora\/","name":"How should RegTechs be preparing for DORA? - Global RegTech Summit USA","isPartOf":{"@id":"https:\/\/fintech.global\/globalregtechsummitusa\/#website"},"datePublished":"2024-07-03T15:56:00+00:00","dateModified":"2025-10-31T12:33:13+00:00","author":{"@id":"https:\/\/fintech.global\/globalregtechsummitusa\/#\/schema\/person\/d25d670fca037052a277394a71dbed16"},"breadcrumb":{"@id":"https:\/\/fintech.global\/globalregtechsummitusa\/how-should-regtechs-be-preparing-for-dora\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/fintech.global\/globalregtechsummitusa\/how-should-regtechs-be-preparing-for-dora\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/fintech.global\/globalregtechsummitusa\/how-should-regtechs-be-preparing-for-dora\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/fintech.global\/globalregtechsummitusa\/"},{"@type":"ListItem","position":2,"name":"How should RegTechs be preparing for DORA?"}]},{"@type":"WebSite","@id":"https:\/\/fintech.global\/globalregtechsummitusa\/#website","url":"https:\/\/fintech.global\/globalregtechsummitusa\/","name":"Global RegTech Summit USA","description":"The world&#039;s largest gathering of RegTech leaders &amp; innovators","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/fintech.global\/globalregtechsummitusa\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/fintech.global\/globalregtechsummitusa\/#\/schema\/person\/d25d670fca037052a277394a71dbed16","name":"Editorial","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/fintech.global\/globalregtechsummitusa\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e25caf13ff74e4ec69c5895b17b6b1e0?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e25caf13ff74e4ec69c5895b17b6b1e0?s=96&d=mm&r=g","caption":"Editorial"},"url":"https:\/\/fintech.global\/globalregtechsummitusa\/author\/editorial\/"}]}},"featured_image_src":"https:\/\/fintech.global\/globalregtechsummitusa\/wp-content\/uploads\/2024\/07\/giammarco-boscaro-zeH-ljawHtg-unsplash-5-696x464-1-600x400.jpg","featured_image_src_square":"https:\/\/fintech.global\/globalregtechsummitusa\/wp-content\/uploads\/2024\/07\/giammarco-boscaro-zeH-ljawHtg-unsplash-5-696x464-1-600x464.jpg","author_info":{"display_name":"Editorial","author_link":"https:\/\/fintech.global\/globalregtechsummitusa\/author\/editorial\/"},"_links":{"self":[{"href":"https:\/\/fintech.global\/globalregtechsummitusa\/wp-json\/wp\/v2\/posts\/3521"}],"collection":[{"href":"https:\/\/fintech.global\/globalregtechsummitusa\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fintech.global\/globalregtechsummitusa\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fintech.global\/globalregtechsummitusa\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/fintech.global\/globalregtechsummitusa\/wp-json\/wp\/v2\/comments?post=3521"}],"version-history":[{"count":2,"href":"https:\/\/fintech.global\/globalregtechsummitusa\/wp-json\/wp\/v2\/posts\/3521\/revisions"}],"predecessor-version":[{"id":3688,"href":"https:\/\/fintech.global\/globalregtechsummitusa\/wp-json\/wp\/v2\/posts\/3521\/revisions\/3688"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/fintech.global\/globalregtechsummitusa\/wp-json\/wp\/v2\/media\/3687"}],"wp:attachment":[{"href":"https:\/\/fintech.global\/globalregtechsummitusa\/wp-json\/wp\/v2\/media?parent=3521"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fintech.global\/globalregtechsummitusa\/wp-json\/wp\/v2\/categories?post=3521"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fintech.global\/globalregtechsummitusa\/wp-json\/wp\/v2\/tags?post=3521"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}