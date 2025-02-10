Talking Trends

The Digital Operational Resilience Act (DORA) is a European Union (EU) regulation that entered into force January 2023 and was applied on Jan. 17, 2025. It aims at strengthening the IT security of financial entities such as banks, insurance companies and investment firms and making sure that the financial sector in Europe is able to stay resilient in the event of a severe operational disruption. DORA is crucial for enhancing the digital operational resilience of financial institutions globally.

Does DORA apply to U.S. companies? The short answer is yes. DORA does apply to U.S.-based companies if they provide services to EU financial entities. This is similar to U.S. companies that collect data from EU citizens. They must comply with GDPR regulations to protect that data.

Financial institutions are under the regulatory spotlight to demonstrate effective compliance governance, including DORA. One of those ways is through Continuous Compliance — continuous risk assessments, control effectiveness measurement, maturity models and risk prioritization must form the backbone of an effective risk program, as we hear from Andrew Beagley, Chief Risk & Compliance Officer of RiskOpsAI, Roshan Shetty, Head OF BFSI and Public Sector at Tech Mahindra Americas, and Graham McMillan, Chief Technology Officer of Redgate.

