This article was originally published on IBS Intelligence.
By Rupert Colbourne, Chief Technology Officer at Orbus Software
With the EU’s Digital Operational Resilience Act (DORA) coming into force in January 2025, financial services firms are under pressure to leverage digital risk management workflows and enhance operational resiliency to get compliant.
All new obligations to maintain resilience come off the back of years of extensive industry digital transformation. Cloud migration, increased data analytics and new use cases of AI and Machine Learning have widely been adopted in the interest of increased efficiency and better services. These shifts have further intertwined technology and business processes – making it the right time for organisations to consider how digital innovation can be balanced with robust resilience.
Getting DORA compliant could be viewed as a cumbersome necessity. In truth, however, it presents a great opportunity for financial services firms to align increased volumes of data with business processes and performance for improved overall outcomes.
Shifting compliance requirements
DORA is an inevitable recognition of an increased dependence on digital applications and services and the resilience risks this poses. It’s also far-reaching – despite being EU legislation, cross-border operations and third-party relationships that are commonplace in finance means non-EU firms with EU operations must also comply with DORA to avoid penalties.
On the journey to comply, financial services firms can leverage audits of the IT estate and corresponding business processes to drive deeper strategic improvements in the pursuit of enhanced resilience that DORA demands.
A recent study by the Financial Conduct Authority (FCA) was telling. It found that an alarming 92% of UK financial service companies still rely on legacy technology, and 78% of their data is stored in on-premise infrastructure. The industry has a unique legacy infrastructure problem which acts as a serious barrier to resilience. Legacy systems act as data siloes and are tougher to integrate with modern applications to guarantee visibility of risk.
Specific dependencies of legacy infrastructure are difficult to map without a holistic view of an IT landscape that integrates with a wide spectrum of business processes, data, applications and technology. Such a view can be established with an Enterprise Architecture (EA) platform – and it’s just one of the EA use cases for financial services firms manoeuvring to get ready for DORA.
Organisation-wide change necessitates a single source of truth
EA platforms stretch further than supporting the decommissioning of legacy technology. They’re designed to map all IT assets and processes to help guide all EA change and design towards the overarching strategic objectives. In the case of many financial services firms, this will be getting DORA-ready.
Financial services firms won’t be strangers to the plethora of IT solutions that enhance individual aspects of resilience – from risk management to incident response. It’s EA, however, that uniquely aligns technology and its management with business processes to ensure both keep in step with DORA and its requirements. A centralised repository of all business capabilities, processes, applications, data, and technology assets amounts to the clearest picture organisations can build of their resilience posture to guide DORA’s required change.
“As-is” and “to-be” modelling through EA unlocks broader benefits for financial services firms that should also be factored into the decision to use EA or not. Planning for the utilisation of cutting-edge AI technology, for example, is another priority for the industry that requires a holistic EA view of IT and business processes to map the data that’s the lifeblood of accurate and impactful AI output.
Peace of mind
DORA provides an opportunity for organisations to assess the synergies and gaps in their business processes and IT operations. Comprehensive operational resilience can only be achieved with a centralised view of available data. This is integral for financial services firms to establish visibility of their resilience posture as well as guide future transformation in an intelligent manner.
Find the article on IBS Intelligence