In line with the financial sector becoming increasingly digital, the risks of disruptions are also increasing. At the same time, geopolitical tensions have increased, which poses new demands on financial companies and banks.
Against this background, the EU has agreed on a new regulatory framework, Dora (Digital operational resilience act), which is intended to strengthen the digital resilience of the sector.
Frequent attacks
In Sweden, around 1,400 banks and financial companies are covered by the regulatory framework, which will begin to be applied on January 17.
The purpose is that their ability to manage risks in the digital infrastructure should be so good that we can rely on them being able to withstand disruptions that can cause interruptions in operations, says Malin Alpen.
According to FI, recurring reports are made about various forms of disruptions in the digital infrastructure of banks and financial companies, including as a result of various forms of cyberattacks.
It can be a disruption in an IT system that makes a financial service unavailable. It can also be a disruption that comes from outside, for example, a cyberattack.
Lacking resilience
According to Malin Alpen, banks and financial companies have not built up their resilience at the same pace as they have digitalized. Therefore, she believes that the new regulatory framework will fill an important function.
In the long term, it can contribute to a more robust financial sector that can better handle the increasing threats in an increasingly digitalized world.
Already today, there are a number of legal requirements on companies in the financial sector. With the new regulatory framework, additional requirements are introduced. From now on, companies are expected to test their resilience on their own and control potential risks with their subcontractors.
Challenge for companies
Furthermore, disruptions must be reported to the Financial Supervisory Authority to a greater extent.
Generally, we see that financial companies to a relatively large extent have outsourced parts of their operations to other actors, and then these new requirements become more comprehensive to live up to, which some companies have mentioned as a particular challenge.
