Our era is marked by major technological developments, which can give rise to new risks and challenges. This is true for the financial sector, which is undergoing constant digitalisation and, in parallel, is seeing its exposure to the risk of cyberattacks grow exponentially. With this in mind, the European legislator decided to adopt a European regulation, the Digital Operational Resilience Act (“DORA”). In short, this new European regulation aims to ensure that (certain) stakeholders in the financial sector have adequate resources to withstand any cyberattacks.
DORA's personal scope of application is relatively broad, encompassing among others the following financial institutions:
- insurance undertakings;
- insurance intermediaries (and insurance intermediaries on an ancillary basis);
- reinsurance intermediaries;
- credit institutions;
- payment institutions (including payment institutions exempted under Directive (EU) 2015/2366);
- investment firms;
- alternative investment fund managers; and
- funds managers.
The main obligations arising from DORA can be summarised as follows:
- managing the risks associated with information and communication technologies (ICTs) through adequate policies and procedures;
- reporting of major ICT-related incidents and cyber threats;
- periodic testing of digital operational resilience; and
- taking appropriate measures to ensure the sound management of ICT risk in the event of outsourcing to third parties.
In light of the forthcoming applicability of DORA (on 17 January 2025), the Belgian Financial Services and Markets Authority (the “FSMA”) decided to conduct a survey with the financial institutions it supervises. The purpose of the survey was to assess their progress in preparing for the implementation of DORA. To this end, the FSMA enabled the said institutions to carry out a self-assessment of their level of preparation. Following this self-assessment, the FSMA drew up a series of findings (see here), and it expressed concern about the level of preparation of certain players, particularly insurance and reinsurance intermediaries.
For those who are less well prepared, now is the time to make every effort to ensure that you will be ready when DORA becomes applicable in Belgium. Our financial services team will be delighted to assist you in preparing for the implementation of DORA.
