Operational resiliency is a critical priority for financial firms around the world, driven by a fundamental need to strengthen trust and security in response to the growing risk of cyberattacks and disruptions, according to Mike Sleightholme, President of Broadridge International.
Broadridge has released a new whitepaper focused on the imperative need for financial services firms to enhance their operational resilience in reaction to the European Union’s Digital Operational Resilience Act (DORA) and other global regulations.
The whitepaper, titled ‘Building Resilience Across Borders: A holistic approach to global operational resilience and navigating the regulatory maze,’ highlights the extensive regulatory expectations and the strategic preparations necessary for compliance.
“The broad and in-depth scope of DORA mandates a significant transformation in risk management frameworks, policies and governance structures relating to both inhouse and third-party systems, posing urgent challenges that the industry needs to address ahead of the January 17, 2025 deadline,” commented Sleightholme in a press statement.
Key findings from the whitepaper include:
- Worldwide regulatory priority: Besides the EU, regions such as the US, Canada, the UK, South Africa, Japan, Hong Kong, Singapore and Australia are also tightening their operational resilience regulations.
- Global scope and impact of DORA mandates significant changes to operational risk management and resilience across nearly all areas of financial services, impacting firms operating in the EU irrespective of where their headquarters and third-party suppliers are located.
- Clock is ticking, firms must begin their DORA compliance preparations now, as the January 2025 enforcement date necessitates extensive system reviews and data reporting readiness. Firms must focus resources on mobilising their action plan, potentially leveraging mutualized shared services.
- Watch out for regulatory enforcement, noncompliance with operational resilience mandates is likely to result in stringent enforcement actions. Firms need to start prioritizing cybersecurity and risk reduction today.
- Increased regulatory focus on third-party service providers and internal IT systems highlights the need for thorough operational reviews and compliance assurance.
According to Virginie O’Shea, Founder of Firebrand Research, who worked with Broadridge to develop the whitepaper, regulators are emphasizing and prioritizing operational resilience, yet there is a growing sense that many firms remain far from ready, exposing themselves not only to operational resiliency risk but also to regulatory compliance risk.
“Firms must act now to mobilize their DORA action plans, including a detailed assessment of their critical systems and services, and an impact analysis to ensure they can deliver a compliant operating model and meet recovery and reporting objectives aligned to DORA’s requirements,” she said.