The financial services industry is facing a global challenge to improve its operational resilience across all major markets and industry stakeholders:

1. Strengthening operational resilience is critical across financial services sectors: Operational resilience strengthens efforts to minimise the risk of cyber attacks and disruptions and to enable efficient recovery. The EU regulator, through regulations such as the Digital Operational Resilience Act (DORA), mandates that almost all types of financial firms implement robust measures to manage and mitigate operational and system risks. This initiative requires firms to strengthen their operational risk management and governance frameworks which presents a significant challenge for many as they adapt to comprehensive requirements.
2. DORA isn’t the only regulation on the horizon: Regulators in other key jurisdictions outside of the European Union are equally focused on the topic of operational resilience. Several regulators in the US market, Japan, Hong Kong, Singapore, the UK and Australia have introduced new or updated requirements or proposals in this area.
3. Firms need to get ready now: Although impacted financial firms must be compliant in January 2025, it will take months of preparation for them to get ready for reporting, especially when it comes to a full system review and service provider data reporting. Buy-side firms in particular may need to build in extra time to query information received from their outsourced service providers.
4. Enforcement action is likely: Regulators are prioritising operational resilience over many other areas. They are likely to come down hard on non-compliance to demonstrate the importance they place on cybersecurity and operational risk reduction.
5. Third party providers and inhouse IT will come under increased pressure: The emphasis of regulators is on ensuring that critical systems of all kinds, and service providers, have invested the necessary resources into ensuring they have operationally resilient environments. This necessitates a full review of the supply chain for these services, including nth party dependencies, regardless of their headquarters' or providers’ location or regulatory jurisdiction.

Discover actionable insights and strategies by downloading our comprehensive whitepaper on operational resilience, DORA, and navigating other international regulations.