Financial institutions and financial market infrastructures need to be compliant with the European Union’s Digital Operational Resilience Act (DORA) by 17 January 2025; this applies to EU-based firms, international firms with EU operations and UK based firms that fall in-scope and want to retain access to European markets. It is essential for each firm to ascertain whether or not they fall in-scope of DORA, to maintain competitiveness in an increasingly regulated world. The Financial Conduct Authority (FCA), Prudential Regulation Authority (PRA) and the Bank of England (BoE) have moved to create a policy framework that aligns the UK, as far as possible, with the stringent regulations of DORA to increase and enhance the digital operational resilience of UK financial services firms. 

In late 2019, the FCA consulted firms on proposed regulatory changes to how they approach operational resilience. Ensuring operational resilience is important for firms, financial markets and consumers. Disruptions can cause market-wide issues, posing risks to market integrity, consumer safety and market stability. Covid-19 proved why firms must pay attention to and invest in their resilience, highlighting the interconnectedness of financial markets, third-party risks and provider risks as well as people risks. Policy Statement PS21/3 set out four key areas for firms to focus on: 

1. Identification of Important Business Services: Firms must identify critical services that, if disrupted, could cause significant harm to consumers or market integrity. 

2. Setting impact tolerances: Firms need to establish impact tolerances for each important business service, determining the maximum acceptable disruption. 

3. Scenario testing: Firms must conduct regular scenario testing to ensure they remain within their impact tolerances. 

4. Communication and Self-Assessment: Firms must document their approach and report on their operational resilience to the FCA. 

The new rules apply to banks, building societies, PRA-regulated investment firms, insurers, recognised investment exchanges, Enhanced Scope Senior Managers and Certification Regime Firms and entities authorised and registered under the Payment Services Regulations 2017 and Electronic Money Regulations 2011. Firms were instructed that, by March 31^st, 2022, they must have identified their important business services, set out their impact tolerances, identified vulnerabilities in their operational resilience and carried out both mapping and testing to a necessary level. 

DORA and the FCA’s new operational resilience requirements share a focus on ensuring that financial institutions can withstand and recover from operational disruptions. Both emphasise the need to identify critical services and the need for impact tolerances. However, DORA, being an EU regulation, has a broader scope, including specific requirements for Information and Communication Technology (ICT) risk management and oversight of third-party ICT providers. In contrast, the FCA’s requirements emphasises the need for regular scenario testing and self-assessment by firms.  

The policy framework, which took effect on 31^st March 2022, mandates that by 31^st March 2025, firms must have completed the necessary mapping and testing to ensure they can remain within impact tolerances for each critical business service. With just six months left in the transition period, financial institutions must prioritise strengthening operational resilience to remain compliant.  

Axiol is a no-code RegTech platform offering a robust solution that helps firms strengthen their operational resilience. Its comprehensive suite of modules, including Incident and Breach reporting, and the Axiol Risk module, enables firms to efficiently manage and mitigate such risks and disruptions through a centralised dashboard. By enabling early detection of suspicious activities and streamlining risk management, Axiol ensures continuous operations and compliance with frameworks like DORA and the new FCA guidelines. With unlimited scalability, tailored workflows and customisable options, Axiol is designed to meet the evolving needs of financial institutions. Our team of experts are on hand to provide advisory services and answer your questions on the Axiol solution. 

Discover the full capabilities of Axiol by booking a demo today.  

For more information, please visit www.axiol.com or contact us via email at info@axiol.com.