DORA – Exploring the Operational Resilience of the Financial Sector’s ICT

Victoria Himawan | Associate Consultant

The Financial Sector plays a pivotal role in business continuity, and its stability, especially post-2008, is paramount.

Increasingly, we have seen the introduction of regulations to safeguard consumers against potential disruptions, including the European Supervisory Authority (ESA)’s Digital Operational Resilience Act (DORA).

Historic safeguarding efforts have lagged on Information Communication and Technology (ICT) third-party providers – a substantial problem given the sector’s increasing reliance on them. DORA marks the most important regulatory initiative on ICT operational resilience for EU financial institutions, aiming to consolidate, update, and streamline its requirements, pushing for a broader business view on resilience and shifting ‘full and ultimate’ accountability to senior management.

The theme underlying the act circulates around third-party providers (both Cloud Service Providers (CSPs) and non-CSPs) being designated as ‘critical’, subjecting them to extensive supervisory powers. In other words, Financial Services and ICT firms can expect greater supervisory engagement from the ESA; as understanding of what constitutes ‘Operational Resilience’ becomes more clearly articulated, so too does the complexity of regulatory requirements. Currently, Level 2 drafting of the regulation is underway, prompting experts to recommend FS firms to set roadmaps and establish required capabilities by Q1 2025 – a relatively tight window of transition.

Operational Resilience is a recurring theme, and the introduction of DORA is no different.

In recent years, B2E Consulting has collaborated with Financial Services companies in multiple Operational Resilience programmes; in one of our recent case studies, a leading UK life insurance and asset management company required SME support to strengthen Operational Resilience across all divisions and functions, specifically within governance structure and stakeholder communication planning. In addition, the requirement for more robust and comprehensive frameworks in third-party risk management was identified as key to the project plan.

Contributing to the success of this project was the collaboration between our experts and the key stakeholders from project initiation to implementation – central to B2E Consulting’s approach is the ability to deploy true experts when our clients need them, rather than relying on a “bench”. As regulations such as DORA evolve, this ensures that the consultant working on each project is as up to date as it is possible to be.

If you’d like to learn more about how we can support your Operational Resilience programmes, contact us by submitting this form or reach out to

Dale McNeill

About the author – Victoria Himawan:

Victoria is B2E’s latest Consultant Support Analyst, having recently graduated with a Bachelor in Business Administration (Business Analytics). She applies her skillsets across a myriad of functions in B2E Consulting.

When Victoria is not working, she can be found running the streets of London or trying not to set the kitchen on fire.

She is interested in Stand-up Comedy (as a spectator), Culinary Arts, and Handcrafts.