DORA consultancy - helping financial institutes across the UK and Europe.

Anni Roenkae, Pink and Blue


Transform your operational resilience

Now is the time to ask yourself critical questions:
  • Do you believe that your organisation is resilient or not?
  • Are you fully aware of all the services provided by and all the dependencies to your third-party ICT providers?
  • Do you have a good grasp of all ICT related incidents?
  • Can you recover a critical solution to support your customers in the next 4 to 8 hours?
In a world of constant change, you need to serve your customers and markets continuously in the best possible way. Your stability is essential - therefore, beeing well prepared is crucial.
New EU Digital Operational Resiliency Act (DORA), is a complex regulation that requires a lot of attention and any help that you can get.

How do you make your organisation resilient?
The risk landscape continues to evolve and bring unexpected challenges. We have only limited controls which frequently be adapted on the fly.
DORA identifies five critical areas and helps an organisation focus attention where the potential impact is high.
The ICT risk management is an overarching framework helping to standardise the identification of critical assets and their dependencies, allocate priorities and quantify ICT risks using various scenarios and models.

ICT Compliance
Common definition of Compliance is “Observance of external (international and national) laws and regulations, and internal norms and procedures, to protect the integrity of the organisation, its management and employees with the aim of preventing and controlling risks and the possible damage resulting from non-compliance and integrity risks”.
Financial regulators in Europe focus much more now on the operational resilience of the financial system. A lot of it is driven by better awareness of the risks that arise from the adoption of digital technologies and the inter-connectedness of third parties. However, operational resilience is a much wider area and it requires a broader way of thinking about the way the financial sector plans for and responds to a variety of non-financial events. It requires the firms to consider how various disruptions might endanger their viability, harm their customers, counterparties, shareholders, and have knock-on effect on the stability of the broader financial system.


How can your organisation evidence its compliance with DORA?
Recently published ESA guidelines, which various central banks have also echoed, create a tight timeline for showing evidence of compliance.
Most central banks expect to receive the information registers by early April 2025, which aligns with the next steps of register consolidation, evaluation, and use for Critical ICT third-party service providers (CTPPs), aiming to designate the CTPPs and start the oversight engagement this year.
Your organisation register must include the required details, which are typically unavailable; therefore, it takes time to compile and validate it.

In our workshops, we will help you evaluate your current level of ICT compliance and provide a relevant structure to manage it efficiently.

We can also support your organisation by outsourcing various processes to us. Check our outsourcing services here

Have you started auditing your ICT suppliers?
It can be tedious since small—to medium-sized financial entities use between 15 and 60 ICT suppliers. While not all of those suppliers are critical, and we assume that your organisation could identify those correctly, even for those that are critical, the audit will take, on average, 7 to 10 days to complete. The larger entities can expect a more significant number of critical suppliers with associated efforts.

We can help with our audit services. Let's have a chat about DORA challenges.

Would you like to talk about DORA compliance? Contact us.