Author
Helen Barklam
Helen Barklam is a journalist and writer with more than 25 years experience. Helen has worked in a wide range of different sectors, including health and wellness, sport, digital marketing, home design and finance.
With less than five months remaining until the European Union’s Digital Operational Resilience Act (DORA) comes into effect, Ocorian, a leading provider of fund, corporate, capital market, private client, and regulatory compliance services, is urging asset managers to take immediate steps to ensure compliance.
Failure to act could result in significant penalties, including fines of up to €10 million or 5% of annual turnover.
Impact of DORA on the Financial Sector
DORA is set to reshape the operational landscape for the EU financial sector, including its service providers and any external entities conducting business with EU-based financial participants. The regulation, a key component of the EU’s Digital Finance Package, aims to harmonise cybersecurity measures, mitigate digital risks, and enhance the operational resilience of financial institutions.
Ocorian highlights that from 17th January 2025, asset managers will need to ensure both their own operations and those of their outsourced service providers comply with DORA’s stringent requirements. Non-compliance could lead to substantial financial penalties and reputational damage.
Key Areas of Impact for Regulated Funds
DORA will have a significant impact on regulated funds, particularly across the following five areas:
The Importance of Adapting Outsourcing Practices
Ocorian advises asset managers, particularly those reliant on third-party vendors for critical functions, to adapt their outsourcing practices to align with DORA’s requirements. This includes ensuring that all service providers are DORA-compliant, conducting necessary risk assessments and penetration testing, and clearly defining compliance expectations within contracts. Continuous monitoring of third-party compliance will also be essential.
Steps to Achieve DORA Compliance
Ocorian suggests several practical steps asset managers can take to meet DORA requirements without overhauling existing systems:
Sharon Hodder, Head of Business Partnering – Technology at Ocorian, reassures asset managers: “While DORA compliance may seem challenging, it is achievable through a pragmatic approach that builds on existing practices. By leveraging current governance frameworks and focusing on critical gaps, firms can achieve compliance without significant disruption.”
Stuart Geddes, Ocorian’s Chief Information Officer, adds, “Many fund administrators and service providers are already well-prepared for DORA. Our regulatory and compliance experts at Bovill Newgate are developing specialised services to support our clients and other institutions in achieving full DORA compliance.”