Operational Resilience: Countdown to DORA Webinar Write-Up
On Thursday, the 24th of October, the virtual FinTech community came together for a highly engaging webinar, titled ‘Operational Resilience: Countdown to DORA,’ hosted in partnership with Escode, part of NCC Group.
The session saw fantastic engagement with 70 attendees joining, nearly ten audience questions, and ten participants taking part in an interactive poll on DORA-readiness.
For those who couldn’t make it, you can watch the webinar here.
Joe Roche, General Manager at FinTech North, opened the session by sharing his thanks with Escode for their continual support as Strategic Partners and referencing their continued collaboration on events.
Welcome and regulatory scene setting from Escode, part of NCC Group
He then provided an overview of FinTech North’s strategy, activity and events, before welcoming Adrian Ah-Chin-Kow, Global Commercial Director at NCC Group to the virtual stage. Adrian provided an overview of escrow, describing the legal agreement’s model as aiming ‘to protect all parties.’
He went on to share an brief overview of the organisation, the breadth of their work in risk mitigation, being a world market leader in software assurance with 40 years in the space.
Next, joining Adrian on the virtual stage was Wayne Scott, Regulatory Compliance Solutions Lead at Escode, part of NCC Group. In their discussion,Wayne and Adrian covered the fundamentals of the Digital Operational Resilience Act (DORA), emphasising its role in enhancing the operational resilience of financial institutions. They defined operational resilience as the ability to prepare for and recover from disruptions while maintaining critical functions.
They examined the evolving regulatory landscape, noting that key drivers include digital reliance and the need for robust risk management. DORA imposes stringent requirements not only on financial institutions but also on their critical third parties.
Wayne stressed the importance of being regulation-ready, advocating for proactive assessments to identify compliance gaps and create a clear roadmap for achieving milestones. Finally, they highlighted the relevance of escrow services in safeguarding sensitive data and processes, thereby strengthening operational resilience in line with DORA’s requirements.
Operational Resilience: Countdown to DORA – a Panel Discussion
The panel, expertly chaired by Angela Yore, CEO of SkyParlour, consisted of experienced leaders from a range of compliance, technology, and business transformation organisations, and brought together a wealth of industry expertise:
- Wayne Scott, Regulatory Compliance Solutions Lead at Escode, part of NCC Group
- Jawad Kiani, Compliance Manager at Lenvi
- Richard Curtis, Technology Assurance Director at RSM
- Jackie Kingham, Director, Business Transformation UK at Raisin
Jawad opened by explaining that while frameworks for operational resilience have existed, DORA formalises these requirements, impacting over 20,000 organisations and addressing a range of risks. He emphasised that these measures are valuable no matter what stage a business is at, particularly for FinTechs expanding into the EU, stating that “regardless of the business type, these are good measures to have in place.”
Wayne highlighted the opportunities DORA presents for FinTechs to differentiate themselves by demonstrating resilience and reliability, even in the face of potential operational failures. He stressed the importance of ongoing scenario testing and the need to “embrace failure – if you’re passing all of your scenario tests, you’re doing something wrong.” Wayne also underscored the importance of building a culture that rewards ethical and sound behaviour rather than focusing solely on financial incentives, noting that “something not being resilient is not the nail in the coffin – raise the baseline over time, understand risk.”
Richard spoke about the regulatory prohibitions against concentration risk, cautioning organisations not to rely on a single service provider. This, he noted, increases complexity and costs but ultimately strengthens operational resilience. He also pointed out that “whilst the UK may not adopt DORA in its entirety, the UK will tailor existing regulatory requirements.” Richard emphasised that firms must undertake a comprehensive gap analysis to assess their current risk management processes and adjust for DORA’s requirements. He also stressed that “between 80 and 95 per cent of all cyber-attacks are the result of human error,” highlighting the importance of educating boards on cybersecurity risks and fostering a security-first culture. Richard further highlighted that one of the crucial mandates of DORA is that Boards of financial services organisations will be accountable for ICT risk by law.
Jackie discussed the practical steps compliance teams can take, such as conducting regular audits and testing with third-party vendors and highlighted the importance of having a dedicated operational resilience focus within teams. She emphasised the need for businesses to maintain detailed maps of their critical functions, particularly those reliant on external vendors, and the necessity of ongoing due diligence. Jackie further stressed that FinTechs are well-positioned to turn DORA compliance into a competitive advantage by leveraging their agility and speed, noting that “FinTechs are in a good position where they can change and adapt – a real opportunity to turn ‘burden’ into competitive advantage against larger organisations because of speed and agility.”
Angela rounded off the discussion by addressing the challenges for SMEs in managing the additional workload DORA brings, though she stressed that operational resilience is everyone’s responsibility. She highlighted the potential for FinTechs to quickly adapt frameworks into their day-to-day operations, saying, “we can implement frameworks as part of our everyday lives; you can jump on change as and when they’re happening.” Angela also underscored the importance of using this opportunity to improve standards across the board.
Throughout the discussion, the panellists highlighted the need for cultural changes within organisations, ensuring that resilience, security, and ethical behaviour are embedded at every level. They stressed the importance of continuous improvement, testing, and scenario planning to meet the evolving standards of DORA and future global regulations.
As the webinar drew to a close, it became evident that the discussion could have continued for much longer, given the wealth of knowledge and insights shared by our panelists. The topics of DORA and operational resilience are not only complex but also incredibly relevant in today’s rapidly evolving financial landscape. This is a cross-sector and cross-country issue that affects a wide range of organisations, highlighting the pressing need for all to adapt to regulatory changes and strengthen their resilience strategies.
The experts underscored that operational resilience is more than just a compliance requirement; it is a crucial element for the sustainability and competitive advantage of financial institutions. With such a rich dialogue, it is clear that this topic should be top of mind for everyone in the industry, as there is much to learn from one another’s experiences and approaches.
