Rupert Colbourne, Chief Technology Officer at Orbus Software
As the EU’s Digital Operational Resilience Act (DORA) takes effect in January 2025, financial services firms face growing pressure to implement digital risk management frameworks and strengthen operational resilience to meet compliance requirements.
These new resilience obligations follow years of digital transformation across the industry. Widespread cloud migration and innovative applications of Artificial Intelligence (AI) and Machine Learning (ML) have been driven by the pursuit of greater efficiency and improved service offerings. These technological advancements have become deeply integrated with business processes. As a result, digital innovation is increasingly tied to overall resilience. Technology outages, for example, can be hugely damaging to operations and the bottom line.
While achieving DORA compliance may seem like a daunting task, it also presents a valuable opportunity. Establishing a holistic and strategic view of all IT and data assets can help businesses align IT change and management to achieve the overarching objectives of the business.
Evolving compliance demands
DORA acknowledges a growing reliance on digital applications and services and its potential consequences for resilience in financial services and banking. Its scope is broad: although EU legislation, non-EU firms with operations on the continent will more than likely find themselves liable to adhere to DORA to avoid regulatory penalties.
Financial services firms can use thorough IT audits and assessments of business processes to guide strategic improvements that enhance resilience to a level that DORA mandates. An Enterprise Architecture (EA) platform is best placed to carry out such due diligence – and the challenges it solves are critical.
McKinsey reports that just five to ten cents of every dollar spent on technology will provide additional business value. The remaining budget goes to managing ageing infrastructure and implementing mandatory changes. This outdated infrastructure poses a significant obstacle to resilience, as legacy systems create data silos and are harder to integrate with modern applications, limiting the visibility of risks.
The core issue is that legacy infrastructure dependencies are difficult to map without a comprehensive view of the entire IT landscape, which connects business processes, data, applications, and technology. An EA platform can provide this view, making it a valuable tool for financial services firms mapping systems and risk scoring in preparation for DORA.
Organisational transformation requires a unified vision
EA platforms go beyond simply aiding in the decommissioning of legacy systems. They are built to map all IT assets and processes, aligning transformation initiatives with the organisation’s strategic goals.
Financial institutions will already be familiar with the suite of IT solutions that drive resilience through strengthened risk management and incident response. However, EA stands out by aligning technology with business processes. A centralised source of business capabilities, processes, applications, data, and technology assets offers the clearest view of an organisation to guide transformation.
Getting ready for DORA could be viewed as a drag on time and resource. For many organisations that fall under DORA’s remit, however, this period of change is a valuable opportunity to evaluate the alignment of business processes and IT operations. EA can strengthen that alignment and, in the process, drive greater resilience, bolstered by a holistic view of the entire IT estate. This shouldn’t be looked over in the search for technological solutions and innovations.
