The next big beast on the regulatory horizon

Digital Operational Resilience Act (DORA)

On 24 September 2020, the European Commission published its draft Digital Operational Resilience Act (DORA) as part of the Digital Finance Package (DFP). The legislative proposal largely builds on regulatory initiatives introduced by various European regulators, including the European Central Bank (ECB), and combines them in one regulation. DORA shifts the focus from only guaranteeing firms’ financial resilience to also ensuring they can maintain resilient operations through an incident of severe operational disruption.

DORA and its impact on Swiss financial entities and ICT service providers

Check if you are impacted


The need for legislative action follows from the increasing reliance of the financial market on information and communication technologies (ICT). This is due in part to the Covid-19 crisis, which acts as a catalyst as financial firms rely even more on their digital systems, starting with remote access from the home office to payment services and all sorts of complex financial services. Consequently, the voluminous DFP presented by the Commission includes, among others, the following:

  • a digital finance strategy,
  • legislative proposals on crypto-assets and digital resilience, and
  • a renewed retail payments strategy.

The goal is to create a competitive EU financial sector that gives consumers access to innovative financial products while ensuring consumer protection and financial stability and turning Europe into a global digital player.

DORA at a glance

DORA aims to establish a comprehensive and cross-sectoral digital operational resilience framework with rules for all regulated financial institutions. Banks, stock exchanges, clearing houses as well as fintechs will have to respect strict standards to prevent and limit the impact of ICT-related risks.

DORA lays down uniform requirements for the following topics. We summarised the most important for you: 

  • Streamline and upgrade existing rules on ICT governance 
  • Internal controls and governance structures for ICT risks 
  • Monitoring of ICT risk management 
  • Approval and control processes, ICT investments and training
  • Establish a LCM process to monitor and log ICT-related incidents
  • Manage ICT risks
  • Maintain resilient ICT systems and tools
  • Submit initial, intermediate and final reports on ICT-related incidents
  • Establish a framework for critical ICT third-party risks
  • Review ICT services provided by ICT third-parties
  • Control your outsourcing contracts
  • Test ICT risk management frameworks on a regular basis (SWOT)
  • Ensure the prompt implementation of corrective measures
  • Testing requirements will be proportionate to a financial entity’s size, business and risk profile

Who is impacted?

Basically every financial market participant is impacted by DORA, such as banks, investment firms, management companies, crypto asset providers, insurance companies, trading venues and more. DORA introduces new compliance obligations, so be ready for the digital finance packages and start early with an impact assessment. DORA will be published in the Official Journal of the European Union and will enter into force. The Act is expected to become applicable around Q1 2023.

How can PwC help you?

Due to our broad experience regarding the implementation of new regulations, our experts can help you to understand the new obligations and support you in the ICT transformation. Understanding the obligations is key for a proper transformation.

  1. DORA – ICT regulatory gap analysis

  2. Design ICT risk compliant management framework 

  3. Digital operational resilience testing

  4. Design information sharing arrangements

  5. Support in the ICT transformation 

Please see our dedicated services offering to help you comply with all necessary regulations. Let us do the work so that you can focus on your core business.

Contact us

Dr. Antonios  Koumbarakis

Dr. Antonios Koumbarakis

Partner, Sustainability & Strategic Regulatory, PwC Switzerland

Tel: +41 58 792 45 23

Alexandra Burns

Alexandra Burns

Partner, Leader Financial Services Risk Consulting & Internal Audit, PwC Switzerland

Tel: +41 58 792 46 28

Patrick Akiki

Patrick Akiki

Partner, Financial Services Market Lead, PwC Switzerland

Tel: +41 58 792 25 19

Matthias Leybold

Matthias Leybold

Partner Cloud & Digital, PwC Switzerland

Tel: +41 58 792 13 96

Moritz  Obst

Moritz Obst

Strategic Regulatory & Sustainability Services, Legal, PwC Switzerland

Tel: +41 58 792 47 19