The deadline for organisational compliance with DORA is at our doorstep. With the 17th of January 2025 just under 6 months away, it’s safe to say that the clock is ticking for financial services to be ready for the regulation. Preparing for such a significant piece of regulation can be difficult for financial organisations of all sizes, but it is equally important for businesses to recognise the specific advantages they have to make the compliance journey smoother.
Legacy systems come with legacy knowledge
For large financial businesses, there are a variety of structural challenges that may make complying with DORA tricky. Legacy technology still underpins many financial institutions, and updating this stack to implement effective risk management frameworks is likely to require significant time and resource investment.
Siloes are one of the most common challenges facing organisations, especially those reliant on legacy technology stacks. Large organisations can have significantly siloed departments that rarely speak to each other. But in order to build a compliant structure, departments must be able to communicate easily, and work in tandem around each other’s challenges.
Reportedly, siloes are one of the leading factors limiting collaboration in three out of four companies. Tackling this can be a significant challenge for big organisations as it involves a culture shift to establish new ways of working, where data and information can flow freely across departments. An important benefit of doing this is that it boosts data visibility within a business, which in turn means it becomes easier to manage. DORA needs to be situated firmly on the radar for compliance departments, IT departments, and seen as an integral part of the business plan. Only then can large institutions embrace the regulatory and cultural shift needed for an effective successful adoption of necessary DORA processes.
On the other hand, long-standing financial institutions also have advantages when it comes to compliance. In an industry that is arguably the most regulated, they have potentially decades of experience in navigating various compliance requirements, and these learnings can be applied to approaching DORA as well. So, although they will have larger quantities of legacy technology, and many unchanged processes, larger financial services will find they have structural experience of adapting to regulation, making DORA less daunting. The availability of regulatory knowledge and experience is something that isn’t as easily afforded to newer start-up financial services.
Cloud first, Siloes second
In contrast, a lot of newer businesses, startups and technology companies that offer financial services don't always currently have to abide by the same regulations, so may be challenged by their lack of experience in navigating complex regulatory landscapes and changes. For many, this could be one of their first major regulations to document compliance for. This means they may not have an established process or framework in place. In addition, smaller companies may also face challenges such as a lack of compliance culture, and scalability issues. As newer fintechs continue to expand, their compliance measures need to follow suit and scale accordingly. Unplanned compliance expansion can be costly and complex when it involves major adjustments to initial setups and systems.
However, where smaller cloud-first organisations massively benefit is in their agility and adaptability. By being digital first, many businesses may be surprised at how much of the regulations they are already meeting. Some of the challenges facing larger organisations such as siloed departments and limited communication will be less of an issue for newer financial organisations who can implement technology like unified communications tools to break down siloes.
Every cloud has a silver lining
Undoubtedly, financial services organisations must finalise their approach to DORA now in order to be ready in time for January. For larger businesses, when cross-department collaboration can be implemented and experts can share their experiences with previous regulations, DORA compliance confidence can rise. And for smaller start-up fintechs, perfecting the process and leaning into their cloud-first approach will aid them in meeting these necessary compliance obligations. Financial services organisations must identify the specific challenges facing their adoption of DORA-compliant processes. Knowing the advantages that will make their journey to regulatory success easier, will paint a clearer compliant picture ahead of January 2025.