With the growing global attention around cybersecurity and the approaching deadline for compliance with DORA (Digital Operational Resilience Act), the Danish compliance platform Formalize has observed a significant increase in concern from financial entities that will need to adapt to this new EU regulation. The regulation has been criticized for being “unsustainable and unnecessarily resource-intensive.”
Formalize has reported a 57% increase in the number of companies seeking to comply with DORA globally over the last quarter. In Spain, over 300 people have registered for webinars on DORA compliance organized by Formalize, and the company expects to surpass 500 registrations by the end of the year.
Starting in January, as part of the EU’s efforts to strengthen the resilience of the financial sector against cybersecurity incidents, financial companies will be required to monitor and report cybersecurity threats to relevant authorities, as mandated by DORA. To comply with this regulation, companies must implement governance and risk management standards, develop incident response processes, and continuously test their systems. Additionally, they must regularly report to Spanish authorities such as CNMV, Banco de España, and DGS, using a specific format that includes 15 detailed Excel sheets with exhaustive requirements.
“Due to DORA, NIS2, the recent Crowdstrike disruption, and threats from countries like Russia; digital cybersecurity is a very high priority at the moment. We are seeing companies taking it seriously and being meticulous in their decision-making processes, but many are also surprised by the amount of work required to implement and maintain the specific requirements being proposed,” says Jakob Lilholm, CEO of the Formalize compliance platform.
Unsustainable and resource-intensive
With the new regulation, financial companies will need to communicate information about contracts, supply chains, and critical functions within the company. Formalize is already receiving an increasing number of inquiries from companies struggling to create the processes that the EU has mandated to come into effect in January.
“The intention to create a higher level of security with DORA is very good. The challenge for companies are the over 100 very specific format requirements that they must share with authorities. Implementing and maintaining reports through Excel sheets is an unsustainable and unnecessarily resource-intensive way of doing things,” says Kristoffer Abell, CTO of Formalize.
Software can report with a single click
Formalize’s compliance software helps companies simplify and automate their compliance processes, including reporting for DORA, allowing them to submit their data and generate a report in the correct format with just a click of a button.
“We believe that the work – particularly reporting – around DORA can be simplified and improved. That’s why we have made more efficient work possible in an integrated system, so companies spend less time complying with the new requirements,” says Kristoffer Abell. The DORA regulation will come into effect on January 17, 2025, and will apply to payment institutions, electronic money institutions, pension companies, insurance companies, and credit institutions, among others.