If you’re a provider of IT solutions to certain regulated financial institutions (e.g. banks or insurance companies), they may have contacted you about ‘DORA’.
The DORA regulations are the "Digital Operational Resilience Act" regulations, which are European Union laws that mandate a robust framework for financial institutions to manage risks related to their IT systems, data, and digital operations. Whilst these are European laws, the majority of UK financial institutions will have to follow them as they have close ties with and do business in the EU.
If your client contacts you about DORA, they are likely to be asking for an amendment to your current supply contract. DORA requires financial institutions to have certain clauses in their contracts with you as a supplier - ensuring your organisation has appropriate protections and procedures in place.
If they send you a DORA document to sign, don’t just sign it. We’re seeing a lot of DORA amendments that go much further than the DORA requirements. We can help to make sure what they are asking is reasonable and follows DORA. If you’ve got a lot of financial institutions as clients, it may be worth preparing your own DORA schedule – we can also help with that.
