The European Parliament today adopted the Digital Operational Resilience Act (DORA), a new regulation unifying standards for digital and cyber resilience in the financial sector.
Why it’s important: With much of the financial industry now “digital first,” more businesses rely on the security and availability of third-party digital services, including cloud service providers like Salesforce. This has created a new urgency for regulators to ensure the resilience of the infrastructure that underpins the sector — with DORA setting a benchmark for financial services regulation in Europe and beyond.
Driving the news: DORA is a first-of-its kind financial regulation aimed at strengthening the security of the financial sector and its resilience to an evolving cyber threat landscape.
- It harmonizes existing EU-wide industry measures and controls — including those covering risk management, incident management, and operational resilience testing.
- It also allows regulators to oversee and directly regulate third-party service providers that provide critical digital and data services to financial entities.
The bottom line: Salesforce is committed to ensuring the security and availability of its services for all customers and to achieving and upholding ongoing compliance with the applicable provisions of DORA.
- With compliance likely to be an iterative process contingent on evolving technical standards and regulatory engagement, Salesforce will continue to partner with financial services customers to manage operational risk, build trust, drive ongoing innovation, and support compliance for DORA and beyond.
- Salesforce has released this new FAQ to guide customers in the financial services sector who may be impacted by DORA.
Zoom out: With DORA’s adoption by the EU Parliament, a few steps remain before it’s passed into law.
- DORA is expected to be published in the Official Journal of the EU in late 2022 or early 2023.
- Financial institutions and their third-party service providers will then have two years to comply with its requirements, with DORA expected to be fully applicable by late 2024 or early 2025.
Explore further: Learn more about DORA, how it may affect your business, and what Salesforce is doing to prepare for compliance:
- Read the Salesforce DORA FAQ.
- Visit Salesforce’s Compliance and Security pages.