Financial firms in the European Union will have to demonstrate how quickly they can recover from a cyberattack as dependence increases on cloud giants like Amazon, Microsoft, Google, and IBM, the EU said on Monday.

Regulators are concerned about the extent to which banks, insurers, and financial institutions shift crucial processes and operations to just a handful of cloud platforms. According to authorities, a malfunction at one cloud vendor could disrupt services at multiple financial institutions.

To address the issue, Brussels has been working on the Digital Operational Resilience Act (DORA). The EU Council, representing the EU’s 27 member states, recently announced that the DORA has been officially approved.

Preparing for cyberattacks

Banks and other financial institutions already have extensive strategies for IT security. Still, more is required to ensure their resilience in the face of significant disruptions, according to Zbynek Stanjura, finance minister of the Czech Republic, which currently holds the EU presidency.

Stanjura said that the EU’s financial industry will be better prepared to perform at all times due to the criteria of the DORA. The regulations will apply to both financial institutions and ‘critical’ third-party providers of cloud-based services.

United Kingdom

EU securities, insurance and banking regulators will draft technical regulations to implement the new legislation. The European Parliament has already granted its approval. The law will go into effect toward the end of 2024.

Britain, which is no longer a member of the EU, has its own take on the DORA. In June, government officials said that regulators would be granted the authority to select which outsourcing services would be subject to direct supervision by the Bank of England and the Financial Conduct Authority.

Tip: ‘Lack of CIO-CFO cooperation hinders growth’