Dora has the financial sector on the run

For several months now, this first name has been the only thing on their lips: Dora is on the conference agendas of professional associations, in the diaries of financial sector professionals and in communications from the Commission de surveillance du secteur financier (CSSF). A new darling of finance? A new episode of Dora the Explorer? The answer could not be more serious – with a hint of apprehension. Dora is the acronym for the Digital Operational Resilience Act, a European law that must be applied by all financial entities operating in the European Union.

"The aim of Dora is really to improve what we call the digital resilience of the financial sector in Europe", explains Cécile Gellenoncourt, Head of the Supervision of Information Systems and Financial Sector Professionals Support Department at the CSSF. "We tend to think of cyberattacks, and Dora covers those too, but it's not just about that. The digital resilience of an entity means that it manages to keep its IT capabilities and everything that supports its business functions up and running even in the event of a disruptive event. This could be a cyberattack or a bug, or even a physical problem in a data centre. The malevolent aspect is not the only one taken into account."