{"id":1475,"date":"2025-07-20T11:57:08","date_gmt":"2025-07-20T11:57:08","guid":{"rendered":"https:\/\/ft365.org\/index.php\/2025\/07\/20\/most-european-financial-firms-still-lagging-on-dora-compliance\/"},"modified":"2025-07-20T11:57:08","modified_gmt":"2025-07-20T11:57:08","slug":"most-european-financial-firms-still-lagging-on-dora-compliance","status":"publish","type":"post","link":"http:\/\/ft365.org\/index.php\/2025\/07\/20\/most-european-financial-firms-still-lagging-on-dora-compliance\/","title":{"rendered":"Most European Financial Firms Still Lagging on DORA Compliance"},"content":{"rendered":"
\n

\"Photo<\/p>\n<\/div>\n

\n

Most European financial services organizations are still not meeting requirements set out in the EU\u2019s Digital Operational Resilience Act (DORA), six months after the law came into effect.<\/p>\n

This is according to research by Veeam, which found that 96% of financial companies it surveyed in this region believe their current level of data resilience falls short of DORA compliance.<\/p>\n

Financial services firms also reported facing significant unforeseen challenges around DORA compliance. Nearly half (41%) said their IT and security teams have faced increased stress and pressure as a result of the regulation, while 37% are dealing with higher costs passed on by ICT vendors.<\/p>\n

In addition, 20% have yet to secure the necessary budget to meet DORA requirements.<\/p>\n

Over a fifth (22%) of respondents felt that DORA\u2019s design could have been improved to assist compliance, such as improved simplification, clarification and more detailed third-party risk guidance.<\/p>\n

DORA officially entered into force on January 17, 2025. The legislation places new cyber resilience requirements on financial services organizations, including banks, insurance and investment companies. Third-party IT providers within the financial industry are also in scope.<\/p>\n

While DORA is an EU law, it also applies to many global organizations that operate in the region.<\/p>\n

Regulators have the power to impose huge penalties for non-compliance, up to 2% of global annual turnover or \u20ac10m ($11.6m), whichever is higher.<\/p>\n

Third-party organizations may also face fines of up to 1% of their average daily global turnover for each day of non-compliance, for up to six months.<\/p>\n

Read now: DORA Compliance Costs Soar Past \u20ac1m for Many UK and EU Businesses<\/em><\/p>\n

Third-Party Risk Management the Biggest Challenge<\/strong><\/h2>\n

Third-party risk oversight was viewed as the hardest DORA requirement to implement, cited by 34% of respondents. This is likely as a result of the vast number of third-party networks used in the financial services industry.<\/p>\n

A fifth (20%) said they still have not implemented DORA-compliant third-party risk oversight.<\/p>\n

Many organizations reported still being in the process of implementing other key DORA requirements, including:<\/p>\n