search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
Data centres


cyber attacks. Whether in the United States or Europe, the danger is very real, and growing every day. The threat, in fact, has now led supranational bodies like the European Union to take firm steps to counter it, and one of the weapons in their arsenal is to introduce new regulations to ensure that banks – and, most importantly, their customers – are protected from catastrophic hacks.


New era, new rules Enter the EU’s Digital Operational Resilience Act (DORA). Adopted in late 2022, DORA is a new regulation that aims to improve the resilience of Europe’s financial sector to IT disruptions and cyber threats. The rules, due to come into effect in 2025, will apply to all financial institutions operating in the EU, including banks, insurers and investment firms. DORA is a significant piece of legislation that will have a major impact on the way financial institutions operate. Among other things, the regulations will require institutions to implement a number of measures to improve their digital resilience – including developing a risk management framework for IT systems, implementing incident reporting procedures, testing digital resilience, managing third-party risk and sharing information and intelligence with other institutions. Fundamentally, this complex set of obligations are a response to the growing threat of cyber attacks on the financial sector – as the problems of institutions like Capital One and UniCredit vividly prove. The DORA rules, for their part, are designed to help financial institutions to prevent and mitigate against these attacks, and to ensure that they can recover quickly from any disruptions that do occur. Perhaps most important, rules will have a major impact on the way banks and other financial institutions use cloud computing. Viewed as the cutting-edge of banking technology, cloud computing is a popular choice for financial institutions, allowing them to cut costs, improve efficiency and innovate more rapidly. Yet cloud computing also introduces new risks, such as the risk of data breaches and cyber attacks that are unique to its particular infrastructure. For instance, cloud services such as those offered by Microsoft Azure or Amazon Web Services use their own unique APIs, and any vulnerabilities in those can be exploited by wily hackers to gain unauthorised access to a bank’s sensitive data.


Making matters worse is that there are a very limited number of enterprise cloud service providers that can provide the sort of horsepower a large financial institution requires. This means that malicious hackers – often known as ‘black hats’ – need to only focus their research on a few given platforms. While these tech giants might hire the best and brightest, these tech experts can also be


Future Banking / www.nsbanking.com


tempted to turn to the dark side of cyber crime. The Capital One hack, indeed, was orchestrated by Paige Thompson, a former Amazon software engineer who found an exploit in a misconfigured firewall, and caused $250m worth of damage in the process.


Not such a cloudy future But if not even high-tech solutions like cloud computing are impervious to cyber threats, modern banking would equally be lost without them. Cloud computing, for its part, has become integral to financial institutions because, among other things, its scalability and agility allows them to share data in real-time and foster collaboration across the business. It goes without saying that this is critical in an industry that is time-sensitive – and often requires onerous compliance.


In legislating DORA, the EU has acknowledged how important the cloud is for business. There is, after all, little point in having excessive regulation throttling business activity, and financial institutions need to be able to operate with minimal disruption. And ensuring effective business while keeping consumers and institutions safe is precisely the point of DORA. For banks to be compliant with the rules, they will need to carefully assess the risks associated with using cloud computing – but with the understanding that they still need to use the cloud. As such, they will need to choose cloud providers that have strong security measures in place, and they will need to implement appropriate controls to protect internal and customer data. It is easy to see how these rules can constitute a major challenge for financial institutions. Yet they are also an opportunity, and it is hopeful that banks will view them as such. By taking the necessary steps to comply with the rules, financial institutions can improve their resilience to IT disruptions and cyber threats, all while building confidence with their customers and investors. DORA will also help them to maintain their competitive edge, not only through the safety that compliance could bring, but


Everyone, including the most-resourced banks, is susceptible to cyber criminals breaching their digital defences.


2025


The deadline for banks to institute the new DORA regulations.


Chambers and Partners 23


PopTika/Shutterstock.com


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41