European Union (EU) regulators have approved a new proposal to subject financial services firms to stricter regulations to prevent and mitigate cyber threats.
Called, the Digital Operational Resilience Act (DORA), the new proposal is aimed at bolstering the IT security entities, such as banks, insurance companies and investment firms operating in the bloc.
The development comes amid rising concerns that financial services providers are increasingly relying on a handful of cloud services providers for critical functions and operations.
Potential disruption to any one of the ‘critical’ cloud service providers could impact services across multiple companies.
DORA sets security requirements for financial services firms, as well as important third parties who provide them with ICT-related services, such as cloud platforms or data analytics services.
It creates a regulatory framework on digital operational resilience, which will require all businesses to ensure that they can withstand, address, and recover from all forms of ICT-related threats and disruptions.
Czech Republic Minister of Finance Zbyněk Stanjura said: “We live in uncertain times. Banks and other companies which provide financial services in Europe already have plans in place for their IT security, but we need to go one step further.
“Thanks to the harmonised legal requirements which we adopted today, our financial sector will be better able to continue to function at all times. If a large-scale attack on the European financial sector is launched, we will be prepared for it.”
In June this year, the UK government suggested granting financial regulators more authority to regulate ‘critical’ third-party cloud service providers.