RegTech Intelligence


Article
Bridging DORA Gaps 2025

The latest JWG survey results and insights reveal why collaboration between vendors and firms is critical to operational resilience.

Contact us 

Introduction

The Digital Operational Resilience Act (DORA) is more than a looming regulatory deadline: it is a call to action for the entire financial ecosystem to rethink how our digital supply chain is managed, as PJ Di Giammarino, CEO, JWG noted at the European Cossiom Market Data Conference on 22 November 2024.

With the 17 January 2025 deadline approaching rapidly, many firms remain underprepared, grappling with fragmented risk management frameworks, inconsistent vendor alignment, and limited collaboration.

Key messages

DORA compliance requires a shift from checkbox exercises to an integrated approach, which leverages data-driven insights, advanced tooling, and strategic partnerships.

In short: financial entities must adopt AI-powered RegTech and prioritize global resilience; suppliers must foster transparency and align with client practices; and regulators must drive education and collaboration through standards bodies.

With coordinated action, stakeholders can transform DORA from a compliance challenge into a strategic advantage, ensuring resilience and trust in an increasingly complex financial ecosystem.

JWG Survey Results: The Alarming State of Readiness

Our  recent industry survey paints a stark picture of DORA preparedness.

  • Risk Management Frameworks: Only 50% of firms reported progress for this foundational area.
  • Subcontracting and Security Policies: Moderate progress has been made, but significant gaps remain.
  • Audit and Incident Management: Alarmingly low levels of readiness observed, with many firms lacking robust systems.

“The things people had the most problems with are the detailed and operational aspects of compliance,” PJ explains. “Ironically, these are the easiest to address if we adopt common standards.”

This uneven progress highlights the urgent need for action, especially considering the compliance deadline is right around the corner.

The Broader Context: DORA’s Global Implications

DORA is not an isolated regulation. Similar frameworks are emerging worldwide, creating a continuous cycle of compliance.

Fifty-two days after DORA’s January implementation, the UK will follow suit, and then in July, Australia’s new rules come into effect. Beyond that, we’re facing AI, cyber, and quantum regulations in 2025. This marathon isn’t ending anytime soon.

Operational resilience must be viewed holistically, with an emphasis on aligning practices across buy-side and sell-side workflows, exchanges, and data services. We need to think about the end-to-end flow.

Why DORA is More Than a Legal Obligation

DORA goes beyond legal contracts and necessitates a deep shift in governance, risk management, and operational collaboration.

End-to-End Risk Controls: DORA introduces a new era of integrated risk management. DORA will require firms to unify legal, IT, and operational controls – and to align them with suppliers.

Leadership Accountability: DORA and senior management regimes are driving cultural change, with decision-makers now expected to sign-off on OpRes risk. Leaders are being forced to prioritize compliance in ways we haven’t seen before. This shift will challenge firms to adopt more strategic, coordinated approaches to governance.

The Role of Vendors: Aligning for Success

Vendors are integral to the DORA ecosystem, but inconsistencies in communication and interpretation pose challenges.

For instance, if vendors are asked by ‘Firm A’ to comply with DORA in one way, and then by ‘Firm B’ in a completely different manner, they’re left confused. Without any form of standardization, vendors aren’t able to align their practices to support us effectively. Therefore, it’s in both their and our best interests to take the necessary steps.

Key Steps for Vendors:

  1. Foster Transparency: Open communication with clients about processes and controls is essential.
  2. Build Resilience Partnerships: Collaboration with clients can strengthen operational resilience.
  3. Leverage Competitive Advantage: Meeting DORA standards isn’t just compliance—it’s a chance to gain a market edge.

With better tooling and clear expectations, vendors can help build resilience while strengthening their customer relationships. See JWG’s ‘Supplier countdown DORA: T-40’ here for more insights.

Integrated Management Systems: The Key to DORA Compliance

The importance of integrated management systems as the foundation for compliance can’t be underestimated. This isn’t about bolting on solutions, it’s about creating a unified framework that connects data, governance, and operations.

Key Benefits of an Integrated Management System:

  1. Enhanced Visibility: Real-time tracking of critical data flows.
  2. Streamlined Processes: Simplified audits, testing, and incident management.
  3. Improved Vendor Collaboration: Consistent risk management across third-party relationships.

Practical Steps for Firms

To bridge the gaps in readiness, financial entities need to:

  1. Tooling and resources: You need to invest in dedicated resources to map business-critical data flows and identify risks. This isn’t optional—it’s fundamental.
  2. Collaborate across the industry: We need convening power to bring market conversations together. Working groups like market data are fantastic, but we need more of them.
  3. Prepare globally: Get ready for more OpRes regimes, AI, cyber, quantum, and other rules which will build upon these requirements in 2025.
  4. Align with vendors: Clear, consistent communication helps vendors adapt their practices to support compliance.
  5. Engage senior leadership: Treat DORA as a strategic priority. The consequences of non-compliance—fines, reputational damage, even existential threats—are too severe to ignore.

For Regulators and Associations: Driving Education and Standards

Regulators and industry associations play a crucial role in facilitating DORA implementation.

Key Actions:

  • Ramp-up education: Help firms and vendors understand DORA’s complexities.
  • Promote sector-specific alignment: Focus on workflows, like buy-side operations and OTC broking.
  • Engage standards bodies: Collaborate with organizations like ISO TC 68, FINOS, and FIX Trading Community to create unified frameworks.

“Formal standards and practice groups are essential for streamlining compliance.”

Conclusion: The Time to Act is Now

DORA represents a seismic shift in how the financial industry approaches operational resilience. We’re at the early stages of a very long marathon. But the time to act is now.

Financial entities, suppliers, and regulators must embrace collaboration, adopt integrated systems, and prioritize compliance at the leadership level. The stakes are high, but so are the rewards for those who get it right.

Final Call to Action:

  • For Financial Entities: Replace checkboxes with data-driven insights, invest in RegTech, and prepare globally for future regulations.
  • For Suppliers: Build transparency, align with clients, and embrace resilience as a competitive edge.
  • For Regulators and Associations: Promote education, foster alignment, and engage standards bodies.

Upgrade your OpRes with RegDelta

RegTech is at the forefront of better, faster, cheaper, and safer OpRes solutions for 2025 change programmes.

JWG’s OpRes RegDelta enables evergreen linkage with your policies, procedures, and contracts, boosted by our LLM partners, which your teams can interrogate, saving time in spotting and closing your gaps.

Learn how in our new 2-minute video.

Want to arrange a demo? Please contact Corrina.stokes@jwg-it.eu.

Learn more

We’ve come a long way since we published ‘DORA’s data problems begin in 400 days – already back of the pack?‘ here in July 2023! Discover how DORA differentiates itself from other directives and what it means for regulators, firms and suppliers alike in JWG’s research:

  • ‘Supplier countdown DORA: T-40’ here
  • Scaling OpRes Mountain: The New Risk Frontier: here
  • Navigating OpRes storms in 2025 here
  • ‘Winning the OpRes Marathon’ here
  • RegTech Newsletter: here
  • RegCast Season 5: Winning the OpRes Marathon here

Contact us 

To promote global dialogue on how to deliver regulatory change JWG post hundreds of focused articles a year to thousands of subscribers. Get involved and join the mail list.

By hitting the subscribe button you agree to our Privacy Policy