RegTech Intelligence


Article
Navigating OpRes with RegTech

In today’s interconnected world, operational resilience has become a top priority for financial institutions.

With the implementation of the EU’s Digital Operational Resilience Act (DORA), organizations are being urged not only to get ready for storms, but to strengthen their overall infrastructure and how their fate is tied to the fleets they sail with.

Captains of industry must build a better ship rather than just preparing for storms by reorienting their crew toward a long-term, foundational approach to resilience, embedding it within every part of an organization’s DNA. This won’t be possible with spreadsheets and checkers ticking boxes – new AI-powered RegTech is the order of the day.

Contact us 

Building Better Ships: A Proactive Approach

DORA encourages firms to develop more robust organizations —“ships” that can withstand not only isolated crises, but the continuous disruptions brought about by technological change and global events.

Sajjad Khan, former banking IT COO now ingrained in AI transformation, articulates this idea well in JWG’s RegCast Episode 3: “DORA is about building a better ship, not just preparing for a storm.” The approach to resilience must be proactive, requiring financial institutions to think about their infrastructure, relationships with vendors, and the risks that may arise from interconnected sectors, technologies and suppliers.

Rather than merely reacting to individual crises, organizations need to shift their focus to building stronger, more resilient systems and controls.  DORA pushes organizations to assess their operational resilience by mapping critical business processes, understanding where vulnerabilities lie, and actively working to minimize these risks.

Navigating the Fleet’s Systemic Risks

One of the most significant challenges DORA addresses is the systemic risk inherent in today’s interconnected financial ecosystem. As further expressed by Chris Owers, Global Head of Regulatory Compliance First Solutions, organizations are part of a “fleet of ships—each one affecting the others in times of crisis.

For example, during the CrowdStrike incident, several institutions experienced downtime due to the reliance on the same critical vendor. This highlighted the importance of collective risk management across the entire ecosystem.

Operational resilience is no longer about single organizations, but about the collective health of the financial system. Firms must be aware of their third- and fourth- and fifth- and sixth-party risks, understanding how dependencies on vendors can create vulnerabilities across the ecosystem.

Just as the fleets of old faced challenges from unpredictable weather, enemy forces, and underwater threats, today’s financial institutions must contend with the complexities of a highly interconnected supply chain. Outages, cyber incidents, and geopolitical events can now have far-reaching impacts on the entire financial ecosystem. The failure of one “ship” in the fleet can send ripples across the entire industry, making real-time vendor monitoring and collaboration between firms essential.

The Impossibility of Chasing Zero Risk

The pursuit of zero risk is not only impractical but also costly. As the analogy suggests, the safest ship would never leave the harbour.

PJ Di Giammarino, CEO of JWG notes “the cost of being 100% ship-shape is infinite,” and while firms should strive for operational resilience, chasing zero risk is not the answer.

Instead, the focus should be on balancing the cost of compliance with practical strategies that ensure resilience in a manner that fits with industry norms without draining resources.

Firms need to assess their risk tolerance and focus on what is achievable within their infrastructure, technologies, and vendor relationships. The deployment of AI-powered RegTech will be key.

Technology as the Backbone of Operational Resilience

To build resilient organizations, firms must embrace technological advancements. The complexity of today’s financial systems means that traditional methods of managing risk—such as spreadsheets and manual processes—are no longer sufficient. Instead, organizations need to invest in AI-driven solutions for data mapping, compliance automation, contract management, and real-time vendor monitoring.

Technology is crucial in helping organizations comply with DORA’s requirements. AI can automate processes like contract reviews, ensuring that third-party contracts align with operational resilience goals. It can also assist in real-time vendor monitoring, flagging potential issues before they become significant disruptions.AI also plays a role in mapping critical business processes, allowing firms to understand which vendors and systems are essential to their operations. With this information, firms can mitigate risks and ensure that resilience is built into their operations from the ground up.

Shifting the Cultural Mindset: From Compliance to Competency

One of the most important imperatives brought on by DORA is the cultural shift required to embed operational resilience within organizations. Resilience must become a core competency rather than just a compliance exercise. This means that every level of the organization, from the board to the C-suite, must be involved in building resilience.

Operational resilience should be seen as a competitive advantage. Firms that invest in resilience are more likely to weather future crises, protect their reputation, and maintain customer trust. In contrast, those that treat resilience as a checkbox exercise will be at a significant disadvantage, especially in an interconnected financial system where vulnerabilities can have far-reaching impacts.

Legislative initiatives like DORA, along with other global regulations such as the UK’s PS21/3 OpRes, collectively increase the business case for adopting advanced technologies. By leveraging AI and RegTech solutions, firms can not only achieve compliance, but also enhance their competitive edge in a rapidly evolving landscape. Investing in resilience becomes not just a regulatory necessity but a strategic advantage.

Conclusion: Operational Resilience as a Future Imperative

In conclusion, DORA represents a shift in the way organizations approach operational resilience. Rather than focusing on individual crises, firms must build resilient infrastructures that can withstand the complexities of an interconnected financial system. This involves embracing new technologies, fostering stronger vendor relationships, and embedding resilience as a core competency across the organization.

Operational resilience is no longer optional; it is a critical part of doing business in the digital age. Firms that invest in resilience will not only comply with regulations like DORA, but also position themselves as leaders in a competitive, interconnected financial landscape.

Listen to the experts in RegCast Season 5 Episode 3 – Building OpRes technology muscle  

JWG here; Apple here; Spotify here

Learn more from JWG:

Discover how DORA differentiates itself from other directives and what it means for regulators, firms and suppliers alike in JWG’s research:

  • RegCast Season 5: The OpRes Marathon Winning the OpRes Marathon here
  • ‘EU vs. UK OpRes: Ready, Set, Resilient’ here
  • ‘Winning the OpRes Marathon’ here
  • ‘Taming the DORA dragon’ here for background
  • RegTech Newsletter: here

Contact us 

To promote global dialogue on how to deliver regulatory change JWG post hundreds of focused articles a year to thousands of subscribers. Get involved and join the mail list.

By hitting the subscribe button you agree to our Privacy Policy