Unwrapping DORA

EU and UK Operational Resilience (OpRes) implementation packages are creating nervousness at end-of-year gatherings this year. In the wake of CrowdStrike this July, regulators pushed ahead with their detailed standards, and we have now catalogued over 93 documents, spanning 3,304 pages and nearly 46,000 paragraphs across our EU, UK documents, which defines the law of


Bridging DORA Gaps 2025

The latest JWG survey results and insights reveal why collaboration between vendors and firms is critical to operational resilience. Contact us  Introduction The Digital Operational Resilience Act (DORA) is more than a looming regulatory deadline: it is a call to action for the entire financial ecosystem to rethink how our digital supply chain is managed,


Supplier countdown DORA: T-40

As the clock ticks down to the EU’s 17 January 2025 Digital Operational Resilience Act (DORA) deadline, suppliers face a unique opportunity to redefine their role. This isn’t just about compliance—it’s about fostering transparency, breaking silos, and becoming true partners in resilience. Far from being too late, now is the perfect time to get started.


DeFi RegTech Opportunities: 2025

As the Digital Operational Resilience Act (DORA) prepares to reshape the regulatory landscape for digital asset providers by 2025, businesses are under increasing pressure to implement robust operational resilience strategies. As JWG and Memery Crystal’s ‘Decoding DORA’s Digital Asset Impact’ roundtable, held under Chatham House rule with industry experts revealed this month, the distinct challenges


Despite various regulatory initiatives, the road to robust operational resilience is far from clear. We are still very much in the “foothills” of creating effective, adaptable resilience frameworks. Firms and their suppliers should view the Digital Operational Resilience Act (DORA) as the foothills of the Operational Resilience (OpRes) mountain, not the gold standard. By the


Navigating OpRes Storms in 2025

This week, ten leading financial institutions gathered at JWG’s Winning the OpRes Marathon roundtable in London to debate the evolving challenges of the Digital Operational Resilience Act (DORA) and other global Operational Resilience (OpRes) regulations. Hosted by First Derivative and facilitated by JWG under the Chatham House Rule, the discussions underscored the urgency for financial


Navigating OpRes with RegTech

In today’s interconnected world, operational resilience has become a top priority for financial institutions. With the implementation of the EU’s Digital Operational Resilience Act (DORA), organizations are being urged not only to get ready for storms, but to strengthen their overall infrastructure and how their fate is tied to the fleets they sail with. Captains


EU vs. UK OpRes: Ready, Set, Resilient!

In the global race for Operational Resilience (OpRes), climbing the DORA hill is the ultimate test for financial entities in Q125. JWG’s analysis reveals that DORA standards equips institutions for the UK’s requirements but the gap between UK obligations and DORA will trip some runners up. The reality is becoming clear: financial entities and their


Background: The EU digital asset agenda is not all about MiCA. To offer digital assets in Europe and the UK, firms and their suppliers will need to adhere to the EU Digital Operational Resilience Act (DORA) and corresponding UK regime in Q1 2025. Key insight: JWG, the industry’s regulatory think-tank has used its AI-natural language


Winning the OpRes marathon

This summer, EU regulators delivered final Digital Operational Resilience Act (DORA) standards and the FS sector now has a little under 100 days for a ‘great repapering’ of policies, contracts, procedures, control logs, regulatory reports and supplier databases. Billions are being spent as lawyers and consultants prepare for board room panics in September over this


The first King’s Speech of the new Labour government has signalled some significant changes which will have an impact on financial services firms. These include changes to pensions, bank resolution, a boost to digital ID and reforms to the Information Commissioner’s Office (ICO). “We will continue to work with industry to enhance the UK’s international


The International Organization of Securities Commissions (IOSCO) has published a report on market outages, including good practices for managing them. An IOSCO survey found 42 market outages on listed trading venues between 2018 and 2022, primarily caused by software errors. Members of the World Federation of Exchanges (WFE) agreed with IOSCO’s recommendations. “Our experience shows


Europe took a big step towards Digital Operational Resilience last week by issuing half of its new final technical standards one year from its implementation deadline. JWG has analysed the new, final standards and the second batch of DORA  consultations with other technology efforts underway across the globe. We find that while some welcome clarity


Digital Operational Resilience Act (DORA) technical standards, due to come into force in January 2025 have been released to a quick retort from industry. AFME and EACB warn of missing data, confused risk controls to implement tough new data and reporting requirements. Firms and their suppliers now have a little over 400 working days to


Trading desks face unprecedented levels of regulatory change from the mechanics of the markets and how they monitor them, to how they interact with customers, the way they de-risk their technology suppliers and provide information to regulators. This article summarises the critical changes and lays out the context for our 22 March virtual trading seminar.


New policy efforts in by Australian, US, UK, EU and International rule setters will widen the scope of regulatory oversight for financial institutions to include ‘how’ the business runs. As we have seen with US Federal reserve consultation released this week, boards are on the hook for a holistic approach to ensuring their digital infrastructure


Technology contracts in the age of DORA

New UK and EU regulations are forcing banks to demand new controls from their suppliers. Not only do they now need a comprehensive view of how each supplier fits in, but they also need to know how to swap them out. Senior managers across the bank should be working to establish plans now for these


Think-tank JWG urges Financial Services firms to collaborate with suppliers to close infrastructure gaps as fines loom London, UK – 13 September, 2022 – JWG, the trusted financial services regulatory intelligence company, has announced the publication of a ground-breaking research paper ‘Managing Digital Infrastructure Risk: a collaborative path to financial services safety’. New regulation will fundamentally


This report is a companion guide to a larger research report, ‘Managing Digital Infrastructure Risk: A collaborative path to financial services safety’ produced by JWG. It is intended to help IT managers understand the implication of new regulatory demands on the IT supply chain.


JWG, the trusted financial services regulatory intelligence company, has announced the publication of a ground-breaking research paper ‘Managing Digital Infrastructure Risk: a collaborative path to financial services safety’. New regulation will fundamentally change the landscape for the biggest tech companies–particularly cloud providers. By 2025, overlapping requirements to mitigate operational resilience threats (UK PS6/21,DORA); control third


Record temperatures are not the only challenge to global infrastructure this summer. New, onerous regulatory infrastructure obligations are warming the landscape for financial institutions and their technology providers. Europe has moved first to establish new operational resilience and cyber rules that will demand new controls from and portability between providers. Europe is moving fast with


2022 cyber defence upgrades

Global regulators are producing a steady flow of operationally-intensive rules focused on new digital risks in 2022.  Amongst them, cybersecurity is emerging as a top pain point as more persistent attacks threaten banking supply chains. New, deeper and aligned controls are now the order of the day. In this article we summarise the main components


Operational risk and operational resilience

Executive summary As regulators focus on Operational Resilience firms need to realign their risk frameworks Without this alignment, firms risk overlaps and gaps in their controls Third parties play a key role in aligning controls and service metrics for your board Fines or excessive cost benchmarks are in store for those that get it wrong