Financial resiliency: how Europe plans to regulate service providers

Under the proposed Digital Operational Resilience Act (DORA), cloud companies, third-party data center operators and service providers will be scrutinized and regulated.

KEY POINTS

• Supervisory authorities will regulate the most important third-party digital/IT service providers, with the power to review systems, software, physical infrastructure and processes, conduct penetration tests, visit premises and stipulate operational or other requirements.
• Regulators will be empowered to levy heavy fines on digital service providers for nonconformance.
• Financial services companies will be given greater control over their digital service providers, with more transparency and oversight, backed by contracts.
• US and other regulators around the world are following this regulation closely and may follow suit.