Skip to main content

Given the prevalence of black swan events this decade – not least the COVID pandemic, the fallout from BREXIT and the Silicon Valley Bank collapse – operational resilience has become a top priority for financial institutions and regulators alike. In January 2023, the Digital Operational Resilience Act (DORA) came into force in the European Union (EU). Under the terms of the legislation, European financial institutions, including banks, investment firms, crypto-asset service providers and critical third-party service providers must implement compliant – and ultimately more sophisticated operational resiliency frameworks than many currently have – before the 17 January 2025 deadline. This calls for scenario testing frameworks that are more accurate than the traditional scenario testing methods commonly used today. One potential approach is to utilise digital twin technology. A digital twin is an AI-based software model that creates an exact, virtual representation of a real-world entity or process. This article will explore how a digital twin can enable firms to model and improve their operational resilience in an offline environment and enhance the effectiveness of their response and recovery plans.

By GreySpark’s Mark Nsianguana, Manager, Elliott Playle, Research Analyst and Rachel Lindstrom, Senior Manager

DORA is a broad regulation covering all aspects of operational resilience across all authorised European financial entities, including investment firms, trading venues, crypto-asset service providers and ICT third-party service providers. One of the regulation’s requirements for in-scope firms is to perform digital operational resilience testing. Specifically, firms must establish their own procedures to prioritise, classify and remedy all and any issues revealed through the performance of the tests. In essence, firms must ensure that all identified weaknesses and deficiencies are addressed.

GreySpark Partners has observed ambiguities in the DORA regulations and an absence of ‘best practice’ guidelines for firms implementing a digital operational resiliency testing framework. DORA does not provide guidance on how much firms should aim to spend on cybersecurity, and there is a lack of clarity on the methods that firms should employ to adequately mitigate potential threats. Consequently, many firms are unsure of what a ‘good’ operational resiliency framework looks like, leaving them at risk of not achieving full DORA compliance ahead of the 2025 deadline.

Continue reading by filling out your details below:

    * Required



    Job title*