Financial Markets and Funds Partner Nathaniel Lalone spoke with Law360 regarding the implications of the EU Digital Operational Resilience Act (DORA) for financial services firms. Nate provides insights into DORA's impact, particularly the requirement for financial entities to establish governance and risk management frameworks to prevent disruptions in digital services from information communication and technology (ICT) third-party providers (TPPs), such as those caused by cyberattacks.
DORA went into effect on January 17, 2025; however, there are complexities and uncertainties surrounding DORA's application for non-EU firms and alternative investment fund managers. Nate notes that financial entities must ensure their contracts with TPPs meet DORA's standards, and failure to comply can result in fines. DORA's requirements may also affect non-EU firms if they are part of a larger financial group with shared ICT frameworks.
Financial entities must prepare registers of information on ICT contractual arrangements with TPPs and submit them to national regulators ahead of submission to European-level supervisors by April 30, 2025.
"5 Questions For Katten Partner Nathaniel Lalone," Law360, January 23, 2025
*Subscription may be required for article access.
London
