Although the new EU Digital Operational Resilience Act (DORA) applies to regulated financial services organisations in the EU from January, the effects will be felt in the Channel Islands.

For example, if you are a fund or asset manager for a regulated EU financial services client, then you will feature on your client’s new DORA risk register that must address the risk exposure to and from other financial entities.

We expect your client will contact you to evaluate your cyber security controls. The outcome may determine whether your EU client can continue a business relationship depending on the quality of your cyber risk management, the EU client’s own risk appetite, and their interpretation of their local regulatory compliance.

Remember you will be dealing with an EU client that has been deep-diving into DORA for some time, so their knowledge and experience on this may be greater than yours at present and their questions may be challenging. Remember too that DORA includes managing the risks of third-party IT providers, so your risk analysis and management must be independent of your IT provider.

We know how long the journey can be for some organisations to implement proportionate cyber risk controls across people, operations, and technology. Your approach to managing cyber security risks is now a key competitive advantage, when your client compares your approach to that of your competitors locally and in other locations. 

We recommend starting now, to avoid being on the back foot when contacted by your EU clients. The UK Government has expressed its intention to implement similar legislation in the UK.

Contact us now to discuss our refined cyber risk analysis and leadership training designed for Channel Islands customers.