How DXC Luxoft can help banks achieve digital operational resilience

DORA represents an opportunity for banks to upgrade their digital operational resilience and: 

• Reduce operational, reputational and financial losses 
• Increase customer trust and satisfaction 
• Improve operational efficiency and agility 
• Sharpen their competitive edge 
• Support digital transformation and innovation 

DXC Luxoft is perfectly placed to assist banks with DORA compliance and achieving digital operational resilience. Our key capabilities and solutions align with DORA's five pillars: information and communication technology (ICT) risk management, incident reporting, resilience testing, information sharing and third-party risk management. In addition, DXC Luxoft helps banks use DORA as a springboard for digital transformation and innovation, enhancing operational efficiency, customer experience and competitive advantage. 

1. ICT risk management: Principles and requirements of the ICT risk management framework. Firms must: 

• Establish and maintain resilient ICT systems and business continuity policies 
• Take “full and ultimate accountability” for the management of ICT risks, setting and approving its digital operational resilience strategy and reviewing and approving the firm’s policy on the use of ICT third-party providers (TPPs) 
• Identify their “critical or important functions” (CIFs) and map their assets and dependencies 
• Carry out business impact analyses based on “severe business disruption” scenarios  

2. ICT incident management: Reporting of major ICT-related incidents to competent authorities: 

• DORA creates a substantial new classification, notification and reporting framework and adds “significant cyber-threats” to the list of events that firms must classify 
• Financial institutions must monitor, record, classify and notify the authorities of ICT incidents  

3. ICT third-party risk management: Monitoring third-party risk providers. Key contractual provisions: 

• Define and execute third-party management strategies and policies. Assess risk and perform due diligence on critical suppliers. Map critical suppliers and business functions 

4. Digital operational resilience testing: Basic and advanced testing. Firms must: 

• Show they conduct appropriate security and resilience tests on their critical ICT systems and applications 
• Fully address any vulnerabilities identified by the testing 
• Conduct advanced threat-led penetration tests (TLPT) (firms above a certain threshold of systemic importance and maturity) 

5. Information exchange: Exchange of information and intelligence on cyber-threats 

• Firms must share information with the regulator and entities to help identify, control and mitigate threats 
• DORA provides guidelines on how to exchange cyber-threat information and intelligence via financial institution collaboration 

These challenges will require banks to invest in their ICT systems and processes, enhance governance and oversight, improve awareness and training, and strengthen collaboration and communication with internal and external stakeholders. Banks must ensure they have the necessary skills, resources and capabilities to comply with DORA and manage their ICT risks effectively. However, DORA also offers opportunities for banks to improve their digital operational resilience and gain strategic benefits. By complying with DORA, banks can: 

• Reduce the likelihood and impact of ICT-related disruptions, incidents and cyberattacks and minimize their operational, reputational and financial losses 
• Improve customer trust and satisfaction by ensuring the availability, continuity and quality of their ICT services and functions 
• Increase operational efficiency and agility by optimizing their ICT systems and processes and adopting the best practices and innovations of their ICT providers 
• Enhance their competitive advantage and market position by demonstrating DORA compliance and their commitment to digital operational resilience 
• Use DORA as a catalyst to drive digital transformation and innovation, adopting new technologies, solutions and business models that create added customer and stakeholder value 

DXC Luxoft helps banks comply with DORA and achieve digital operational resilience by offering a range of capabilities and solutions that cover the five pillars: ICT risk management, incident reporting, resilience testing, information sharing, and third-party risk management. DXC Luxoft can also help banks leverage DORA as a catalyst for digital transformation and innovation by offering solutions that can help them improve their operational efficiency, customer experience and competitive advantage. 

Our DORA capabilities and solutions are based on extensive experience and expertise in the financial services sector and our proven internal model of resilience and third-party management. Also, DXC Luxoft’s DORA expertise is aligned with industry best practices and standards, such as the NIST Cybersecurity Framework, ISO 27001, COBIT and ITIL. The following table summarizes our DORA capabilities: