Proprietary Trading Firms Scramble to Address DORA’s Demands, AFM Warns

Time is slipping away for proprietary trading firms (PTFs) and other financial institutions preparing to comply with the Digital Operational Resilience Act (DORA). With the January 17, 2025, implementation date looming, the Dutch Authority for the Financial Markets (AFM) has issued a candid report that paints a mixed picture of readiness.

This isn’t your average compliance checklist. DORA is a transformative regulation designed to fortify the financial sector’s digital backbone. Yet, as the AFM's survey reveals, some institutions are just waking up to the enormity of the task at hand, while others, though further along, may still stumble over DORA’s precise requirements.

Let’s face it, compliance can be a grind, especially when the goalposts seem to shift with every new regulatory framework. But as the AFM’s report highlights, for many PTFs, the grind hasn’t even started in earnest.

Institutions fall into two camps:

1. Late to the Game: Some firms are only now rolling up their sleeves and beginning to implement DORA’s requirements. The odds of these firms achieving full compliance by January 2025? Slim.
2. Almost There, But Not Quite: Others are further along but still face hurdles in meeting DORA’s granular demands. For these firms, the devil is in the details—details that could spell trouble if overlooked.

AFM’s Blueprint for Action

So, what’s the game plan? The AFM’s recommendations are practical, pointed, and, frankly, essential:

• Start with a Gap Analysis: Think of this as your diagnostic check-up. A thorough gap analysis against DORA’s Regulatory Technical Standards will identify where your institution is falling short—and where you need to double down.
• Classify Like a Pro: Classification isn’t just about ticking boxes. Firms must carefully assess their ICT-supported functions and assets, weighing them against DORA’s pillars: availability, integrity, confidentiality, and authenticity.
• Don’t Ignore Internal Outsourcing: Here’s a twist, DORA doesn’t draw a line between internal and external outsourcing. Internal ICT services require the same rigorous agreements as external vendors. Overlooking this could be a costly mistake.

One of DORA’s early asks is a detailed register of ICT information, a foundational document that regulators will scrutinize soon after the regulation takes effect. The AFM has made it clear that come February 2025, they’ll be knocking on doors (figuratively speaking) for this register.

For firms lagging behind, the clock is ticking louder.

Beyond PTFs: A Wake-Up Call for All

While the AFM’s findings focus on PTFs, the recommendations resonate across the financial sector. DORA doesn’t discriminate—it’s coming for banks, asset managers, insurers, and beyond. If your institution hasn’t started its compliance journey, now is the time to act.

DORA isn’t just a regulatory box to tick. It’s a wake-up call in a world where cyberattacks and operational failures can cripple markets in seconds. Ensuring digital resilience is as much about protecting investors as it is about safeguarding institutions themselves.

For those still dragging their feet, the AFM’s report serves as a reality check. DORA’s deadline isn’t moving, and the cost of non-compliance—both financial and reputational—is far too steep.

Compliance may not be glamorous, but it’s critical. The AFM’s report isn’t just a critique; it’s a lifeline for firms willing to act. The message is clear that organizations need to understand the requirements, implement the changes, and, most importantly, don’t wait until the eleventh hour. DORA isn’t just another piece of regulation—it’s the future of financial operational resilience. And the time to prepare is now.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.