DORA Compliance

The European Union's upcoming DORA regulations will create a critical regulatory framework to increase financial institutions' resilience against digital disruptions. This year will be a turning point for financial entities and their ICT providers, who must ensure they are ready to effectively meet and uphold the new compliance standards.

To offer insights into the regulations, Anil Saboo from Google Cloud and Regnology’s Chief Information Security Officer, Konstantinos Andreopoulos, discuss the significance of DORA.

In the second installment of the interview series, they share how Google Cloud and Regnology prepare themselves as solution providers for DORA’s rollout and how Regnology, as a Regulatory Reporting specialist, can help financial institutions prepare for DORA compliance.

Google Cloud has implemented a DORA Readiness Program, adding additional advancements to complement its industry-leading security capabilities.

​Anil Saboo ISV Partnerships
Google Cloud

How Regnology and Google Cloud are preparing for DORA as critical third-party ICT providers 

Anil: Regnology and Google Cloud partnered in 2022 to deliver robust regulatory reporting solutions to FSIs. In 2024, Regnology was named Google Cloud Industry Solution Partner of the Year for the financial services industry.

Regnology hosts its Rcloud solution on the Google Cloud Platform. The partnership combines Regnology’s deep regulatory expertise with Google Cloud’s highly reliable and scalable cloud infrastructure and robust security.

Hundreds of Europe’s leading FSIs use the Rcloud platform to optimize regulatory reporting and data management. As a leading hyper scaler and regulatory solutions provider, Google Cloud and Regnology have a long history of working with FSIs to serve their business-critical needs and safeguard their IT assets and data.

Google Cloud has implemented a DORA Readiness Program, adding additional advancements to complement its industry-leading security capabilities. As part of this, Google Cloud aims to simplify DORA compliance for customers with updated contract terms for both Google Cloud and Google Workspace. It also helps customers understand how the updated Google Cloud contracts, controls, and processes can support their DORA obligations.

To provide additional assurance for customers, Regnology and Rcloud are maintaining a list of active certifications, including ISO27001, ISO22301, ISO9001, SOC1/ISAE3402 Type2, SOC2 Type 2, and Cloud Security Alliance CSA-STAR.

Regnology is also refining the customer TLPT proposed model in cooperation with Google Cloud and creating a process for joint testing for business continuity and disaster recovery with customers.

Additionally, Regnology will provide more support for customers’ incident and threat detection management, make staff available for customer ICT security training, and prepare further contract changes to support DORA requirements.

Our public cloud setup with Google Cloud means that our customers comply with all relevant regulatory requirements in various jurisdictions — including DORA, EBA outsourcing guidelines, and FINMA guidelines. 

Konstantinos Andreopoulos Chief Information Security Officer
Regnology​​

DORA Compliance: a practical how-to checklist for FSIs

What advice can you give FSIs preparing for DORA compliance?

Konstantinos: FSIs should consider the following steps to prepare for DORA compliance and to ensure they can navigate the new regulatory landscape effectively:

  • 1

    Perform a gap assessment

    Evaluate existing operational resilience measures against DORA requirements to identify and close gaps.

  • 2

    Conduct a security review of providers

    Assess the security posture of third-party ICT providers to ensure they meet DORA standards.

  • 3

    Focus on incident management

    Develop and refine incident response plans to quickly address, mitigate, and recover from digital disruptions.

  • 4

    Perform third-party dependency mapping

    Identify and assess all third-party dependencies to ensure they comply with DORA requirements.

  • 5

    Revisit contractual agreements

    Update all contracts with ICT providers to include DORA-specific clauses and ensure compliance.

Regnology as a regulatory reporting specialist

How do you help FSI customers comply easily with DORA? 

Konstantinos: Regnology is a leading technology firm on a mission to bring safety and stability to the financial markets. Regnology exclusively focuses on regulatory reporting, and more than 35,000 financial institutions, 70 regulators, international organizations, and tax authorities rely on our solutions to process their regulatory reporting data. We are uniquely positioned to bring greater data quality, efficiency, and cost savings to all market participants.

As an ISV for regulated FSIs, we have the infrastructure in place to contribute to their compliance level with DORA. On Rcloud, our FSI customers benefit from a wide range of powerful features and services that help simplify the compliance process.  

Our public cloud setup with Google Cloud means that our customers comply with all relevant regulatory requirements in various jurisdictions — including DORA, EBA outsourcing guidelines, and FINMA guidelines.

Our efficient operations architecture means that FSI customers become pure consumers of Regulatory Services instead of operators or infrastructure providers. We provide secure, certified, and GCP-approved IT architecture and processes with the relevant industry requirements, such as ISO 27001, ISO 22301, SOC1/SOC2/ISAE3402 and a robust encryption concept.

Because we help FSIs with data production and regulators with data collection, we have a unique perspective on the market's data requirements and workflows. This allows us to design solutions that anticipate future FSI requirements and bring data quality, efficiency, and cost savings to our customers.

How Rcloud makes DORA compliance simple for FSIs
  • Compliant with all relevant cloud outsourcing requirements
  • Compliance via additional third-party certifications and audits
  • Advanced data security is available via Google Cloud and Regnology’s platform and applications.
  • Rcloud provides an out-of-the-box set of reporting documentation (DORA compliance package) to assist our customers/FSIs in their compliance journey. The DORA Regnology package includes internal audit reporting, risk reporting, security reporting, data protection, external audit reports (SOC1/SOC2/ISAE3402), ISO certifications (ISO27001, 22301) and other third-party risk management compliance documentation.

This year will be critical for financial entities and their ICT providers in preparing for DORA in early 2025. 

As we approach the deadline, Google Cloud and Regnology will continue to support our customers and deliver holistic solutions that FSIs need, especially as the regulatory landscape evolves in the EU and new regulations like DORA emerge. 

Find out more

  • Google content

    EU Digital Operational Resilience Act (DORA)

    In addition to establishing clear expectations for the role of ICT providers, DORA allows EU financial regulators to oversee critical ICT providers directly. Where the criteria are met, this applies to cloud service providers like Google Cloud.

    Read more
  • Google content

    Simplify DORA compliance with Google Cloud's updated contracts

    As an organization, we are committed to DORA compliance and a cross-functional team at Google Cloud has been working to prepare for DORA since the requirements were finalized in 2022. This includes implementing operational changes and enhancing our customer support model.

    Read more

You might also be interested in

  • In conversation with Google Cloud — Building best practices for DORA compliance - Part 1

    Insight

    In conversation with Google Cloud — Building best practices for DORA compliance - Part 1

    DORA is coming: an overview of the new regulation

    Read more
  • Migrate to innovate - why the Cloud is the next step in regulatory reporting

    Insight

    Migrate to innovate - why the Cloud is the next step in regulatory reporting

    As the number and complexity of financial regulations continue to rise, so too do the resources required for regulatory reporting.

    Read more
  • Modernize regulatory reporting with Regnology and Google Cloud

    Insight

    Modernize regulatory reporting with Regnology and Google Cloud

    Optimize regulatory reporting, data management, and infrastructure function with the secure, highly scalable, built-for-purpose Rcloud.

    Read more

Contact us