In the constantly changing landscape of financial regulations, professionals must keep up with new laws and standards that affect their work. One such development is the Digital Operational Resilience Act (DORA), an EU regulation aimed at enhancing the operational resilience of financial entities against digital disruptions. While DORA primarily targets financial institutions and related entities, a question arises: are accountants subject to DORA regulation?
Understanding DORA
DORA, which stands for the Digital Operational Resilience Act, was introduced by the European Commission to ensure that the financial sector can withstand, respond to, and recover from all types of ICT-related disruptions and threats. The regulation emphasizes the need for robust ICT risk management, incident reporting, digital operational resilience testing, and oversight of third-party ICT service providers.
Scope of DORA
The entities explicitly covered under DORA include:
- Credit institutions
- Payment institutions
- Electronic money institutions
- Investment firms
- Crypto-asset service providers
- Central securities depositories
- Insurance and reinsurance undertakings
This list, though extensive, focuses on entities that are directly involved in financial transactions, digital payments, and asset management. The common denominator among these entities is their critical role in the financial ecosystem and the high dependency on ICT systems to perform their functions.
Where Do Accountants Fit In?
Accountants, whether working independently, within firms, or for corporations, play a crucial role in financial reporting, auditing, and advising on financial matters. However, the traditional role of an accountant does not directly involve the types of ICT systems and digital financial operations that DORA is primarily concerned with.
Key Considerations:
Indirect Impact through Employers or Clients:
If an accountant is employed by or provides services to a DORA-regulated entity, they may indirectly be impacted by the requirements. For example, they might need to comply with enhanced ICT risk management practices or reporting requirements mandated by their employer or clients.
Advisory Role:
Accountants who advise DORA-regulated entities on compliance, risk management, or financial reporting will need to understand the implications of DORA to effectively guide their clients.
Cybersecurity and Data Protection:
As DORA emphasizes ICT security and resilience, accountants dealing with sensitive financial data must adhere to stringent cybersecurity and data protection standards. This might mean adopting best practices that align with the spirit of DORA, even if they are not directly regulated by it.
Practical Steps for Accountants:
While accountants may not be the primary targets of DORA, they should consider the following steps to stay aligned with best practices and support their clients:
Stay Informed:
Keep abreast of DORA and other relevant regulations to understand their impact on the financial sector and related compliance requirements.
Enhance ICT Resilience:
Adopt robust ICT practices within their operations, ensuring data protection and cyber resilience. This includes regular system updates, strong password policies, and secure data storage solutions.
Client Advisory:
When advising clients, especially those in the financial sector, incorporate DORA compliance strategies into your guidance. This ensures that clients remain compliant and resilient against digital threats.
Training and Development:
Engage in continuous professional development to understand emerging digital risks and resilience strategies. Training on cybersecurity and digital finance can be particularly beneficial.
While accountants are not directly subject to DORA regulation, the ripple effects of this regulation in the financial sector mean that they must be aware of its requirements and implications. By enhancing their digital resilience practices and advising clients on DORA compliance, accountants can ensure they remain valuable and trusted professionals in a rapidly evolving digital landscape.
Looking for more information? Get in touch with us! We’ll help ensure your DORA solutions work for your company’s future.