DORA – A New Storm Front for the Financial Industry?

Since January 2025, the Digital Operational Resilience Act (DORA) has been in effect in the EU – a regulation aimed at strengthening the digital resilience of financial firms. DORA introduces, for the first time, binding EU-wide requirements for managing IT risks.

Regulatory Requirements under DORA

DORA affects all regulated financial entities in the EU, including banks, insurers, investment firms, crypto service providers, as well as their critical IT service providers. For companies operating across borders, it will be especially important to comply with both EU requirements and those of other jurisdictions (e.g., FINMA in Switzerland).

Human Risk

What is often overlooked: humans remain the greatest point of entry for risks. Therefore, DORA requires that all individuals with access to critical IT systems – both internal and external staff – are properly selected, regularly trained, and systematically monitored.

Background Checks: A Crucial Step

According to DORA, both internal and external staff in security-relevant functions must undergo a suitable reliability screening. The extent of this screening may vary depending on the risk classification of the role. Typical measures include: identity verification, reference and employment history checks, and—where necessary in sensitive areas—enhanced security screenings.

How Validato Can Help

We offer tailored background check solutions for internal and external staff, helping your company meet DORA requirements so that DORA doesn't turn into a storm for your business – simple, personal, and secure.