DORA and Crisis Communications
Navigating Crisis Communications in the Age of DORA
In the ever-evolving landscape of the financial sector, the ability to communicate effectively during a crisis is not just a strategic advantage but a regulatory necessity. The Digital Operational Resilience Act (DORA) has placed a renewed emphasis on crisis communications, recognizing its critical role in maintaining trust and stability in the financial markets.
Understanding DORA’s Crisis Communication Requirements
DORA mandates that firms establish comprehensive crisis communication plans. These plans must include protocols for responsible disclosure, ensuring that major ICT-related incidents and vulnerabilities are communicated to clients, counterparts, and the public when appropriate. The communication strategies must be developed in accordance with Article 14(1) of DORA, which sets the standard for transparency and timeliness in the face of operational disruptions.
Actions for Compliance and Resilience
To meet DORA’s stringent requirements, financial institutions should:
Establish and Test Crisis Communication Plans: Develop plans that detail the procedures for internal and external communications during ICT incidents. Regularly test these plans to cover various scenarios, including cyber-attacks and infrastructure switchovers.
Designate Communication Leads: Appoint at least one individual responsible for implementing the communication strategy and fulfilling public and media communication roles during ICT-related incidents.
Differentiate Communication Policies: Implement policies that distinguish between staff involved in ICT risk management and other employees, ensuring that those responsible for response and recovery are specifically addressed.
Maintain Records and Review Policies: Keep detailed records of activities before and during disruption events, and regularly review the crisis management function and communication plans, taking into account the outcomes of tests and supervisory feedback.
Conclusion
The interconnected nature of the financial sector mirrors the integrated approach required by DORA. By considering the act’s requirements holistically, senior members of the financial sector can ensure not only compliance but also the fortification of their firm’s operational resilience. In doing so, they contribute to the stability and reliability of the broader financial system.