As the Digital Operational Resilience Act (DORA) becomes fully enforceable in January 2026, reports indicate that nearly 40% of financial institutions with EU ties are still not fully compliant with the “Third Party Risk Management” (TPRM) requirements. Regulators have signaled that fines will be issued starting in Q1.
Business Impact
For Bahraini banks with branches or significant transaction flows in Europe, DORA is not optional. Non-compliance can result in fines of up to 1% of average daily worldwide turnover. This is creating a sudden demand for ICT risk audits and “Exit Strategy” documentation for critical cloud vendors.
Why It Happened
Many organizations underestimated the complexity of mapping their entire supply chain. DORA requires not just securing your own systems, but proving that your critical vendors (Cloud, SaaS) have sufficient resilience.
Recommended Executive Action
Conduct a “DORA Gap Analysis” this week. Focus specifically on your “Register of Information” regarding third-party ICT providers. Ensure you have a documented and tested exit strategy for your primary cloud provider.
Hashtags: #DORA #Compliance #GRC #Banking #EU #RiskManagement #Resilience #InfoSec