Finance and ICT Regulation Compliance

Achieve operational resilience and DORA compliance with Hammer

Your guide to the EU’s new mandatory testing regulation

Large finance building seen from below

Getting DORA compliant

The impact of the Digital Operational Resilience Act (DORA)

Banks, insurance companies, investment firms, and ICT service providers are preparing for one of the strictest resiliency regulations ever to hit the already heavily regulated sector. On January 17, 2025, any financial entity or information communication technology (ICT) operating in the European Union must comply with the Digital Operational Resilience Act (DORA). That means more than 22,000 organizations around the world will need to develop and implement a comprehensive operational resilience framework or face fines for non-compliance, increased regulatory scrutiny, and potential criminal liability.

What does DORA compliance require?

The DORA was written to ensure that ICT organizations and financial entities in the EU can stay resilient in the event of severe operational disruptions – ranging from technology failures to cyberattacks. Complying with the Digital Operational Resilience Act requires comprehensive testing and monitoring to ensure your organization’s preparedness for these disruptions and disasters, which can be complex and costly to do – particularly within the established deadline.

Hammer streamlines the complexity of DORA compliance, helping you to ensure adherence to DORA security requirements and mitigate risks with automated testing and monitoring solutions that empower financial entities and ICT service providers to:

  • Identify, assess, and manage ICT risks with a comprehensive view of threats and vulnerabilities in their ICT environments.
  • Report major ICT-related incidents to the relevant DORA authorities with real-time monitoring and alerting capabilities.
  • Maintain robust operational resiliency and redundancy with comprehensive end-to-end performance and quality assurance testing.
  • Manage vulnerabilities associated with outsourced ICT-related services by providing visibility into the third party’s ICT environment and security posture.

Industry Perspective on DORA

Hammer brand color, grey background

Our view is that the DORA is a “game changer” that will push FS firms to understand fully how their ICT, operational resilience, cyber and TPRM practices affect the resilience of their most critical functions as well as develop entirely new operational resilience capabilities such as advanced scenario testing methods.


Hammer brand color, grey background

We view DORA as a significant change for entities within ESMA or EIOPA supervision, but also for banks which have already had to comply with existing EBA guidelines on banking supervision.


How Hammer ensures DORA compliance

While ongoing ICT performance testing and quality assurance monitoring was always a best practice, the Digital Operational Resilience Act makes these processes essential to the success of financial entities and Information Communication Technology providers.

DORA - Digital Operational Resilience Act

22,000 organizations will need to comply with DORA by 2025

Give your team the essentials they need to start developing a DORA compliant operational resilience framework today.

Read Our Article

Hammer DORA support solutions

Hammer DORA support solutions

Hammer On-Demand Performance Testing

Hammer DORA support solutions

Hammer VoiceWatch

Hammer DORA support solutions

Hammer On-Demand QA Testing

A history of operational fines in the finance sector

TSB Bank | £48.65 million

In December 2022, the UK Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) fined TSB Bank £48.65 million for operational resilience failings that led to a major IT outage in April 2018. The outage caused significant disruption to customers, including being unable to access their accounts or make payments.

Raphaels Bank | £1.89 million

In April 2022, the FCA fined Raphaels Bank £1.89 million for failing to properly manage its outsourcing arrangements. The FCA found that Raphaels had inadequate systems and controls in place to oversee its outsourcing providers, which exposed customers to unnecessary and avoidable harm and inconvenience.

Barclays Bank | £26 million

In 2021, the Financial Conduct Authority (FCA) fined Barclays Bank £26 million for failing to manage its operational resilience adequately. At the time, this was the largest fine ever imposed by the FCA for an operational resilience violation.

Westpac Banking Corporation | $14 million

In January 2021, the Australian Prudential Regulation Authority (APRA) fined Westpac Banking Corporation $14 million for failing to adequately manage its operational resilience risks. APRA found that Westpac had failed to implement and maintain adequate systems and controls to prevent and manage operational incidents, leading to outages and disruptions for customers.

Commonwealth Bank of Australia | $200 million

In February 2021, the US Securities and Exchange Commission (SEC) fined the Commonwealth Bank of Australia $200 million for failing to adequately supervise its foreign exchange trading business. The SEC found that the bank had failed to implement and maintain adequate risk management controls, which led to significant losses for its customers.

Make ensuring DORA compliance easy