DORA Has Landed: Steps for Late Compliance in 2025

The Digital Operational Resilience Act (DORA) Regulations officially took effect last Friday, 17 January 2025, requiring EU financial entities to implement robust measures for ICT systems and third-party technology suppliers. The first draft of the regime was published back in September 2020 and was implemented in January 2023.

DORA was introduced to harmonise the rules relating to operational resilience for the financial sector, applying to up to 20 different types of entities including financial services, and insurance.

Was the Deadline Missed?

According to recent research by Censuswide, 43% of UK financial institutions were predicted to miss the deadline, despite being given two years to prepare. This delay poses significant risks, including fines of up to 1% of the company’s daily global turnover. The challenges can be daunting for organisations still scrambling to meet the compliance requirements, while simultaneously facing mounting pressure for failing to meet deadlines.

Organisations revealed it could take them as many as four months after the deadline before they achieve compliance. The reasons cited include a lack of prioritisation from the wider company, insufficient skill or knowledge, and 25% stating that the timeline was too short to comply, despite having two years to prepare. One of the biggest factors contributing to delays was the lack of visibility companies had over their third parties within their supply chain. This has been a constant challenge for Vendor Managers and Procurements that has been raised in research since 2018 and beyond, with companies reporting they had limited or no visibility beyond their tier-one suppliers.

The Challenges of DORA

The financial sector is increasingly congested with regulations to comply with, including those introduced in recent years, such as EBA, PRA, and the soon-to-be-introduced Critical Third Parties (CTP). These regimes demand a more rigorous management approach to supplier relationships and risk oversight.

Amid this sea of regulations, risk management has become a strategic priority, focusing on visibility and streamlined compliance. Brooklyn Solutions’ CTMO, Nick Francis, recently spoke to Spend Matters about the future of risk tech, stating:

“

Companies seek tools that automate risk categorisation across areas like Data Protection, Information Security, and Legal Compliance, providing real-time visibility and proactive governance. The demand is growing for systems that streamline risk management but in addition, ensure preparedness for audits and evolving security threats."

Nick Francis, CTMO, Brooklyn Solutions

Looking ahead, Brooklyn Solutions is committed to offering comprehensive and flexible risk management solutions. The future of Risk tech will focus on AI-driven automation, improving data quality, and ensuring compliance. These advancements will enable businesses to gain visibility of vendor risks, manage them more effectively, and stay aligned with regulatory requirements.”

No Time to Waste

In their rush to comply with DORA, organisations face challenges that include inadequate processes and insufficient visibility over their supply chains. Attempting to tackle compliance manually with limited resources is a common issue. While starting with spreadsheets may seem like an accessible solution, this approach often leads to inefficiencies, human error, and slower progress. Quick fixes may also fail to address the core issues, leaving organisations vulnerable to fines and reputational damage.

Additionally, companies’ current approach to compliance is tediously manual, resulting in a huge resource requirement that most organisations do not have. Brooklyn conducted its own research, speaking to medium-to-large enterprise businesses, which revealed that it typically takes 3–6 months yearly to prepare for regulatory audits, costing organisations approximately £136,000 in resources each year to produce a compliance register.

Compliance should not be tackled as a yearly task. Missing deadlines can result in regulators imposing significant fines, and a manual approach is not a sustainable solution. Forward-thinking solutions are needed to reduce the resources required yearly for compliance while enhancing organisational efficiency and visibility.

The Right Approach to Tackling DORA

Spreadsheet vs Digital Platform

While spreadsheets can help map your compliance journey, effectively tackling DORA regulations requires a digital solution. These tools automate assessments, send supply chain-wide questionnaires with a single click, and prepopulate results, enhancing visibility and identifying critical ICT suppliers and contracts for targeted action.

Digital platforms streamline workflows with AI-powered contract analysis, pinpointing non-compliant clauses, automating follow-ups, and tracking risks in real time via a centralised dashboard. This ensures organisations are always audit-ready and prepared for regulatory scrutiny.

Research by Brooklyn Solutions shows that adopting a digital platform delivers 2x resource efficiency and ROI within six months. Solutions like the Brooklyn Platform simplify compliance, automate reporting, and transform efforts into a sustainable, fully automated process. With continuous availability, these tools provide robust, demonstrable compliance, empowering organisations to stay ahead in a regulated environment.

How Brooklyn Solutions Can Help

Brooklyn Solutions offers a cutting-edge platform designed to help financial services achieve and maintain DORA compliance with speed and ease. Their digital assessments automate vendor evaluations to identify critical suppliers and streamline compliance processes.

AI contract analysis allows for bulk contract reviews, identifying missing clauses, and setting automated alerts for non-compliance. Automated audits ensure yearly evaluations with predefined processes while maintaining a comprehensive audit trail.

Meanwhile, risk management tools provide full visibility into third-party ecosystems, tracking risks in real-time and preparing organisations for regulatory scrutiny with ease. By leveraging Brooklyn’s tools, your organisation can overcome resource shortages, enhance supply chain visibility, and ensure long-term compliance.

Get Started Today

Don’t wait until the threat of fines becomes a reality. Brooklyn’s Governance, Risk & Compliance (GRC) System is here to simplify your DORA compliance journey, helping you build resilience and protect your organisation. Contact us today to learn how our platform can help you stay ahead of the DORA regulations. Together, we’ll ensure your compliance is both timely and efficient, giving you peace of mind in an increasingly regulated environment.