By: Elton Derveni – Business Development Specialist

It’s been almost five years since the European Commission officially introduced DORA (the Digital Operational Resilience Act) on September 24, 2020, as part of the Digital Finance Package. But the idea of having one unified way to manage ICT (Information and Communication Technology) risks in the financial sector actually started even earlier, especially after some serious cyber incidents happened in Europe. DORA was created with support from the European Central Bank (ECB), the European Supervisory Authorities (EBA, ESMA, and EIOPA), and national regulators from across the EU.

The main goal of DORA is to make sure that banks and other financial institutions can handle any kind of tech disruption or cyberattack. That means being able to resist problems, respond quickly when something happens, and recover fully so that people and businesses can keep relying on financial services without worry.

Why financial institution needs Dora:

DORA is all about making sure the financial sector stays safe and strong in today’s digital world. One big part of it is creating one clear set of rules that every bank or financial company follows when dealing with technology risks—like cyberattacks, system crashes, or data leaks. This way, everyone knows what to do and works in the same way, which makes things safer and simpler. DORA also wants to build a resilient digital financial ecosystem—think of it like a huge digital web that includes banks, apps, payment systems, and online platforms. If one part of the web goes down (because of a hack, a system failure, or even a natural disaster), it can affect everything else. DORA helps make sure this web stays strong and can bounce back quickly if something goes wrong. Another important rule is that companies must report serious ICT (tech-related) incidents so that regulators can see what’s happening and take action faster. Plus, DORA also sets rules for third-party tech providers, like cloud services, because banks depend on them, and if those services fail, it could cause big problems. Lastly, DORA helps close the gaps between different EU countries by making sure all member states follow the same rules—so the system isn’t broken up or confusing, and everyone plays by the same standards.

Regulation 51/2024 – Operational Risk Management: https://www.bankofalbania.org/Supervision/Regulatory_Framework/Supervision_regulations/Regulation_51_2024_On_the_operational_risk_management_by_banks_payment_institutions_and_electronic_money_institutions.html

The Bank of Albania (BOA) is taking important steps to help banks and other financial institutions in the country become more secure, especially against cyber threats and technology problems. These actions are part of a bigger plan to follow the EU’s Digital Operational Resilience Act (DORA), which is a set of rules that make sure financial companies can keep working even if something goes wrong with their computer systems.

To do this, the Bank of Albania has created new rules that will start in March 2025. These rules say that banks must take care of any risks that could cause problems—like hacking, system failures, or other tech issues. They need to regularly check their systems, fix weak spots, and have backup plans ready in case something goes wrong. This way, they can keep running smoothly and protect their customers.

Another important rule is that banks must report any serious cyber incidents to the Bank of Albania. If they get hacked or have a major technical problem, they must quickly let the Bank know what happened, how serious it is, and what they’re doing to fix it. This helps the Bank of Albania understand what kinds of threats are happening and how to support the financial sector.

The Bank of Albania is also getting help from international experts, like the U.S. Treasury, to make sure these rules are strong and effective. They want to be in line with European standards but also make sure they work well for Albania’s banking system.

This work is important because most banks in Albania are going digital. A recent study showed that 93% of banks have digital departments, and 78% of them have already experienced cyberattacks. That’s why these new rules are so important—to keep the financial system safe and strong for everyone.

Let’s face it—compliance might not sound like the most exciting thing, but it’s the secret sauce to keeping your business safe and trustworthy. Following the rules, like DORA, means you’re not just playing by the book, but also building a solid reputation in the digital world. Cyberattacks? Data breaches? No problem—you’re ready!

And here’s the real kicker—getting audited by international business partners isn’t just about checking boxes. It’s like getting a golden stamp of approval from the global VIP club.  It shows you’re serious, trustworthy, and totally on top of your game. It boosts your reputation, builds trust, and helps you stand out in the competitive, digital world.

Compliance + audits = confidence, growth, and global success!

So, now the big question is—who’s in charge of implementing DORA in a bank?

Your legal team plays an important role in helping your organization understand and follow the rules, but when it comes to DORA (the Digital Operational Resilience Act), they can’t do it all on their own. DORA isn’t just about laws—it’s also about technology, cybersecurity, risk management, and daily business operations. The legal team can support by reviewing regulations, updating contracts, and making sure your company is legally compliant. However, to fully put DORA into action, you’ll also need IT and cybersecurity experts to protect your systems, risk managers to find and fix weak spots, and operations teams to put new processes in place. So, while your legal team is a key part of the puzzle, implementing DORA is really a team effort that needs people from across the whole organization working together to stay secure and resilient.

At Sinteza Co, we are here to support your organization in embarking on its DORA journey!