cuEngage 2025

cuEngage Breakout Session Break down - Future-Proofing Finance: How D.O.R.A. Protects Your Financial Future

Future-Proofing Finance: What Credit Unions Need to Know About D.O.R.A.

As digital infrastructure becomes more critical to financial services, so does the need for robust operational resilience. At cuEngage Live 2025, the breakout session Future-Proofing Finance: How D.O.R.A. Protects Your Financial Future tackled this head-on. 

Led by Ben Roy Compliance Manager at Wellington IT and Barry Harrington Head of Advocacy and Regulatory Affairs from ILCU, the session explored what the Digital Operational Resilience Act (D.O.R.A.) means for Credit Unions, why it matters, and what steps the sector must take to prepare. 

What is D.O.R.A.? Image

What is D.O.R.A.?

D.O.R.A. is a European regulation designed to ensure that financial institutions can withstand and recover from ICT (Information and Communications Technology) disruptions. With compliance expected by January 2028, Credit Unions have just under three years to get their systems, staff, and structures ready. 

At its core, D.O.R.A. is more than just compliance; it’s future proofing. As Ben noted in the opening, the regulation represents not only a challenge, but an opportunity for Credit Unions to invest in long-term resilience and security. 

The Five Pillars of D.O.R.A.

The session highlighted D.O.R.A.’s five focus areas: 

  1. ICT Risk Management – ICT Risk Register / Perform Risk Assessments / Implement Cyber Security Controls / Map out critical processes 
  2. ICT Incident Reporting – Define what constitutes a major incident (data loss, critical services) / Document an incident response process / Conduct post-incident reviews 
  3. DORA Testing– Annual ICT/DR testing / Scenario-based table-top exercise 
  4. ICT 3rd Party Risk Management – Register of ICT Providers / Contracts / SLAs . Annual Reviews /Board awareness 
  5. Information Sharing – Establish a peer network / collaborate / Share insights on attacks and threat types 

A Sector-Wide Challenge and Opportunity

Barry emphasised that D.O.R.A. is not a box-ticking exercise. It requires a cultural shift, ongoing investment, and strong collaboration across the sector. 

From budgeting for additional resources and technology to setting up a clear compliance roadmap, every credit union will need to take proactive steps and the earlier, the better. 

Key takeaways included: 

  • Start now: D.O.R.A. is comprehensive, and timelines are tight. 
  • Plan for cost: System upgrades, training, and possibly new staff will be needed. 
  • Work together: Shared tools, templates, and frameworks can reduce effort and expense. 
  • Don’t wait for sanctions: Penalties for non-compliance will be severe. 

What’s Next?

The presenters encouraged the sector to: 

  • Develop a shared framework and project plan 
  • Budget now for compliance costs 
  • Engage staff with regular training 
  • Consider pooled resources and partnerships to lighten the load 

cuEngage attendees walked away with a clear message: D.O.R.A. isn’t just regulation, it’s an investment in operational resilience, reputational strength, and long-term member trust. 

To learn more about how Wellington IT is supporting Credit Unions on the path to D.O.R.A. compliance, get in touch with our team or stay tuned for our upcoming resources.