BVNK Achieves Compliance With EU Digital Operational Resilience Act

Digital assets payments platform BVNK has confirmed compliance with the EU’s Digital Operational Resilience Act (DORA), which came into force in January with the aim of strengthening operational resilience and minimising technology-related risks across the financial sector.

DORA builds on internationally recognised standards such as ISO 27001 but introduces more detailed requirements for managing ICT and vendor risks, incident reporting, and resilience testing. It applies not only to financial institutions but also to their vendors and subcontractors, creating what regulators describe as a more resilient financial ecosystem.

The regulation sets out requirements in five areas: ICT risk management, incident reporting, third-party risk management, digital operational resilience testing, and information sharing. BVNK said the framework differs from other regimes in that it focuses on implementing practical measures to mitigate risk, rather than solely on internal structures and reporting.

As part of its DORA implementation, BVNK has taken steps including ensuring ICT vendors have appropriate security, privacy, and data handling practices; enhancing business continuity planning with disaster recovery arrangements for all critical ICT vendors; aligning incident management processes with DORA requirements; and establishing global governance structures for ICT risk.

The company, which already holds ISO 27001:2022 certification, said its DORA compliance programme included developing vendor exit plans for all critical suppliers, introducing automated systems to detect new tools in use across the business to reduce “Shadow IT”, and maintaining close engagement with local regulators to align expectations. BVNK also participates in industry intelligence sharing initiatives such as the Financial Services Information Sharing and Analysis Center (FS-ISAC).

BVNK said that these measures are intended to provide customers with confidence in its operational resilience and ability to manage emerging cyber and operational risks across its global operations.