Application of DORA has started – FIN-FSA to focus on the management of ICT risks and cyber-threats in its supervision
The objective of DORA (Digital Operational Resilience Act) is to improve consumers’ data security and the continuity of services. It brings about significant reforms in the operational resilience of the financial sector and covers almost all entities supervised by the FIN-FSA.
The Regulation of the European Parliament on digital operational resilience for the financial sector entered into force on 17 January 2023 and applies from 17 January 2025. DORA (Digital Operational Reliability Act) applies extensively to financial market participants in the EU, such as banks, insurance companies, investment firms and ICT companies providing services to them. In its supervision, the FIN-FSA will focus on the management of supervised entities’ ICT and information security risks, the ICT incident reporting process and the supervision of ICT providers’ risk management.
– DORA introduces uniform and transparent rules for the financial sector which are necessary to ensure that institutions in the sector can effectively identify, address and prevent various digital threats. In the current global situation, these threats are very real, states Samu Kurri, Head of Department.
All entities within the scope of application of the Regulation will have a new requirement to report annual costs caused by ICT-related incidents. The Regulation also enables the voluntary exchange of information on cyber threats between supervised entities and the reporting of cyber threats to the supervisory authority. Furthermore, supervised entities are obliged to submit a register of ICT contracts to the FIN-FSA on an annual basis.
The FIN-FSA has obliged the most significant supervised entities to perform threat-led penetration tests at regular intervals.
– For instance significant banks, the stock exchange and the central securities depository are directly compelled by DORA to perform these threat-led data security tests. However, we have also obliged smaller banks and insurance-sector participants to engage in these tests in Finland. By doing so, we foster the achievement of cyber security in the financial sector on an extensive scale, says Kurri.
In Finland, DORA applies to over 400 supervised entities. There is no transitional period for the application of the Regulation, which means that the requirements must be complied with from 17 January 2025.
See also
Regulation on the digital operational resilience of the financial sector – DORA (in Finnish)
For further information, please contact
Samu Kurri, Head of Department. Requests for interviews are coordinated by FIN-FSA Communications, tel. +358 9 183 5030 (weekdays 9.00–16.00).
Keywords
Contacts
Media phone service number
can be contacted on weekdays 9–16, except on Holy Thursday and New Year’s Eve on 9–13.
Finanssivalvonta, or the Financial Supervisory Authority (FIN-FSA), is the authority for supervision of Finland’s financial and insurance sectors. The entities supervised by the authority include banks, insurance and pension companies as well as other companies operating in the insurance sector, investment firms, fund management companies and the Helsinki Stock Exchange. We foster financial stability and confidence in the financial markets and enhance protection for customers, investors and the insured.
Alternative languages
- FIN: Finanssisektorin digitaalista häiriönsietokykyä koskevan asetuksen soveltaminen alkoi – Finanssivalvonta keskittyy valvonnassaan ICT-riskien ja kyberuhkien hallintaan
- SWE: Tillämpningen av förordningen som gäller digital operativ motståndskraft för finanssektorn inleddes – Finansinspektionen fokuserar i sin tillsyn på hanteringen av IKT-relaterade risker och cyberhot
Subscribe to releases from Finanssivalvonta
Subscribe to all the latest releases from Finanssivalvonta by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Finanssivalvonta
Den finansiella sektorn i Finland är kapitalstark – många osäkerhetsfaktorer i omvärlden kvarstår11.12.2025 09:45:00 EET | Pressmeddelande
Trots förväntningarna har Finlands ekonomi inte tagit fart, fastän bland annat näringslivets förtroende har fortsatt att stiga. Utöver apatin i ekonomin hotas den finansiella sektorns omvärld av de svaga offentliga finanserna, geopolitiska risker och oron kring värdepappersprisernas hållbarhet. Kapitaltäckningen i banksektorn i Finland var dock fortsatt stark under tredje kvartalet, fastän nedgången i räntenettot ledde till en resultatförsämring. Också arbetspensions- och försäkringssektorerna var fortsatt kapitalstarka tack vare ökade placeringsintäkter, då marknadssentimentet trots riskerna var huvudsakligen fortsatt positivt.
Suomen finanssisektorin vakavaraisuus on vahva – toimintaympäristössä edelleen useita epävarmuustekijöitä11.12.2025 09:45:00 EET | Tiedote
Odotuksista huolimatta Suomen talous ei ole piristynyt, vaikka muun muassa elinkeinoelämän luottamus on jatkanut nousuaan. Talouden apatian lisäksi finanssisektorin toimintaympäristöä uhkaavat julkisen talouden heikko tila, geopoliittiset riskit sekä arvopaperihintojen kestävyyteen liittyvät huolet. Suomen pankkisektorin vakavaraisuus säilyi kuitenkin kolmannelle vuosineljänneksellä vahvana, vaikka korkokatteen lasku heikensi tulosta. Myös työeläke- sekä vakuutussektorit pysyivät vakavaraisina sijoitustuottojen kohentuessa, kun markkinatunnelmat ovat riskeistä huolimatta pysyneet voittopuolisesti myönteisinä.
Capital position of Finnish financial sector is strong – many uncertainties remain in operating environment11.12.2025 09:45:00 EET | Press release
Despite expectations, the Finnish economy has not picked up, although business confidence, among other things, has continued to rise. In addition to economic apathy, the financial sector's operating environment is threatened by the weak state of public finances, geopolitical risks, and concerns about the sustainability of securities prices. The capital position of the Finnish banking sector remained strong in the third quarter, however, even though a decline in net interest income weakened the financial result. The solvency of the employee pension and insurance sectors also remained strong as investment returns improved; despite the risks, market sentiment remained predominantly positive.
Finansinspektionen rekommenderar flera åtgärder för bankerna för att öka säkerheten vid onlinebetalningar – förordningen om omedelbara betalningar ökar snabbheten men också riskerna9.10.2025 10:10:00 EEST | Pressmeddelande
Finansinspektionen rekommenderar flera säkerhetsförbättrande åtgärder för onlinebetalningar för banker verksamma i Finland, som bland annat gäller säkerhetsgränser och bättre övervakning av bedrägerier. Rekommendationerna baserar sig på Finansinspektionens uppföljande bedömning våren 2025 som bland annat undersökte kreditinstitutens kontroller och processer för säkra onlinebetalningar. Genom förordningen om omedelbara betalningar, som träder i kraft i dag den 9 oktober, blir förmedlingen av betalningar i euroområdet snabbare samtidigt som kontrollen av betalningsmottagarna ökar säkerheten.
Finanssivalvonta suosittaa pankeille useita verkkomaksamisen turvallisuutta parantavia toimia – pikamaksuasetus lisää nopeutta mutta myös riskejä9.10.2025 10:10:00 EEST | Tiedote
Finanssivalvonta suosittelee Suomessa toimiville pankeille useita verkkomaksamisen turvallisuutta parantavia toimia muun muassa turvarajoihin ja petosmonitoroinnin parantamiseen liittyen. Suositukset perustuvat Finanssivalvonnan keväällä 2025 tekemään seuranta-arvioon, jossa selvitettiin luottolaitosten verkkomaksamisen turvallisuuteen liittyviä kontrolleja ja prosesseja. Tänään 9.10. voimaanastuvan pikamaksuasetuksen myötä maksujen välitys euroalueella nopeutuu, ja samalla maksunsaajan tarkistus lisää turvallisuutta.
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom