Is your solution ready?
In this article, Paul Kitchener examines how the upcoming DORA (Digital Operational Resilience Act) regulation will impact third-party providers and how our CADENCE Session Exchange Community offering ensures robust resilience through redundancy. We highlight DORA’s five foundational pillars and explore DORA’s implications for the future of digital operational resilience.
What is the Digital Operational Resilience Act - DORA?
The Digital Operational Resilience Act (Regulation (EU) 2022/2554) solves a critical problem in EU financial regulation. Once fully implemented DORA ensures that financial institutions can withstand, respond to, and recover from all types of ICT (Information and Communication Technology) related disruptions and threats.
These are the five pillars of DORA.
DORA officially enters into force on 16 January 2023 and will apply as of 17 January 2025.
In this article, we focus on the third and fourth pillars and their implications for our clients.
Why do we need DORA?
Highlighted by the UK Financial Conduct Authority (FCA), outages like the 2024 CrowdStrike emphasised the increasing dependence on unregulated third parties to deliver important business services.
Before DORA, financial institutions managed the main categories of operational risk, mainly through capital allocation, but they did not manage all components of operational resilience.
After DORA, financial organisations must also follow the rules for the protection, detection, containment, recovery and repair capabilities against ICT (Information and Communication Technology) related incidents.
DORA explicitly refers to ICT risk in finance and sets rules for ICT risk management, incident reporting, operational resilience testing, and ICT third-party risk monitoring.
This EU Regulation recognises that ICT incidents and limited operational resilience can jeopardise the fitness of the entire financial system, even if there is acceptable capital for the established risk classes.
Our Approach to Resilience
As a rapidly growing fintech company quickly transitioning to cloud-based offerings, we've prioritised using industry best practices to protect our platforms from cyber threats. DORA brings regulatory alignment to these efforts.
Speakerbus has taken a proactive approach to enhance trader voice resilience by conducting scenario-based tests with third-party providers. This ensures comprehensive coverage across our Trader Voice ecosystem for protection against cyber-attacks and system failures.
Following each test, feedback and improvement sessions identify any gaps, enabling us to address vulnerabilities and strengthen our defences.
We’ve learned that realistic testing scenarios are crucial for assessing and improving operational resilience. With DORA compelling vendors to test their environments, two-way feedback is vital to maintaining high resilience standards.
Building a Smarter Cloud
The Speakerbus CADENCE Community platform has multiple resilience capabilities, including connection and service options that reduce client ICT risk.
Edge Options
The final delivery mechanism represents a potential failure point which is addressed depending on the chosen deployment method:
Cadence Cloud Connect
A secure interface to CADENCE when exposed to the internet.
For a Cloud Connect client, resilience at the edge is their responsibility.
CADENCE provides a costed option to access primary and secondary public addresses for their service, which provides a backup that can be automated depending on the client solution in place.
Cadence Dedicated Connect
This option provides a private dedicated connection to CADENCE, which can be enhanced with dual connections to de-risk the local equipment (dual data centre delivery), the local carrier and the regional CADENCE data centre.
Dual delivery is a costed option to clients that ensures their services are delivered from separate CADENCE locations over diverse carriers to separate client locations.
Cadence Secure Connect
This version offers an encrypted tunnel that secures a Dedicated Internet Access (DIA) connection to CADENCE.
Secure Connect can be enhanced with dual connections to de-risk the local equipment (dual data centre delivery), the local carrier and the regional CADENCE data centre. Dual delivery is a costed option for clients that ensures their services are delivered from separate CADENCE locations over diverse carriers to separate client locations.
Cadence Enterprise Connect
A network-to-network connection for CADENCE via Google Cloud Platform (GCP).
Enterprise Connect offers additional levels of resilience at the traffic level using the Border Gateway Protocol (BGP). BGP automates traffic management over 2, 3, or 4 physical connections managed by BGP-configured routers.
Service Level Resilience
Data Traffic
The CADENCE' Core is multi-path and multi-service resilient. The connectivity between datacentres is multi-path, which provides continuity of service in the event of a link outage or connecting equipment outage. Speakerbus has a hybrid Cloud/MPLS-based global network with latency specifications comparable to TDM transmission times.
Session Services
The Session Border Controllers are duplicated in our Google Cloud Platform Environment. Carrier Network to Network Interfaces (NNI) are published across two network addresses to provide a 'Live - Live' resilience, which is also available to premium clients.
Our architecture utilises multiple Session Border Controllers (SBCs) that are provisioned as high-availability pairs within multiple regions with multiple alternate routing paths for robustness and resilience.
The QORUS Communication Servers are hosted as dual high-availability hardware pairs, which are duplicated across regional data centres. This provides resilience against hardware failure and location-based outages.
Partner Resilience
With over four decades of experience supporting critical trader voice services, we have refined our processes and procedures to serve the most demanding markets.
So, when a solution requires supporting services from our certified partners, our engineering and commercial teams select top-tier suppliers that meet and exceed our clients' needs.
This commitment is evident in our development of the Cadence offering. We collaborate with industry leaders for cloud connectivity such as Google Cloud Platform, Microsoft Azure and for seamless, single-pane compliance we utilise Liquid Voice.
Regarding DORA, our goals remain to deliver resilient, secure solutions.
At Speakerbus, we continuously work with our partners and clients to meet new regulations and are prepared to collaborate with their teams to support DORA requirements.
Let's Talk
Find out more about how Speakerbus’ solutions enhance trader communications or get in touch with our team for any specific trader communications questions you may have.
