Financial Entities Covered and Exempt Under DORA
Introduction
The Digital Operational Resilience Act (DORA) outlines which financial entities are subject to its requirements and specifies exemptions. Determining whether your organization is directly impacted by the regulation is critical for achieving compliance and strengthening resilience within the financial sector.
A key aspect of DORA is its proportionality principle, which stipulates that risk and compliance obligations can be scaled appropriately based on an entity’s size, risk profile, and operational complexity. The proportionality principle, though, does not exempt organizations from compliance—it simply scales their regulatory requirements accordingly.
Financial Entities Covered by DORA
Credit institutions: Banks and similar financial entities that provide credit facilities.
Payment institutions: Entities involved in payment processing, including those exempted under Directive (EU) 2015/2366 (PSD2).
Account information service providers: Providers offering consolidated information on one or more payment accounts.
Electronic money institutions: Entities issuing and managing electronic money, including those exempted under Directive 2009/110/EC (EMD2).
Investment firms: Companies engaged in securities trading and related services.
Crypto-asset service providers and issuers of asset-referenced tokens: Entities dealing with cryptocurrencies and related financial products.
Central securities depositories: Institutions holding and administering securities, facilitating securities transactions.
Central counterparties: Entities that interpose themselves between counterparties to contracts traded in financial markets.
Trading venues: Platforms such as stock exchanges where financial instruments are traded.
Trade repositories: Entities maintaining records of derivatives contracts.
Managers of alternative investment funds: Entities managing investments in alternative assets.
Management companies: Firms managing collective investment schemes.
Data reporting service providers: Entities offering data reporting services in financial markets.
Insurance and reinsurance undertakings: Companies providing insurance and reinsurance services.
Insurance intermediaries, reinsurance intermediaries, and ancillary insurance intermediaries: Agents and brokers in the insurance market.
Institutions for occupational retirement provision: Entities managing occupational pension schemes.
Credit rating agencies: Agencies assigning credit ratings to various financial entities.
Administrators of critical benchmarks: Entities responsible for setting benchmarks critical to financial markets.
Crowdfunding service providers: Platforms facilitating crowdfunding activities.
Securitization repositories: Entities handling the documentation and reporting of securitizations.
ICT third-party service providers: Companies providing information and communication technology services to financial entities.
Financial Entities Exempt from DORA
Managers of alternative investment funds qualifying for the exemption under Article 3(2) of the Alternative Investment Fund Managers Directive (AIFMD).
Insurance and reinsurance undertakings qualifying for the exemption under Article 4 of the Solvency II Directive.
Institutions for occupational retirement provision operating pension schemes with no more than 15 members in total.
Natural or legal persons exempted pursuant to Articles 2 and 3 of the Markets in Financial Instruments Directive (MiFID II).
Insurance intermediaries, reinsurance intermediaries, and ancillary insurance intermediaries that are microenterprises or small or medium-sized enterprises.
Post office giro institutions as referred to in Article 2(5), point (3), of the Capital Requirements Directive (CRD IV).
Conclusion
Understanding the scope of DORA is critical to implementing the appropriate frameworks for becoming and remaining compliant.
DORAedge is designed to simplify compliance, providing your risk and compliance operations with the tools and insights needed to confidently meet your regulatory obligations.
Book a demo or view our plans to get started with DORAedge.