The Digital Operational Resilience Act (DORA) was not written with the solutions of a global payment network in mind. One look at its regulatory provisions suggests it might as well have been.
The suggestion is not for a payment network to shoulder DORA compliance on behalf of financial entities operating within its network. That would be a tall order even if the focus was purely cyber resilience. It is made taller still by DORA’s coverage of all operational risks associated with information & communications technology (ICT) and posed by the increasing interconnectedness of financial entities.