When the EU’s Digital Operational Resilience Act (DORA) took effect in January 2025, it formalized requirements for approximately 22,000 financial entities across Europe. But if you are an asset manager or fund administrator who doesn’t operate within the EU, DORA’s ICT pillars are still a valuable framework for ensuring a sustainable and scalable approach to resilience across your investment operations.
DORA does something that has long been required in investment accounting: it codifies operational resilience principles that reflect where global financial regulation is headed and where investor expectations already are. The thing is, the operational challenges DORA addresses, including third-party dependencies, fragmented systems, incident response gaps and limited tolerance for disruption, don’t stop at Europe’s borders.
Here’s why DORA should matter to you, even if you don’t operate in the EU, as well as how you can apply the best practice standards across your investment operations, particularly investment accounting.
DORA Is Formalizing a Global Shift
Even if DORA only formally applies to EU-regulated entities, the challenges it addresses are universal: dependency on third party vendors, fragmented systems, manual workflows and limited tolerance for disruption.
That is why many global organizations are aligning under a single operational resilience framework across regions rather than treating resilience as a jurisdiction-by-jurisdiction exercise. If you operate globally, serve global investors or rely on a global vendor ecosystem, you are already living inside the risk profile DORA is designed to control.
DORA’s Real Message: Resilience Must Show Up in Daily Operations
DORA’s influence extends well beyond the EU for several practical reasons. First, global firms with European operations must comply, which often means implementing DORA-aligned practices across their entire organization, rather than maintaining separate operational frameworks by region. Second, regulators worldwide are watching DORA closely as they develop their own operational resilience requirements.
DORA provides a framework designed to ensure essential financial services remain available, accurate and trustworthy under any conditions. For asset managers, that means integrating people, data and systems across front, middle and back offices with confidence that operations can withstand shocks without missing a NAV or delaying a report to investors.
Why Investment Accounting Is at the Center of Operational Resilience
When operational disruption occurs—whether from a cyberattack, a vendor failure or a system outage—the impact shows up quickly in investment accounting through a delayed NAV, inaccurate position reporting and manual reconciliation processes that can’t keep pace with recovery timelines. This is exactly what DORA’s framework was designed to prevent and each of these areas has a direct impact on your firm’s reputation and bottom line.
Consider the stakes: a 2024 report demonstrated that it took financial organizations approximately 51 days to contain a breach as well as 168 days to identify one. With the cost of disruption a clear reputational and financial risk, DORA’s five ICT pillars provide a practical operating model for turning resilience from a policy into daily discipline, ultimately helping firms strengthen oversight and increase trustworthiness.
Embedding Resilience into Daily Operations
The firms making the most progress on operational resilience are embedding resilience into daily operations through cloud-native, AI-enabled technology architecture and cross-functional workflows.
This is an almost impossible feat if you’re still operating from decades-old technology. After all, legacy investment accounting systems create inherent fragility. Fragmented books of record, manual processes and batch-oriented data flows mean that when something breaks, the recovery process is slow, opaque and dependent on heroic individual efforts. This is exactly the kind of operational brittleness that DORA’s framework is designed to eliminate.
Modern, cloud-native investment accounting platforms like FundGuard take a different approach. By unifying all books of record, all public and private asset classes and all investment products, on a single accounting engine with real-time data flows, firms gain the transparency and control that operational resilience requires. When an incident occurs, response teams can immediately assess impact across positions. When third-party dependencies need to be mapped, FundGuard provides clear visibility into data flows and service integrations. And when resilience testing is required, teams can run simulations without disrupting production workflows.
Because of this, FundGuard enables firms to build an operational foundation that absorbs disruption without compromising data integrity, client confidence or investor outcomes.
What DORA Gets Right About Resilience Testing
One of DORA’s most significant contributions is its emphasis on continuous, rigorous testing. DORA requires firms to define impact tolerances and test their ability to stay within them as an ongoing discipline.
For investment accounting, this means moving beyond disaster recovery drills that happen once a year, instead regularly stress-testing NAV production workflows, simulating vendor failures and measuring response times against real-world tolerance thresholds. This tightens recovery times, improves client communication and ultimately shows up in the trust that investors place in your firm’s operational capabilities.
Reducing Third-Party Risk
DORA designates 19 critical ICT service providers as entities subject to direct regulatory oversight. This reflects a reality that many firms have been reluctant to address: third-party dependencies can become systemic risks.
For asset managers and fund administrators, third-party risk extends to data vendors, OMS platforms, prime brokers and custodians. When accounting systems are fragmented across multiple providers and platforms, mapping these dependencies—let alone managing concentration risk—becomes extraordinarily complex.
A unified investment accounting platform, like FundGuard simplifies this challenge. By consolidating books of record, asset classes and investment products, and standardizing data flows, firms gain clearer visibility into where dependencies exist and how to manage them. This transparency is exactly what DORA’s third-party risk pillar requires, but it’s also what prudent risk management demands regardless of jurisdiction.
The Business Case Beyond Compliance
DORA compliance costs are estimated to cost the financial sector $181 billion annually, with potential fines reaching up to 2% of global annual turnover for non-compliance. But for businesses that don’t operate in the EU, the business case for operational resilience goes far beyond avoiding penalties.
Investors increasingly expect transparency into how their assets are managed and protected. Service disruptions that delay reporting or compromise data accuracy erode client confidence and create competitive disadvantages. In contrast, firms that can demonstrate robust operational resilience gain a tangible differentiator in the market.
Modern investment accounting infrastructure delivers measurable operational benefits including the elimination of manual reconciliation processes as well as real-time visibility into positions and performance. These not only improve margins, they also reduce risk.
Keep Investors Happy with Operational Resilience
Whether or not your firm operates in the EU, investors expect the operational discipline that DORA promotes, not to mention, regulators are quickly moving towards making the fundamental principles that DORA encourages standard across regions beyond the EU.
But operational resilience requires the right operational foundation. When investment accounting is built on modern, cloud-native, AI-powered architecture with unified data and real-time processing, resilience becomes an inherent capability.
DORA may be a European regulation, but the operational challenges it addresses are universal. The question isn’t whether your firm needs to comply with DORA specifically, it’s whether your operational infrastructure can deliver the resilience, transparency and continuity that today’s markets demand.
Take the Next Step: Get the DORA and Operational Resilience Whitepaper
Are you ready to strengthen your operational resilience? Download our comprehensive whitepaper, DORA and Operational Resilience: Establishing Daily Discipline Across the Organization, to learn how leading firms are embedding resilience into daily investment accounting operations, as well as how modern technology architecture makes compliance a natural by-product of operational excellence.