Inside the Early Lessons of DORA Compliance: What Works, What Fails, What's Next?

Six months into DORA — is financial services building real resilience or just ticking boxes?

In this episode of Razorwire, host James Rees is joined by Richard Cassidy, Jonathan Care, and first-time guest Romain Deslorieux to dissect how the Digital Operational Resilience Act (DORA) is really playing out in financial services — beyond the policies and into the pressure.

As financial institutions scramble to meet DORA’s requirements, many are learning the hard way that operational resilience can’t be outsourced. From leadership gaps to consultant overload, our guests share what’s working, what’s failing, and where the cracks are showing across Europe’s regulatory landscape.

🧠 “People fell short on accountability. With DORA, you can’t ignore it anymore.” – Romain Deslorieux

🎯 Key Talking Points:

• The danger of treating DORA as a compliance checklist instead of real transformation
• Why 40–50% of entities lack internal capability and rely too heavily on consultants
• How third-party risk management is shifting from procurement to board-level priority
• Strategies for embedding DORA into operations — not just documentation

🎧 Listen now on your favourite platform: (https://razorwire.captivate.fm/listen)

⸻

🔍 In This Episode:

• 📉 Tick-Box vs True Resilience – Why paper compliance won’t survive first contact with a real incident
• 👥 The Human Capital Gap – Addressing the industry-wide shortage of skilled professionals
• 🔄 Third-Party Risk 2.0 – From due diligence to continuous oversight of critical vendors
• 🧩 Cross-Functional Collaboration – How to get business, IT and compliance pulling in the same direction
• ⚖️ Consultant Dependency – When to bring in help, and how to avoid being left exposed
• 🌍 Regulatory Inconsistency – Why different EU interpretations of DORA create compliance headaches
• 🧱 Security Centralisation – How to implement scalable frameworks across complex institutions
• 💡 Mindset Shift – From prevention-only thinking to continuity, recovery, and resilience

⸻

💡 Mentioned in This Episode:

• DORA (https://finance.ec.europa.eu/digital-finance/digital-operational-resilience-act_en)
• Rubrik, Thales, KuppingerCole
• ISO 27000, NIST, SOC 2, PCI DSS
• CSSF, ABBL, Security Scorecard
• European Banking Authority (EBA)

⸻

🎙️ About Your Host
Hi, I’m James Rees, host of Razorwire and founder of Razorthorn Security. With over 25 years in cybersecurity, I’ve helped clients from global banks to startups navigate the evolving threat landscape and regulatory pressure.

Razorwire delivers real conversations with professionals who live and breathe cyber risk. Whether you’re a CISO, regulator, or compliance lead, this show offers perspective, insight, and practical guidance you won’t get from a whitepaper.

⸻

📌 Subscribe & Connect
🌐 Website: (https://www.razorthorn.com)
📧 Email: podcast@razorthorn.com
📍 LinkedIn: (https://www.linkedin.com/company/razorthorn-security)
📍 YouTube: (https://www.youtube.com/@RazorthornSecurity)
📍 Twitter/X: (https://twitter.com/RazorThornLTD)

⸻

Financial institutions are investing in upgrades to meet the new digital operational resilience requirements. The impact of AI is also driving changes in cyber security and IT, especially with new EU regulations coming into play. Stay ahead of the curve with insights on financial regulation.