DORA's impact on Rabobank and its customers

DORA will apply as per 17th January 2025. By that date all parties governed by DORA, should be DORA compliant.

DORA builds upon existing applicable regulations, so Rabobank, as a financial entity, already complies with a substantial part of this new DORA regulation. We have a program for the implementation of DORA governing the whole Rabo organization.

A such there will not be any direct impact on Rabobank customers or clients. Rabobank is dedicated to meeting the requirements outlined by DORA, ensuring we remain the resilient bank our customers can rely on.

DORA also applies to suppliers who provide ICT services to financial entities, as they are considered as an important part of the financial ecosystem. ‘ICT services’ cover a broad scope of services: from typical software services and cloud services to payment and data services. The technical standards that are enforced on the financial entities are also in force for these third parties.

DORA distincts 2 groups:

1. The critical big tech suppliers (such as Microsoft) that will have to adhere to DORA directly and will fall under direct supervision of a regulator if they are appointed as critical service providers by the regulator, and;
2. All other third-party suppliers that provide ICT services to financial entities who will be impacted indirectly.

The DORA regulation prescribes basically that financial entities may only do business with third-party suppliers with whom they have agreed additional DORA contractual clauses and implemented the required risk management controls.

If you as a Rabobank customer, are also a financial entity yourself, is it possible that you are subjected to DORA as well. Rabobank delivers a variety of products and services, so if you assess that one of the Rabobank services or products qualifies as an ICT service and is in scope of your DORA compliance program, then of course Rabobank will help you to become DORA compliant.