DORA2026-03-104 min read

DORA Article 14 Explained: Communication Policies

Also available in:DeutschFrançaisEspañolNederlandsItaliano

Table of Contents

  1. 01Introduction
  2. 02Key Requirements
  3. 03Implementation Guide
  4. 04Common Pitfalls
  5. 05How Matproof Helps
  6. 06Related Articles

Introduction

In the rapidly evolving landscape of digital financial operations, the European Union's Digital Operational Resilience Act (DORA) stands as a cornerstone for ensuring the stability and security of financial services. Among its many critical articles, Article 14 of DORA is dedicated to establishing robust communication policies during crisis situations. This article is crucial for financial entities as it mandates clear and effective communication plans to manage and mitigate the impact of ICT-related incidents and crises. The aim is to maintain trust, protect clients, and ensure that operations can be swiftly restored. This article will unpack the essence of Article 14, guiding compliance professionals through its requirements, implementation, and best practices.

Key Requirements

Article 14 of DORA stipulates several key requirements for financial entities to ensure effective crisis communication and information disclosure. These include:

  • Establishment of Communication Policies: Entities must have predefined policies for informing stakeholders, including customers, about incidents that can impact operations.
  • Identification of Relevant Information: Clear criteria must be established to determine what information is critical and must be communicated promptly.
  • Internal Communication Channels: There should be established channels for internal communication during crises to ensure consistent messaging and coordination.
  • External Communication Channels: Entities are required to have clear protocols for communicating with the public and relevant authorities.
  • Timeliness and Accuracy: Information must be communicated promptly and accurately to avoid misinformation and maintain trust.
  • Training and Drills: Regular training and drills should be conducted to ensure that communication protocols are well understood and can be executed effectively during a crisis.
  • Documentation and Record Keeping: All communications during a crisis, as well as the processes followed, must be documented and retained for audit and review purposes.

Implementation Guide

To comply with Article 14 of DORA, financial entities should take the following practical steps:

  1. Develop Crisis Communication Plans: Create detailed plans that outline the steps to be taken when an ICT incident occurs, including who will communicate what information, to whom, and through which channels.
  2. Identify Stakeholders and Communication Needs: Clearly define who needs to be informed during a crisis, such as customers, regulatory bodies, and internal teams.
  3. Establish a Crisis Communication Team: Appoint a dedicated team responsible for managing communications during a crisis. This team should be trained in crisis management and communication strategies.
  4. Conduct Regular Training and Simulations: Regularly train staff on crisis communication protocols and conduct simulations to test the effectiveness of communication plans.
  5. Review and Update Communication Policies: Regularly review and update communication policies to ensure they remain relevant and effective, especially in light of any changes in technology or business processes.
  6. Ensure Compliance with Local Regulations: Be aware of and comply with any local regulations that may impact crisis communication, such as data protection laws.
  7. Document and Record All Communications: Maintain thorough records of all communications and actions taken during a crisis to facilitate post-crisis analysis and compliance with regulatory requirements.

Common Pitfalls

Mistakes to avoid when implementing Article 14's requirements include:

  • Lack of Pre-planning: Failing to develop comprehensive communication plans can lead to confusion and delays during a crisis.
  • Inadequate Training: Not training staff adequately can result in poor execution of communication protocols.
  • Ignoring Stakeholder Needs: Overlooking the needs of different stakeholders can lead to misinformation and a loss of trust.
  • Poor Record Keeping: Failing to document and retain records of communications can result in non-compliance with regulatory requirements.
  • Lack of Flexibility: Rigidity in communication plans can hinder the ability to adapt to changing circumstances during a crisis.

How Matproof Helps

Matproof's compliance management platform offers tools that automate the tracking and evidence collection for Article 14 requirements, ensuring that financial entities maintain up-to-date communication policies and are well-prepared for any ICT incident. With Matproof, entities can centrally manage their crisis communication plans, conduct effective drills, and maintain comprehensive records, all within a single, secure platform.

Related Articles

For further insights into the Digital Operational Resilience Act, consider exploring these related articles:

DORA Article 14Communication Policiesdigital operational resilienceICT risk managementfinancial regulation

Ready to simplify compliance?

Get audit-ready in weeks, not months. See Matproof in action.

Request a demo