DORA2026-03-104 min read

DORA Article 37 Explained: Cooperation Between Authorities

Also available in:DeutschFrançaisEspañolNederlandsItaliano

Table of Contents

  1. 01Introduction
  2. 02Key Requirements
  3. 03Implementation Guide
  4. 04Common Pitfalls
  5. 05How Matproof Helps
  6. 06Related Articles

Introduction

In the rapidly evolving landscape of financial technology, the European Union's Digital Operational Resilience Act (DORA) stands as a pivotal framework designed to enhance the digital operational resilience of financial entities. One of the critical aspects of DORA is the emphasis it places on cooperation between competent authorities and overseers, as outlined in Article 37. This article delves into the specifics of what this cooperation entails, its importance, and the practical steps financial entities must take to comply.

Key Requirements

DORA Article 37 sets forth the following key requirements:

  • Cooperation and Exchange of Information: Competent authorities and overseers are mandated to cooperate and exchange relevant information to ensure the effective implementation of DORA.
  • Joint Supervisory Activities: Authorities may carry out joint supervisory activities if deemed necessary for the consistent application of DORA.
  • Confidentiality and Data Protection: Information exchanged between authorities must be treated with strict confidentiality and must comply with applicable data protection laws.
  • Use of Information: Received information can only be used for the purposes for which it was provided, unless otherwise agreed upon by the parties involved.
  • Cooperation with Third Countries: Competent authorities are required to cooperate with equivalent oversight bodies in third countries to the extent necessary for the effective application of DORA.
  • Reporting Mechanisms: Authorities must establish reporting mechanisms to communicate significant operational incidents and digital operational resilience issues.

Implementation Guide

To ensure compliance with DORA Article 37, financial entities should take the following practical steps:

  1. Establish Clear Protocols: Develop internal protocols for sharing information with competent authorities, ensuring that all data exchanged adheres to confidentiality and data protection requirements.
  2. Participate in Joint Activities: Be prepared to participate in joint supervisory activities and collaborate with other financial entities when required.
  3. Train Staff: Educate staff on the importance of cooperation with authorities and the procedures to be followed when engaging in such activities.
  4. Implement Data Protection Measures: Ensure that all data protection measures are in place to safeguard any information received from or shared with competent authorities.
  5. Monitor Third-Country Cooperation: Keep abreast of developments in third-country cooperation and adjust internal policies and procedures accordingly.
  6. Develop Reporting Systems: Establish effective reporting mechanisms to promptly communicate any significant operational incidents or digital operational resilience issues to the relevant authorities.

Common Pitfalls

Here are some common pitfalls to avoid when implementing DORA Article 37:

  • Lack of Clarity in Protocols: Vague or unclear protocols can lead to non-compliance or miscommunication with authorities.
  • Insufficient Data Protection: Failing to implement robust data protection measures can result in data breaches and legal consequences.
  • Non-Participation in Joint Activities: Resistance to joint supervisory activities can hinder the consistent application of DORA and negatively impact the entity's reputation.
  • Overuse of Shared Information: Using received information beyond the agreed-upon purposes can lead to legal disputes and damage relationships with authorities.
  • Ignoring Third-Country Cooperation: Failing to cooperate with oversight bodies in third countries can result in operational gaps and increased risk.

How Matproof Helps

Matproof's compliance management platform streamlines the tracking and evidence collection processes for Article 37 requirements, ensuring that financial entities maintain clear records of information exchanges and joint activities. With automated reminders for reporting obligations and a centralized repository for all relevant documentation, Matproof helps organizations stay on top of their DORA compliance obligations without the risk of oversight.

Related Articles

For further insight into the Digital Operational Resilience Act and its implications, consider exploring these related articles:

DORA Article 37Cooperation Between Authoritiesdigital operational resilienceICT risk managementfinancial regulation

Ready to simplify compliance?

Get audit-ready in weeks, not months. See Matproof in action.

Request a demo