At the Risk Evolve convention, Søren Agergaard Anderson, Chief Risk and Compliance Officer at Copenhagen Infrastructure Partners, discussed the seismic shift facing financial institutions as they adapt to the Digital Operational Resilience Act (DORA). He highlighted that DORA’s prescriptive and granular requirements are forcing firms to overhaul their operational frameworks, integrating IT, risk, compliance, and procurement into a unified approach. This transition is particularly challenging due to the need for rapid incident reporting and stringent third-party management, especially when renegotiating contracts with large, often unyielding vendors.

Anderson reflected on the 2023 banking crisis, emphasizing how interconnected risks can trigger cascading failures across the industry. He cited the Silicon Valley Bank collapse as a case where multiple factors, including poor risk management and regulatory complexities, led to widespread repercussions. The key lesson: resilience frameworks must be robust and agile, particularly in managing third-party and supply chain risks.

Drawing on real-world examples, such as the Maersk ransomware attack, Anderson illustrated how meticulous preparation and cross-industry collaboration enabled rapid recovery from major disruptions. He stressed that resilience must go beyond box-ticking compliance and become embedded in organizational strategy, with scenario testing evolving from theoretical exercises to practical, real-world drills.

Looking ahead, Anderson identified AI as both a potential risk and a tool for resilience. He warned of overconfidence in AI-driven systems and the growing threat of AI-enabled fraud, but also expressed hope that advanced analytics could help institutions anticipate and mitigate emerging risks. The future, he concluded, will demand continuous adaptation as new technologies and threats reshape the resilience landscape.