Financial Crime World

Malta’s Small Businesses Face Compliance Risks as DORA Looms

The rapid digitalization of business operations has brought both opportunities and vulnerabilities for small and medium-sized enterprises (SMEs) in Malta’s financial sector. As the Digital Operational Resilience Act (DORA) Regulation approaches, these businesses are at a crossroads, facing compliance challenges that can either hinder their growth or become a strategic differentiator.

Understanding DORA

The European Union has established DORA as a regulatory framework to ensure uniform security requirements for network and information systems supporting financial sector operations. The regulation includes:

  • ICT risk management
  • Reporting of major incidents
  • Digital operational resilience testing
  • Information sharing
  • Measures for sound third-party risk management

Pillars of DORA

SMEs in Malta must understand where they fit within the regulatory spectrum:

  • Microenterprises: fewer than 10 people with an annual turnover or balance sheet below €2 million
  • Small enterprises: between 10-50 employees with a higher turnover and/or balance sheet
  • Medium-sized enterprises: fewer than 250 employees and an annual turnover/balance sheet below €50 million/€43 million

Why DORA Matters

DORA aims to level the regulatory playing field by imposing consistent standards of operational resilience on all financial market participants. It emphasizes cybersecurity risk management, requiring SMEs to bolster their defenses against cyber threats. Compliance with these standards not only safeguards the enterprise but also fosters trust among customers, partners, and investors.

Streamlining Compliance

The proportionality principle is a fundamental aspect of DORA, ensuring that regulatory requirements match the size, complexity, and significance of the entity being regulated. This principle allows SMEs to allocate resources efficiently and focus on mission-critical dependencies.

Challenges for Maltese SMEs

DORA presents several challenges for small businesses in Malta, including:

  • Compliance costs
  • Interpreting legal requirements
  • Managing third-party vendors supporting critical functions

Grant Thornton Solution

Our team of dedicated consultants is committed to guiding SMEs through the DORA implementation journey. We offer a range of services, including:

  • DORA Readiness assessments
  • Consultancy services
  • “SME Consultancy Service Grant Scheme” to support your business by partly financing consultancy services procured by us

Conclusion

As the two-year implementation period reaches its midpoint, it is crucial for SMEs in Malta to assess their progress and identify necessary steps to bridge gaps on the path to compliance. At Grant Thornton, we believe in fostering a collaborative approach that empowers businesses to thrive in a compliant and ethical environment.