DORA-as-imagined-by-AI

DORA: Setting a New Standard for Cybersecurity in Finance

The EU has implemented a vast array of regulations designed to oversee the financial sector. This is essential for maintaining a stable and secure financial market, protecting consumers, and fostering fair competition.

Now, DORA, the Digital Operational Resilience Act, is being introduced. This regulation focuses on strengthening the cybersecurity and digital resilience of the financial sector. Its aim is to better equip EU financial institutions to withstand cyberattacks and digital risks, thereby ensuring the stability of the financial system.

As of January 17, 2025, DORA will be applicable to all financial institutions, including banks, savings banks, insurance companies, asset managers, and financial service providers. This broad scope encompasses entities such as factoring or leasing companies, and even account information service providers like wealthAPI.

Cyberattacks in the financial sector: A growing threat

The interest of cybercriminals in financial institutions is unsurprising, given that these companies deal with two highly valuable assets: money and sensitive data. With the financial sector being highly digitized, it presents an attractive target for cyberattacks. 2023 The number of cyberattacks targeting banks is on the rise. In 2023, BaFin received 235 reports from banks about severe IT issues, including cyberattacks. Although the 2024 data is not yet final, it's expected to show an increase. This trend is mirrored globally, with JP Morgan reporting a staggering 45 billion suspicious cyber events per day in spring 2024.

hrough DORA, the EU seeks to enhance cybersecurity and digital resilience in the financial sector. By mandating stricter digital safeguards for financial institutions, the EU aims to mitigate risks such as data breaches, ransomware attacks, and operational disruptions. The protection of sensitive customer information, including account and payment details, is a paramount concern.

The overarching goal of these stringent requirements is to safeguard the stability of the financial system. Cyberattacks on individual financial institutions can have systemic implications, affecting the broader financial market. A case in point is the November 2023 cyberattack on the US subsidiary of the Industrial and Commercial Bank of China, which temporarily disrupted US Treasury bond trading and necessitated manual clearing.

Cyberattacks pose a dual threat: they can disrupt critical systems and erode public trust. It is clear that without robust security measures to protect financial data, consumers will be hesitant to embrace digital banking services. The traditional savings account under the mattress could once again become the preferred method of saving.

DORA: Laying the Groundwork for a Secure Digital Financial Future

While DORA presents challenges for financial institutions, it ultimately enhances their digital resilience, offering long-term advantages. But what does this regulation entail? What specific actions are required of financial service providers? The mandates can be categorized into several key areas:

Comprehensive ICT Risk Management

Financial institutions are required to conduct a thorough inventory of all their IT systems, processes, and data, identifying and assessing potential risks. This involves evaluating the likelihood of vulnerabilities being exploited and the potential consequences of such incidents. To mitigate these risks, financial institutions must implement specific measures, such as enhanced technical security controls and employee training.

Enhancing Digital Resilience

Financial institutions need to be able to maintain critical business functions during and after disruptions. Detailed contingency plans must be developed and regularly tested to ensure a swift and effective response to incidents. These regular stress tests are designed to evaluate the resilience of IT systems against a variety of threats.

Transparent incident reporting

DORA mandates that financial institutions must report specific IT incidents to the supervisory authority, BaFin. These incidents can range from cyberattacks to critical system failures. To facilitate effective oversight, incidents must be classified based on their severity and potential consequences.

Enhancing Third-Party Relationships

Financial institutions need to strengthen their relationships with external service providers by ensuring that these providers adhere to stringent security standards. Contracts with third parties must clearly outline cybersecurity requirements and establish protocols for incident response.

 

Implementing DORA necessitates a holistic approach to the IT environment, requiring close collaboration across all relevant departments. While DORA imposes stringent requirements on financial institutions, these measures ultimately contribute to enhanced security.

By enhancing their resilience as mandated by DORA, financial institutions become better prepared to mitigate the impact of disruptions and cyberattacks. This reduces the risk of data breaches, safeguarding sensitive customer information. Consequently, customers and business partners have greater confidence in these institutions. Successful implementation of DORA can significantly enhance an institution's reputation and competitive advantage.

Specific Measures for DORA Implementation

Although DORA does not dictate specific technical solutions, it establishes clear cybersecurity requirements. These requirements can be met through various concrete measures tailored to each financial institution's unique circumstances. For example:

  • Data Encryption: All sensitive data, both at rest and in transit, must be encrypted to prevent unauthorized access.
  • End-to-End Encryption: To protect highly sensitive data, such as online banking transactions, end-to-end encryption is essential.
  • Role-Based Access Control (RBAC): Each employee should only have access to the information and systems necessary to perform their job duties.
  • Multi-Factor-Authentification (MFA): To enhance security, access to critical systems should be protected by MFA, requiring additional verification beyond passwords.
  • Real-Time Monitoring: IDPS systems should continuously monitor the network for suspicious activity and be able to detect and block attacks in real time.
  • Unauthorized Access Protection: Firewalls should be used to filter network traffic and block unauthorized connections.
  • Regular Updates: Software and systems must be kept up-to-date to address known vulnerabilities.
  • Employee Awareness: A comprehensive employee training program is essential to foster a security-conscious culture and minimize the risk of human error.

Challenges in Implementation

The list demonstrates that the challenges of implementing DORA are significant. The EU adopted the regulation in December 2022 and published it in the Official Journal of the European Union on January 16, 2023. Financial service providers were thus given 24 months to implement the requirements.

Time that was needed. Adapting IT infrastructure and training employees is complex and costly. In the worst case, business processes had to be fundamentally revised. Close cooperation between different departments is essential to meet the new requirements.

Large institutions such as banks or insurance companies can address this problem with a lot of expertise and money. Smaller companies may find it more difficult to implement the new requirements due to limited resources and know-how. The higher costs can lead to competitive disadvantages and make it difficult to retain customers. There is a risk that smaller players on the market will be disadvantaged or even disappear altogether.

It is particularly critical for companies that are less digitally affine. DORA will put them to a severe test. Analog processes must be converted and adapted. Digital companies like wealthAPI can, on the other hand, view the regulation calmly. Although I cannot speak for others, our IT infrastructure is fundamentally geared towards security. We have been meeting the requirements stipulated by DORA for a long time. (Read more about our Security Requirements .)

Impact on Consumers: More Security, but Also Higher Costs?

DORA doesn't only have consequences for financial service providers. Users will also notice effects in the short or long term.

It's clear that increased security allows customers to conduct their financial transactions with greater confidence. Sensitive customer data such as account information, payment data, and personal data is better protected. This reduces the risk of identity theft and fraud. A stable financial system also protects consumers' savings and minimizes the risk of losses in financial crises or cyberattacks. This security ensures that consumers can better plan their financial future. In the long term, customers benefit from innovative products and services enabled by DORA. These could include, for example, improved mobile banking apps or personalized financing offers.

However, the higher security requirements could indirectly lead to higher fees or restricted services. To ensure security, certain services could be restricted or made more difficult. This could include, for example, international transfers or certain payment methods. Less profitable products or services could even be discontinued if they do not meet the new security requirements.

DORA – A Milestone, But…

DORA is a significant step forward in enhancing cybersecurity within the financial sector. However, the fight against cybercriminals is a constant race against time. While DORA establishes new standards, cyber attackers are also continuously evolving their tactics.

The success of DORA ultimately depends on how consistently financial institutions implement the new requirements and adapt to the ever-changing threat landscape. In addition to technical measures, the human factor is also crucial. Phishing attacks and social engineering specifically exploit human curiosity and carelessness. Only through a combination of robust IT systems and trained personnel can financial institutions effectively protect themselves against cyberattacks. Continuous employee training and a strong security culture are essential.

by Ulrike Czekay

ai-as-imagined-by-ideogram

Artificial Intelligence (AI): The Future of a better Fintech world

Artificial Intelligence (AI) and Machine Learning (ML): These cutting-edge technologies are shaping the future and are set to transform the financial landscape.
From enhancing customer support to boosting operational efficiency and developing groundbreaking products and services, the applications of AI and ML are vast. Let's delve deeper into the potential and explore how wealthAPI is harnessing these technologies.
wealthAPI CTO Wolfram Stacklies
wealthAPI CTO Wolfram Stacklies

Artificial Intelligence (AI) and Machine Learning (ML) are transforming the financial services industry

Let's face it, AI and ML can be pretty complex. Before we get into the nitty-gritty, let's take a step back and get a basic understanding of these technologies.

Artificial Intelligence (AI): When machines exhibit human-like intelligence

AI systems possess the ability to learn from data, identify patterns, and autonomously refine their processes. This allows them to adapt to evolving circumstances and consistently enhance their performance.
AI's ability to analyze complex problems, generate multiple solutions, and select the optimal one makes it a versatile tool across industries. In finance, it can enhance decision-making in areas such as lending, fraud detection, and wealth management by leveraging data-driven insights.

Machine Learning (ML): A subfield of artificial intelligence

Machine Learning, a subset of AI, concentrates on developing algorithms capable of learning from data without being explicitly programmed. The quality of the training data significantly impacts the model's performance.

Imagine teaching a child how to play chess. You explain the rules, share some basic strategies, and then let them play against others. Over time, the child learns from their experiences, improves their gameplay, and becomes increasingly skilled. Machine learning works in a similar way: ML algorithms are trained on large datasets to independently recognize patterns and relationships. Based on these identified patterns, the algorithms can then make predictions or decisions. Unlike a child, however, an AI remembers all of its actions and their outcomes – forever.
To further illustrate the difference between AI and ML, consider a robot that can play chess. This robot is an AI system. However, the software used to teach the robot how to play chess employs machine learning techniques.

This is how AI and ML are used in finance

AI and ML are no longer just a vision of the future but are already a reality in the financial world. The implementation of these technologies offers enormous opportunities and opens up new ways to delight customers, optimize processes, and manage businesses more effectively. Companies that proactively address this challenge and use AI and ML responsibly will be the winners of the digital transformation.
This is how AI-powered chatbots and virtual assistants are becoming service representatives in customer service, available 24/7. They answer questions, solve problems, and provide real-time support. Based on customer profiles and behavior, they can offer personalized products and services. Early adopters, including companies and banks, are already using AI to assist customers with account opening, answering questions about products and services, and conducting transactions.
Machine learning optimizes processes, making them more cost-effective, efficient, and faster. Routine tasks such as account management, loan approval, and fraud prevention are automated through ML algorithms. This saves time, reduces costs, and allows employees to focus on more complex tasks. Real-world examples already exist that analyze transactions for anomalies and fraud attempts, blocking them in real time if necessary.
AI-powered analytics also provide valuable insights into customer behavior, market trends, and risk profiles. This enables companies to make informed decisions that increase their efficiency, open up new business areas, and expand their competitive advantage. With the help of ML, companies can develop new financial products and services tailored to the individual needs and preferences of their customers. This creates a new dimension of customer focus and satisfaction.

wealthAPI: Empowering personalized finance with AI and ML

wealthAPI leverages the cutting-edge capabilities of AI and ML to deliver tailored financial solutions that empower our partners. Our proprietary wealth-AI technology is the driving force behind these innovative offerings.
It's an intelligent platform that utilizes real-time wealth and portfolio data to deliver highly personalized product recommendations.

Data aggregation and processing: The backbone of wealth-AI

We start by consolidating and preparing data from diverse sources. As a leading Kontoinformationsdienstleister, wealthAPI has access to a wealth of data, such as:
  • Using current account data (PSD2), we've developed a , that offers our customers' users a clear picture of their spending habits.
  • Custodial account data:Contains details on holdings such as stocks, mutual funds, and exchange-traded funds.
  • Historical data: Allows for the evaluation of previous investment returns.
  • Contractual data:Allows for the identification of recurring payments, premium adjustments, and contract term lengths.
  • Simulated portfolios: Our partners' clients have the ability to test different investment strategies using simulated portfolios.

Training artificial intelligence models using anonymized dataset

Our AI is trained on completely anonymized but highly insightful data. This enables wealth-AI to discern patterns within the data and establish connections between different variables.
Currently, wealthAPI partners can offer personalized recommendations to their clients through a questionnaire. This questionnaire gathers information on investment horizon, sustainability, risk tolerance, and preferences regarding investment products. Based on this information, wealth-AI generates recommendations and shows how other users with similar preferences have invested.

Future vision: AI-powered performance analysis and wealth accumulation

This is just the beginning. In the future, we aim to further expand the capabilities of AI and ML. Our plans include:
  • Analyzing individual portfolio performance: The AI will be able to analyze the performance of each individual client's portfolio, comparing it to similar portfolios (peer group), and identifying potential areas for improvement.
  • Integrating real estate values: wealthAPI plans to include real estate values in its analysis to provide users with a comprehensive overview of their assets.
  • AI-powered wealth-building plans: wealthAPI will provide partners' clients with AI-generated plans to help them achieve their financial goals.
wealthAPI's vision is to create a transformative financial ecosystem where our partners can offer personalized financial products to their clients at the right time. To achieve this, we aim to become Europe's leading platform for financial management and recommendations, powered by an intelligent, AI-driven recommendation platform. We are already the market leader in Germany.

by Ulrike Czekay

Franziska Giffey und Andre Rabenstein

wealthAPI travels with Senator Giffey to VivaTech in Paris

wealthAPI was part of a high-caliber delegation of 18 Berlin start-ups that presented their innovative business model to an international audience at Viva Technology in Paris.
presented their innovative business model to an international audience. As one of the few fintech companies at the trade fair, wealthAPI was able to present its pioneering solution for digital wealth management to a broad circle of potential investors and partners. Together with Berlin's Senator for Economic Affairs Franziska Giffey
wealthAPI took the opportunity to pitch at the stand of the Federal Republic of Germany and thus increase its visibility in the French market. The media interest was enormous and numerous discussions were held with international investors and financial service providers.

economic-senator-giffey-travels-with-berlin-startups-to-paris
Senator Franziska Giffey with wealthAPI CEO Andre Rabenstein

Participating in Viva Technology was an important step towards internationalization for wealthAPI. The contacts made and the positive feedback encourage the company in its strategy to develop the European market. In addition to Viva Technology, the company will also be attending the Websummit in Lisbon later this year with the same aim.

The trip was part of the internationalization project Berlin Goes International of the Berlin Partner for Business and Technology GmbH which is funded by the Berlin Senate Department for Economics, Energy and Public Enterprises.

Click here for the official press release from the Senate Administration (German only).

by Ulrike Czekay

press-team-ideogram

Financial education vs. financial advertising: Finfluencers targeted by German politics

"The German Green Party want to ban influencers from advertising financial products" – this headline in German newspaper Handelsblatt caused quite a stir last week. However, major German financial influencers make a valuable contribution to financial education and enjoy great popularity. They manage to present complex topics in an understandable and entertaining way, inspiring their followers to handle money responsibly.

However, the affiliate business, which many influencers use to monetize their platforms, is fraught with challenges. The legal framework is complex and constantly changing. Moreover, there is a risk that one's credibility could be damaged by exaggerated advertising claims.

For all influencers seeking a compliant and efficient way to monetize their reach more effectively, wealthAPI offers an attractive alternative. Our BaFin-compliant solution enables the transparent and customer-centric promotion of financial products. This allows influencers to focus entirely on their core competency: creating high-quality content.

The advantages of wealthAPI are clear:

  • Security: All financial data of end customers is processed with the highest security standards.
  • Transparency: Customers receive all the relevant information to make well-informed decisions themselves.
  • Scalability: Influencers can better plan their revenues without annoying their community.
  • Flexibility: The solution adapts to the individual needs of each influencer and, ultimately, the end customers.

With wealthAPI, influencers can not only make their revenues more predictable but also strengthen their credibility. After all, those who provide their followers with trustworthy financial tips build long-term relationships.

by Ulrike Czekay