Article

One year of DORA: Building resilience before disruption strikes

16 January 2026

By Louise Fahey, Solutions Consultant, Mambu

Towards the end of 2025, households in the Netherlands received an information booklet aimed at helping them prepare for an emergency situation and manage the first 72 hours at home. This booklet is part of the Denk vooruit (Think ahead) campaign and the message is simple: What you do today makes us stronger tomorrow.

Thinking ahead and planning for disaster, such as power outages, extreme weather or even war, isn’t a fearful reaction - it’s a way of preventing panic and potentially changing the outcome.

To anyone working in IT, this already sounded familiar since most organisations have business continuity and disaster recovery plans in place. However, instead of stockpiling bottles of water and cans of pickles, these plans are designed to maintain the availability of critical systems and services that are available and can recover quickly if disaster happens - the same objectives that are at the heart of the EU’s Digital Operational Resilience Act (DORA).

Like almost every other sector, financial institutions have become increasingly dependent on technology and third-party suppliers to deliver services. However, unlike most other sectors, the unique role of banks and other financial institutions to society means that a failure can have immediate and far-reaching consequences, impacting not just individual customers, but also markets, businesses, and even public trust in the financial system. To mitigate the impact of a worst-case scenario, DORA was conceived to strengthen the operational resilience of financial institutions within the EU.

As we reach the one year anniversary of DORA coming into effect, Mambu continues to help financial institutions think ahead, anticipate disruption, and embed resilience across their systems, processes, and organisational architecture.

A third-party provider you can trust

As the provider of a core banking system, Mambu acts as a vital service provider, supporting the critical and important functions of our clients. Even before DORA, this was a role we’ve always taken seriously, especially given the regulated environments our clients operate in and the nature of the data processed within Mambu. Our platform serves as the system of record for transactions and balances across a financial institution's loan and/or deposit accounts. Platform availability is therefore critical, as any disruption is felt immediately by our clients.

Fortunately Mambu’s approach to security and compliance means we are well prepared in responding to, and recovering from ICT disruptions, such as cyberattacks or system failures. We also have the following measures in place:

  • Well-defined incident management process designed to discover threats quickly, mitigate them, and communicate the impact transparently.
  • Dedicated teams and resources within Mambu to manage ICT risk, supported by a culture of resilience where security and operational continuity are shared responsibilities across our entire organisation.
  • Contractual clauses to support applicable DORA requirements.
  • Regular resilience testing and monitoring to validate our platform’s preparedness for disruptions and support quick recovery if incidents occur.
  • Clear communication channels and processes to keep our clients informed of key updates during incidents, ensuring transparency and helping them maintain trust and confidence even when disruptions happen.

Composable as a solution

It’s not just the above measures that make Mambu a suitable and trustworthy third-party. Our composable approach is perfectly suited to addressing one of the biggest risks to a financial institution’s operational resilience: the complexity and unreliability associated with legacy systems.

The problems facing organisations are twofold:

1. Remaining on legacy systems that aren’t designed to meet modern security and resilience standards, increasing the risk of incidents and downtime.

2. Replacing everything at once, which can be costly, disruptive, and a source of operational risk.

Mambu’s composable approach can help get around these problems. It allows financial institutions to modernise critical systems incrementally, without the operational disruption that a big-bang replacement would involve.

Institutions who opt for a dual or multi-core architecture can even run legacy and modern systems like Mambu in parallel, contain failures, and gradually migrate workloads without interrupting their day-to-day operations. This approach aligns with the concept of the ‘back-up bank’ which was discussed by Lourens Bordewijk, Partner, Deloitte Netherland in June 2025.

Conclusion

Meeting the demands of DORA requires more than just compliance checklists - it needs a mindset of proactive resilience. Financial institutions need to think ahead, anticipate potential disruptions, and embed operational continuity across systems, processes, and culture.

Our composable approach, combined with our robust security and incident management processes, can help banks and financial institutions meet these requirements, while maintaining trust and confidence with their customers.

For additional details or to discuss the measures Mambu has in place to support our customers in their DORA obligations, please reach out to your Mambu contact or by filling out this form. Alternatively, if you would like to see our platform in action, register for our next live demo. We look forward to supporting your resilience journey!

Share this post