Regulatory demands are growing, and businesses need to be ready. In this interview, Dave Wagner talks about how staying ahead of regulations like DORA isn’t just about compliance—it’s about protecting your business and building long-term resilience.
1. Why is regulatory resilience becoming such a key focus for organizations today?
Regulatory resilience has gained prominence because the risks organizations face today are more interconnected and unpredictable than ever. When a company experiences an operational disruption—whether it’s a cyberattack, a systems outage, or supply chain failure—the ripple effects can impact entire industries or economies. Regulations like the EU’s Digital Operational Resilience Act (DORA) aim to create a baseline for preparedness, ensuring organizations are equipped to handle disruptions without endangering their stakeholders.
For me, it’s about more than compliance. It’s about safeguarding trust. Regulations like DORA provide a structure to help companies build resilience not as a reaction to challenges but as a proactive strategy for sustainable operations. Businesses that embrace this mindset not only protect themselves but also contribute to the stability of the broader ecosystem.
2. What unique challenges do organizations face with regulatory frameworks like DORA?
One major challenge is understanding and interpreting the scope of the regulations. DORA, for example, covers not just financial institutions but also the third-party providers they rely on, such as cloud services or IT vendors. Mapping out these dependencies and ensuring compliance across the entire ecosystem can be overwhelming.
Another challenge is cultural. Too often, regulations are seen as a checklist rather than an opportunity for strategic growth. Leaders need to shift their perspective—resilience isn’t about avoiding penalties; it’s about creating an advantage. Finally, operationalizing resilience is complex. It requires collaboration across departments, from IT to risk management to the C-suite, and that’s not always easy to coordinate.
3. How can leaders create a culture of preparedness for regulatory challenges?
Creating a culture of preparedness starts with communication. Leaders need to articulate why resilience matters—not just to meet regulatory requirements but to protect the organization’s reputation, employees, and customers. When teams understand the “why,” they’re far more likely to invest in the “how.”
Leaders should also model resilience themselves. That means staying informed about emerging regulations, actively participating in resilience planning, and encouraging transparency. If something isn’t working, teams should feel empowered to raise concerns and find solutions. Preparedness thrives in a culture where adaptability and learning are celebrated.
Finally, leaders need to make resilience accessible. Provide the tools, training, and resources employees need to understand their role in the bigger picture. Resilience isn’t a one-person job—it’s a collective effort.
4. How does regulatory resilience tie into broader business resilience?
Regulatory resilience and business resilience are deeply interconnected. Both are about anticipating risks, mitigating disruptions, and ensuring continuity. A strong regulatory framework supports business resilience by establishing protocols for crisis management, incident reporting, and system recovery—all of which are critical in today’s unpredictable landscape.
For example, a company that’s prepared to comply with DORA’s requirements for operational resilience is also likely better equipped to handle a cyberattack or supply chain disruption. The overlap is significant because regulatory frameworks often reflect best practices for broader resilience.
5. Can you share an example of resilience helping a company navigate a regulatory challenge?
One example that stands out is a financial institution preparing for DORA’s implementation. They conducted a series of crisis simulations to test their systems against potential IT outages and third-party vendor failures. These exercises revealed gaps in their processes, but they also sparked innovation.
By the time they aligned with DORA’s requirements, they had not only strengthened their compliance posture but also streamlined their operations and reduced their downtime during incidents. What started as a regulatory requirement became a catalyst for operational excellence.
6. How do global trends in regulation impact organizations operating across borders?
Global organizations often face overlapping or even conflicting regulatory requirements. For example, a company operating in the U.S. might need to comply with cybersecurity reporting laws under the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) while also meeting DORA’s standards in the EU.
This complexity requires a unified resilience framework that can adapt to different regional requirements without creating inefficiencies. It’s also a reminder that resilience is a shared responsibility. Organizations need to stay engaged with regulators, industry groups, and peers to navigate these challenges effectively.
7. What role does technology play in regulatory resilience
Technology is an enabler of resilience. It helps organizations automate compliance processes, monitor risks in real time, and generate insights that guide decision-making. For instance, advanced risk analytics can identify vulnerabilities in an organization’s supply chain, while automation can streamline incident reporting.
That said, technology isn’t a silver bullet. It must be paired with the right governance frameworks and skilled teams who know how to interpret and act on the data. The most effective technology solutions are those that integrate seamlessly into an organization’s existing workflows, enhancing—not complicating—operations.
8. What’s your advice for organizations just starting their journey toward regulatory resilience?
Start with a gap analysis. Take stock of where your organization currently stands in terms of resilience—what’s working, what’s missing, and what needs improvement. From there, develop a roadmap with clear priorities and timelines.
It’s also important to engage your entire organization in the process. Regulatory resilience isn’t just an IT or compliance issue—it’s an enterprise-wide priority. Finally, don’t try to go it alone. There’s a wealth of expertise available, whether through industry forums, consultants, or peer networks. Leverage those resources to accelerate your progress.
9. How should organizations prepare for future regulatory changes?
Future-proofing your organization means building flexibility into your resilience frameworks. Regulations will continue to evolve as new risks emerge, and organizations need to be able to adapt quickly. This requires staying informed, maintaining open lines of communication with regulators, and regularly testing your systems and processes against potential scenarios.
It’s also helpful to take a proactive approach. Don’t wait for regulations to mandate resilience—start building it into your operations now. Organizations that stay ahead of regulatory trends are better positioned to lead in their industries.
10. What’s the biggest opportunity that regulatory resilience offers organizations?
The biggest opportunity is trust. When customers, employees, and stakeholders see that an organization is prepared for disruptions, it builds confidence. Trust is a competitive advantage in today’s world, where uncertainty is the norm.
Regulatory resilience also drives innovation. When organizations embrace resilience as a strategic priority, they often uncover new ways to streamline operations, improve customer experiences, and even reduce costs. Ultimately, resilience isn’t just about surviving—it’s about thriving in a rapidly changing world.
Summary
Regulatory resilience is more than meeting requirements—it’s about safeguarding your future. Dave’s advice makes it clear: proactive planning and a culture of accountability put your organization in the best position to adapt and thrive. Start reviewing your compliance approach today.