DORA strengthens the security and resilience of the cryptocurrency market, fostering consumer trust and contributing to the overall stability of the financial system.
The Digital Operational Resilience Act (DORA) of the European Union, which came into effect on January 16, 2023, and will be enforceable from January 17, 2025, has a significant impact on the cryptocurrency market. DORA establishes a harmonized regulatory framework to strengthen the digital operational resilience of financial entities, including Crypto Asset Service Providers (CASPs).
Implications of DORA for the cryptocurrency market
ICT Risk Management:
CASPs must implement internal governance and control frameworks to identify and mitigate risks associated with Information and Communication Technology (ICT). This includes defining digital resilience strategies and ensuring oversight by their boards of directors.Incident Reporting:
CASPs are required to establish internal systems to report severe ICT-related incidents to competent authorities, such as Spain's National Securities Market Commission, in coordination with the European Securities and Markets Authority.Operational Resilience Testing:
CASPs must conduct regular tests on their systems and processes to ensure operational stability, including vulnerability assessments and network security analyses.Third-Party Provider Management:
Proper oversight and management of relationships with external ICT service providers are essential to ensure compliance with resilience standards.Continuity Plans:
CASPs must develop documented ICT business continuity policies with procedures and mechanisms to ensure recovery in case of operational disruptions.
DORA’s implementation represents a significant step in protecting the European financial sector from digital risks, establishing a unified framework that benefits both entities and consumers. However, it also poses challenges for CASPs, which will need to adapt their technological infrastructures, cybersecurity policies, and risk management strategies to meet the new requirements. This entails investments in technology, staff training, and potential changes in corporate governance.