DORA Unchained : What it Means For EU Crypto Exchanges
We delve into the EU Digital Operational Resilience Act (DORA) and its implications for EU crypto exchanges (CASPs) that want to stay afloat of this latest regulatory “tsunami”
Key insights include:
1️⃣ DORA’s Scope: Targets cybersecurity resilience of all EU regulated financial entities, including CASPs. It becomes effective in Jan 2025, shortly after MiCA.
2️⃣ DORA’s Mandates: CASPs must manage ICT risks, report significant incidents to regulators, and conduct regular resilience testing.
3️⃣ Third-party risks: crucially, a focus on managing ICT third-party providers, particularly for “critical” and “important” business functions like wallet infrastructure, Blockchain analytics, Staking-as-a-Service, Travel rule providers, and KYC services.
4️⃣ Impact of DORA: Often overshadowed by MiCA, DORA presents substantial challenges and compliance costs for CASPs.
Final Thoughts: The MiCA/DORA era may lead to market consolidation, as not all CASPs will survive the coming “purge”. But it will also offer opportunities for resilient CASPs. EU Regulation akin to traditional financial institutions should hopefully bring much-needed trust and interest in the crypto sector!
Table of Contents
Background
What Must CASPs Do under DORA?
Going Further
Governance & Organisation
ICT Risk Management Framework
ICT Systems, Protocols & Tools
Identifying ICT Risks
Protection & Prevention
Detection
Business Continuity & Recovery
Backup & Recovery Procedures & Methods
Communication
ICT Incident Management & Reporting
Digital Operational Resilience Testing
Managing Third Party Risk
Conclusion
