How to Build a Resilient Wallet Strategy for Your Organization: DORA and its Key Implications In 2018, TSB Bank had intermittent outages and glitches that lasted for about six months. The bank lost roughly £107 million, and many of its customers received terrible service during this period. This, along with many other incidents, necessitated financial institutions to have better benchmarks to withstand tough technical and cyber incidents. This way, institutions will run effectively and satisfy their customers despite any issues they might face. DORA was drafted for this purpose. The legislation will become active in 2025, and all European financial institutions have been buckling their belts to meet the compliance check. This short article is an eye-opener if you are curious to know clearly what DORA is all about and how you can plan to comply with it as a digital asset firm leader. What is DORA? The Digital Operational Resilience Act (DORA) is a European Union statute that sets the standard for building battle-tested financial systems that can withstand technical and cyber risks to ensure uninterrupted business continuity. The statute defines operational resilience as the ability of a financial entity to ensure integrity, reliability, and continued provision of financial services. That is, the extent to which a financial company’s systems are battle-tested against threats or glitches. Of course, there has been a paradigm shift from traditional asset management to a digital one, and even top traditional financial institutions such as JP Morgan are adapting to it. Meanwhile, a new tide presents new risks. The digital format of running financial institutions also comes with inherent risks in terms of technicality and cybersecurity. For example, the global Crowdstrike outage on June 22nd, 2024, affected HSBC, Metro Bank, and Virgin Money. From a regulatory standpoint, various laws have provided for resilience, such as the Cyber Resilience Oversight Expectations (CROE), Critical Entities Resilience Directive, NIS 2 Directives, and similar regulations. However, DORA is positioned to serve as a consolidation, or a rather more specific version, of these laws. The third preamble of DORA affirms interconnectedness among financial infrastructure providers and institutions. This law demands operational resilience from both players for overall efficiency. Does DORA apply to your organization? This regulation does not apply to everyone or every organization. For example, it does not expressly apply to SME insurance intermediaries and many others. Therefore, you need to be sure if it applies to you before preparing to comply with it. Article 2, paragraph 1 of the state provided explicitly for the financial entities that must comply with the law: authorized crypto-asset providers and issuers of asset-referenced investment firms payment institutions management companies ICT third-party providers credit institutions credit rating agencies data reporting service providers trading venues insurance trade repositories institutions for occupational retirement securitization repositories crowdfunding service providers account information service providers managers of alternative investment funds central securities depositories administrators of critical benchmarks How to Comply with DORA DORA will be in operation from January 17, 2025. As a result, every affected financial entity in the EU must know how to comply with the law. Here are four cogent areas to look into: ICT Risk Management The law demands that financial entities be aware of the risks their operations can incur and manage them properly. On this note, the Act expects a company to use infrastructure that can support the magnitude of its capacity. There have been cases of outage because a company’s infrastructure was not scalable enough for the growing number of users. These risks should have been preempted and managed beforehand. Secondly, DORA demands that every institution draft its internal risk management policies where they will track and document how they are fixing discovered vulnerabilities. Timely ICT-related Incident Reporting If you want to comply with DORA, bear in mind that risky incidents must be communicated promptly. Create structures for effective public relations and communications in your organization. According to the Act, companies owe this information-sharing duty to their customers and the appropriate regulators. This ensures that every stakeholder is aware of the issues going on. Testing and Audit ICT risks can be assessed and discovered ahead of time through various means. The Act expects companies to test their systems for proper functionalities rigorously. This also includes stress testing to ensure companies are resilient enough to handle a gradual or sudden influx of new customers without breaking down. More importantly, penetration testing and thorough audits are mandatory to create battle-tested systems. Management of Third party Risk An organization is only as strong as its weakest link. This also necessitates ensuring your third-party partners or integrations are not your weak links. Particularly, it’s better not to rely on only one provider because your business will halt if your only third-party solution is down. This means your system does not have operational resilience. It’s recommended you have two or more providers. On this note, Utila is a highly secure crypto wallet solution your organization can rely on. If you already use a third-party crypto wallet solution, we recommend also using Utila to strengthen your system and comply with DORA. About Utila Utila offers a secure, non-custodial, chain-agnostic, institutional wallet platform powered by MPC key management and a robust policy engine. We simplify digital asset management and crypto operations for institutions without compromising on security or usability. Utila enables organizations of all sizes to securely manage digital assets across multiple blockchains, wallets, and users on a single platform, without any complexity. Trusted by industry leaders, Utila has secured over $9 Billion in transactions within a few months and is growing rapidly. Get in touch with us today!
September 9, 2024 Press Release Utila Partners with Figment to Empower Institutions with Streamlined Staking Solutions Read More
August 7, 2024 Article How Account Abstraction will Transform Digital Asset Management: A Deep Dive Read More