RegTech Intelligence 
As the Digital Operational Resilience Act (DORA) prepares to reshape the regulatory landscape for digital asset providers by 2025, businesses are under increasing pressure to implement robust operational resilience strategies.
As JWG and Memery Crystal’s ‘Decoding DORA’s Digital Asset Impact’ roundtable, held under Chatham House rule with industry experts revealed this month, the distinct challenges faced by digital asset firms present very strategic decisions for senior management.
DORA, PS21/3 and their cousins present significant challenges for digital asset providers, particularly in filling detailed business strategy gaps, upgrading risk culture, building operational capabilities, navigating complex obligation deltas and managing global third-party supply chains.
That said, OpRes also offers opportunities for firms to differentiate themselves, gain trust in the market, and position for global expansion by leveraging RegTech to codify an agreed version of the regulatory truth by global business. Digital Assets have an opportunity to implement regulations more effectively and more efficiently compared to legacy control exercises in excel. Ccompliance can grow up and be tokenized with RegTech enabling all-knowing oracles making economic activity safe.
However, getting there will require much improved communication, collaboration, education and perseverance in the face of tight deadlines and high levels of regulatory uncertainty.
They will do well to adopt TradFi standard techniques and innovative GenAI-enabled RegTech services to help navigate complex waters in 2025.
OpRes Challenges for Digital Asset Providers vs. Traditional Finance
Digital asset providers operate in a dynamic and rapidly evolving market, often without the established infrastructures of traditional financial institutions. DORA, like its sister EU Digital Finance Package regulation, the Markets in Crypto-Assets Regulation (MICA) will catch Crypto-asset service providers and asset-referenced token issuers.
MICA has specific references to meeting DORA standards and any ‘critical or important function’, the disruption of which would materially impair financial performance needs to be top of senior management’s agenda. JWG’s analysis, ‘Winning the OpRes Marathon’ here concluded that to tackle these risks, financial entities need to build new muscles: business and vendor strategies, management oversight, ICT risk controls and regulatory transparency
In contrast to banks, many digital asset firms are still in the early stages of building risk management muscle.
One roundtable participant highlighted this distinction:
“Banks have had decades to refine their operational resilience strategies. Digital asset providers, on the other hand, are racing to build theirs in real-time. This creates a sense of urgency that traditional institutions may not face.”
Cybersecurity vulnerabilities are particularly acute for digital asset firms. These firms are frequent targets of cyber-attacks, and DORA’s requirement for rapid incident reporting (within four hours) amplifies the pressure on smaller players who may not have robust cybersecurity infrastructures in place.
Key Challenges: Cross-Jurisdictional Complexity and Third-Party Management
Cross-jurisdictional complexity presents one of the most significant challenges for digital asset firms. Unlike traditional banks, which are accustomed to operating across regulatory frameworks, digital asset providers may well struggle to navigate a patchwork of regulations.
As illustrated by the JWG analysis below, DORA, the UK’s PS21/3, and a slew of specific US all impose different requirements, making it difficult for firms to streamline their compliance processes.
Source: JWG analysis, OpRes RegDelta October 2024
The group concluded that while Digital Asset players were likely to meet DORA’s infrastructure control hurdles for security, identity, encryption and threat management they would be challenged by the cross-functional capabilities required by DORA.
Audit, reporting, communications, incident management, project management and other ICT capabilities were seen as the purview of more mature financial infrastructure and Digital Asset players would likely have significant gaps to fill.
However, as one participant explained:
“It’s not just DORA we’re managing. It’s also UK, US, and other global frameworks. Keeping track of how we meet different obligations in each jurisdiction is a major headache.”
Additionally, managing third-party and subcontractor risks is more complex for digital asset providers. Many of these firms rely heavily on cloud-based and outsourced ICT services.
DORA’s requirement to conduct comprehensive risk assessments and monitor subcontractors introduces a significant administrative burden. Unlike traditional banks with well-developed procurement systems, many digital asset firms are still developing the necessary tools and frameworks to handle these obligations effectively.
Opportunities: Turning Compliance into a Strategic Advantage
Despite the challenges, DORA also presents valuable opportunities for digital asset providers. Compliance with the act can serve as a differentiator in the competitive digital finance space. Firms that can demonstrate strong operational resilience will be more attractive to clients, investors, and partners, particularly in an environment where trust and security are paramount.
One participant observed:
“In the digital asset world, operational resilience can become a competitive advantage. If you can show that you’re compliant and secure, you’ll win clients and partnerships that might otherwise go to competitors.”
The global nature of digital asset markets also offers opportunities. Meeting DORA’s stringent requirements can serve as a steppingstone for entering other heavily regulated markets, such as those in the US or Asia-Pacific. Firms that embrace these frameworks early will be better positioned to grow and scale internationally.
Solutions to Overcome DORA’s Challenges: Insights from the Roundtable
The roundtable participants shared several solutions for navigating the complexities of DORA compliance, offering practical strategies that can help digital asset firms manage risks and build resilience:
Use RegTech to tokenize compliance
With the nature of crypto, tokenisation (web3), direct connections between platforms and AI present an opportunity to implement regulations more effectively and more efficiently compared to legacy control exercises in excel. As JWG have put it in our digital asset analysis here DeFi can build into the blockchain, or as we like to put it, compliance will need to grow up and be tokenized. In some ways, this is the nirvana for RegTech: all-knowing oracles having validated rule sets making economic activity safe.
Many participants stressed the importance of using RegTech tools to manage compliance obligations across multiple jurisdictions. These solutions help firms track regulatory changes, automate reporting, and ensure consistent compliance, reducing the administrative burden.
One participant emphasized:
“Automating compliance through RegTech helps stay ahead of regulatory requirements without getting bogged down in paperwork.”
Adopt a Risk-Based Approach to Governance
Participants also highlighted the need for robust risk management and governance frameworks tailored to the specific risks of the business. A risk-based approach allows firms to prioritize their resources where they are most needed, focusing on critical risks while remaining flexible to regulatory changes.
One participant suggested:
“Risk-based frameworks allow us to be more agile. By focusing on the highest-risk areas first, we can ensure we’re compliant while staying adaptable to changing regulations.”
Collaborate Across the Industry
Several participants called for greater industry collaboration to establish best practices and potentially develop standardized processes for DORA compliance. By sharing knowledge and resources, digital asset providers can reduce duplication of effort and align more closely with regulatory expectations.
One suggestion from a participant:
“Collaborating with industry peers can help reduce costs and improve efficiency. If we work together to create industry standards for DORA compliance, it will be easier for everyone to navigate these regulations.”
Leverage Technology to Improve Cybersecurity
Given the heightened cybersecurity risks in the digital asset space, participants recommended prioritizing investment in advanced cybersecurity tools. Integrating AI-based solutions for real-time threat detection and response can mitigate the risks of cyber-attacks and help firms meet DORA’s incident reporting requirements.
“Cybersecurity needs to be front and center. AI-driven tools for threat detection and incident management can provide the level of protection and responsiveness that regulators are looking for,” one participant noted.
Listen to the experts in RegCast Season 5:
Episode 2 – Digitalizing DORA with DLT
Conclusion
Conclusion: Seizing the Opportunity to Build Resilience and Grow
DORA represents a significant shift for the digital asset sector, requiring firms to rethink their operational resilience strategies.
However, by adopting a proactive approach to compliance, investing in the right technologies, and fostering industry collaboration, digital asset providers can transform these challenges into opportunities.
As one roundtable participant succinctly put it:
“The firms that start preparing now will be the ones who get ahead in 2025. Compliance is no longer just about ticking boxes, it’s about positioning yourself as a resilient, trusted market leader.”
Navigating compliance requires an upgrade to your policies, procedures, contracts and controls. JWG’s OpRes RegDelta accelerator enables safe and efficient alignment between your business, controls, and ever-changing regulation.
As our analysis on OpRes standards shows here, this only gets more complicated from here. Cyber, AI, and Quantum rules will create even more hills to climb.
So don’t wait any longer – talk to us today about how we can help you be confident with your position at OpRes basecamp and ready for the journey ahead.
Upgrade your OpRes with RegDelta
RegTech is at the forefront of better, faster, cheaper, and safer OpRes solutions for 2025 change programmes.
JWG’s OpRes RegDelta enables evergreen linkage with your policies, procedures, and contracts, boosted by our LLM partners, which your teams can interrogate, saving time in spotting and closing your gaps.
Learn how in our new 2-minute video.
Want to arrange a demo? Please contact Corrina.stokes@jwg-it.eu.