The World Federation of Exchanges (WFE), the global industry group for exchanges and CCPs, has responded to the EU’s proposals for a Digital Operational Resilience Act (DORA) for Financial Sectors.
The WFE said it welcomed the ambitions of the EU Commission in seeking to improve and harmonize operational resilience requirements across the financial ecosystem – especially those purely operating in digital-based environments.
In a statement, the group said the global pandemic will, naturally, further increase regulatory scrutiny of resilience measures, as society’s dependency on ICT providers is greater than ever before. However, “to ensure that these measures are effective, and can inter-relate smoothly across jurisdictions, they need to be carefully crafted. Prescriptive, tick-boxing rules that do not evolve are to be avoided and, instead, it is risk-based and outcomes-focused guiding principles that are key to enabling the delivering of future resilience against the next threat,” WFE continued. “In this regard, the WFE also welcomes the EU’s desire to achieve a principles, more risk-based, approach but would encourage the Commission to consider how it can go further in embedding that concept across its proposals.”
The WFE said it recognized the Commission’s desire to ensure accountability and to have appropriate oversight capabilities of important ICT service providers. However, meeting that objective does not need to be at the cost of having disproportionate requirements levelled against firms which do not have the accompanying risk profile to warrant them, thereby potentially creating needless barriers to access the most resilient and effective ICT service provision globally available, according to WFE.
The Federation warned that straying from the principle of proportionality could unfairly and unnecessarily promote market fragmentation; with improving the efficiency of markets, reducing risk and consumer choice affected by the proposals. Getting that approach right is integral to encouraging cross-border trade and promoting the EU as a business-friendly environment with safe and efficient markets.
“We strongly support the Commission’s ambitions for improving operational resilience across all sectors of the financial services industry. Ensuring that the measures used in achieving those ambitions are fair and proportionate is integral to their success in the long run,” said Nandini Sukumar, Chief Executive Officer of the WFE. “As a global organization we would also emphasize the importance of observing international guiding rules when considering new requirements and for further consideration to be given to how the regulatory approaches of third-countries can be recognized by the EU, to avoid ICT service provision being unnecessarily inhibited,” he added.
Sukumar said the WFE has a particular concern that, alongside issues such as data localisation developing from rules around location requirements for ICT service providers, aspects of market-data service provision may also be inappropriately captured and subject to prohibitive requirements under DORA. The current definitions employed by the Commission to determine what constitutes an ICT service provider, and also what is deemed to be a ‘critical’ one, appear ambiguous and could lead to confusion in implementation. Better understanding of how market-data service provision would be classified is required – especially if derived from a provider operating from a third-country. Additional clarity, with appropriate regulatory application, that accurately reflects the risk profile of such service provision, would be greatly welcomed by the WFE.