The World Federation of Exchanges (WFE), the global trade association for exchanges and clearing houses, has published a letter to the European Commission on behalf of the Chief Risk and Chief Information Security Officers within its membership.
The letter regards the interpretation of Information and Communication Technology (ICT) Service providers under the EU’s Digital Operational Resilience Act (DORA), which governs ICT service providers for companies within the EU.
Whilst the European Supervisory Authorities (ESAs) have made EU regulated services exempt from being classified as ICT services under DORA, they have indicated that the exemption will not extend to third country regulated financial services.
The WFE is urging the European Commission to address this discrepancy and adopt a consistent and coherent interpretation of the definition of ICT services under DORA to ensure an effective implementation.
Without doing this, the Act could have substantial implications and create severe disruption for all types of EU market participants, including asset managers and dealers, receiving financial services from outside the EU. It would also increase the cost of business for EU market participants, reducing access by EU financial entities to non-EU markets, possibly leading to a loss of competitiveness for EU financial entities.
Nandini Sukumar, CEO of the World Federation of Exchanges commented, “We urge the European Commission to urgently clarify that the same distinction applies to non-EU regulated financial services. Any other outcome would undermine principles of international comity and deference to home country regulation, and recent history has shown that such standoffs are counterproductive. The Commission must take fast action to avoid disruption for consumers, increased costs, and to avoid reducing the competitiveness of the EU compared to other jurisdictions.”
The letter was sent by the WFE on behalf of our Enterprise Risk Working Group (ERWG) and represents the views of the Enterprise Risk Management (ERM) and Operational Risk Management (ORM) leadership we convene from the global financial exchanges and clearing houses within our membership. The Working Group develops an industry consensus on ERM/ORM issues to support regulatory responses, stakeholder advocacy, and thought leadership. The ERWG fosters best practices, codes of conduct, and guidelines, while promoting information sharing, education, and benchmarking among members. It works to align global risk management standards and strategies to address common challenges and collaborates closely with the WFE’s Cybersecurity Working Group (GLEX), which pursues similar objectives from a cyber-risk perspective.