Key Points

• EU will implement intelligent crypto regulatory framework mandates between 2024 and early 2025.

• MiCAR and DORA have the advantage of setting a standard and central supervisory authority.

• With these new regulations, Lockchain’s automation and AI platform can enhance efficiency and lower compliance costs.

The digital asset landscape in Europe is on the verge of a transformative shift with the introduction of the Markets in Crypto-Assets Regulation (MiCAR) and the Digital Operational Resilience Act (DORA). These regulatory frameworks, set to be implemented in the next few months, are aimed at governing the crypto space and improving operational resilience, enhancing security controls, and promising to bring clarity to an evolving ecosystem. For Crypto Asset Service Providers (CASPs), understanding the impact of these regulations on their current controls is crucial to ensuring compliance and fostering trust with their clients.

MiCAR and Its Benefits

Set to take full effect on December 30, 2024 (some requirements have already been implemented), MiCAR is designed to provide a unified regulatory framework across the European Union (EU) for all participants in the crypto market. Scarcely has an industry like crypto asked for some form of regulation, and MiCAR was developed to answer that call by ensuring transparency, increasing consumer protection, and maintaining market integrity.

The key advantages of MiCAR for CASPs

• Regulatory Clarity: MiCAR offers a consistent regulatory framework across all EU member states. This eliminates the patchwork of national regulations, allowing CASPs to operate safely and efficiently across borders.

• Investor Protection: With MiCAR, CASPs will be required to ensure adequate transparency and disclosures for their offerings. This will help safeguard investors' interests, which in turn will increase trust in the ecosystem.

• Reduced Compliance Costs: By standardizing regulations across the EU, MiCAR minimizes the need for CASPs to comply with multiple, differing regulations. This harmonization can lead to cost savings and operational efficiency for companies expanding their European footprint.

• Licensing and Passporting: MiCAR introduces a licensing regime for CASPs, allowing them to offer their services across the EU once licensed in a single member state. This passporting feature is especially advantageous for scaling businesses.

DORA and Its Impact on Operational Resilience

MiCAR sets the stage for DORA, which focuses on the controls CASPs require to protect against loss. While MiCAR focuses on regulating crypto-assets and related services, DORA aims to improve operational resilience across the financial sector, including CASPs. As the financial ecosystem becomes increasingly digital, ensuring the strength of technology and operations becomes a critical priority.

DORA strengthens CASPs by addressing the following:

• Operational Risk Management: DORA mandates that CASPs implement robust risk management frameworks to handle operational disruptions such as cyberattacks, data breaches, and system failures. Given their high reliance on technology, operational resilience is critical for their stability.

• ICT Incident Reporting: DORA introduces the requirement for standardized reporting of Information and Communication Technology (ICT) incidents. This enables regulators to see system vulnerabilities and threats better while ensuring CASPs respond quickly to mitigate risks.

• Third-Party Risk: CASPs often rely on third-party providers for various technology services. DORA requires that CASPs monitor and manage risks associated with third-party dependencies to avoid disruptions in critical services.

This last component of DORA is the idea of third-party risk management. CASPs will be required to have exit strategies to continue their business in case one or more of its third parties can no longer provide services. One primary requirement is the monitoring of risks and the need for additional risk assessments due to significant changes. This means more than monitoring for vulnerabilities and exploits. Many instances throughout the history of digital assets involved counterparties that were poorly managed, at best, and, at worst, plainly fraudulent. This caused contagion throughout the ecosystem, leading to long periods of mistrust of the industry.

Therefore, monitoring third parties is vital to a proper compliance and risk management program. How are firms going to monitor for incidents that might affect them? Can they rely on Crypto Twitter to provide accurate and timely information? 

While digital assets present unique challenges for security and risk management teams at CASPs, solutions exist to meet these firms' needs. 

Enterprise institutions, in particular, view these novel technical, security, counterparty, operational, token, protocol, and smart contract risks much differently than many incumbent crypto-native firms. These institutional firms' risk mitigation processes will look similar to those in traditional financial markets. Yet, they must account for a potentially steep learning curve and increased compliance costs.

While tools exist for traditional markets, they may lack speed, accuracy, and scalability for the global and nonstop digital asset markets. AI and automation can be very useful in the compliance arsenal to reduce cost, increase efficiency, and prevent stalling growth by relying on manual interventions and monitoring. 

The Lockchain.ai platform automates many of the significant requirements of MiCAR and DORA imposed on CASPs, including the continuous and real-time monitoring of risks presented by crypto tokens and third parties. The platform is built on a foundation of scalable architecture using carefully tuned AI designed to ingest and analyze a wealth of on- and off-chain data, producing useful outputs for compliance and risk management teams. This reduction in manual analysis considerably lowers costs and increases efficiency, allowing firms to focus on growth.

Conclusion

MiCAR and DORA are designed to set intelligent standards for digital asset servicing and trading firms. By establishing a regulatory framework that supports growth while managing risks, Europe is setting the stage for long-term success in the rapidly evolving digital asset space. This framework is a good indication of the eventual approach of US regulators once they discontinue their audacious path of regulation by enforcement. 

Learn more about the Lockchain.ai solution here.