The World Federation of Exchanges (WFE) published a letter to the European Commission (EC) on behalf of the chief risk and chief information security officers within its membership. The letter regards the interpretation of Information and Communication Technology (ICT) Service providers under the EU’s Digital Operational Resilience Act (DORA), which governs ICT service providers for companies within the EU.
Whilst the European Supervisory Authorities (ESAs) have made EU regulated services exempt from being classified as ICT services under DORA, they have indicated that the exemption will not extend to third country regulated financial services.
The WFE is urging the EC to address this discrepancy and adopt a consistent and coherent interpretation of the definition of ICT services under DORA to ensure an effective implementation.
Without doing this, DORA could have substantial implications and create severe disruption for all types of EU market participants, including asset managers and dealers, receiving financial services from outside the EU. It would also increase the cost of business for EU market participants, reducing access by EU financial entities to non-EU markets, possibly leading to a loss of competitiveness for EU financial entities.
Nandini Sukumar, CEO of the World Federation of Exchanges, said in a statement: “We urge the European Commission to urgently clarify that the same distinction applies to non-EU regulated financial services. Any other outcome would undermine principles of international comity and deference to home country regulation, and recent history has shown that such standoffs are counterproductive. The Commission must take fast action to avoid disruption for consumers, increased costs, and to avoid reducing the competitiveness of the EU compared to other jurisdictions.”