Evaluation of Digital Operational Resilience Frameworks
The European Securities and Markets Authority (ESMA) is set to conduct a comprehensive evaluation of the digital operational resilience frameworks of Crypto Asset Service Providers (CASPs), specifically in the context of their custody operations. This review will hone in on various risks associated with distributed ledger technology (DLT).
Areas of Concern
Areas of particular concern include:
- Governance structures
- Management and storage of keys
- Controls over transactions
- Incident detection and response mechanisms
- Vulnerabilities related to smart contracts
- Reliance on external service providers
Assessment Process
The assessment will be spearheaded by National Competent Authorities (NCAs) who will examine a strategically chosen selection of authorized CASPs, utilizing a risk-based approach. The timeline for this initiative spans from mid-2026 to mid-2027.
Broader Supervisory Strategy
This effort is part of ESMA’s broader supervisory strategy aimed at addressing identified risks, with a specific focus on enhancing resilience in the digital arena and oversight of CASPs. By undertaking this Common Supervisory Action (CSA), ESMA aims to strengthen the consistency of supervision in a fast-evolving market landscape.
Future Regulatory Actions
Following the completion of the exercise in mid-2027, NCAs will compile their findings into a comprehensive report, which will be presented to ESMA’s Board of Supervisors to inform future regulatory actions.