.svg)
Marine Krasovska, head of the financial technology supervision department at Latvijas Banka, explained to Vixio how the country is preparing for the implementation of key EU regulations.
The deadlines for the Digital Operational Resilience Act (DORA) and the Markets in Crypto-Assets Regulation (MiCA) are approaching and compliance is already underway throughout the EU and across a variety of financial institutions.
"Latvia has been proactively preparing for these changes," said Krasovska. "DORA will enhance the ability of market participants to manage ICT risks, mitigate cyber threats, and improve their cybersecurity capabilities."
The act will introduce stringent requirements in four major areas: ICT risk management; incident reporting; digital resilience testing; and third-party service provider risk management.
For MiCA, which was approved by the Saeima, Latvia’s parliament, on June 13, the focus is on creating a unified regulatory framework for the crypto-assets industry across the EU.
"The regulation will address gaps in national regulations that cause market fragmentation," Krasovska said, emphasising Latvia's compliance culture and the country's small but growing crypto market.
Challenges and impact on the sector
The impact of these regulations will be felt across various financial entities, including payment service providers, e-money institutions and crypto firms.
"These companies will need to invest in more robust systems and processes to ensure continuous operation during disruptions," Krasovska said, adding that enhanced incident reporting requirements and increased oversight are expected to improve transparency and safeguard customer transactions and data.
Traditional banks, with their well-established compliance frameworks, are generally better prepared to meet these new standards, she acknowledged, adding that fintech firms face more significant challenges in adapting to the new regulatory landscape.
"For fintech companies, it may take more time to review existing business models and introduce robust internal control systems," Krasovska observed.
However, she also said that Latvijas Banka is engaging with various stakeholders, including the Ministry of Finance, the Financial Intelligence Unit and industry associations, to ensure a smooth transition.
For example, the central bank's Innovation Hub is providing consultations to companies planning to obtain licences under the new regulations.
Krasovska expressed confidence in the benefits of these regulatory changes. "DORA will ensure that financial market participants implement frameworks to address emerging types of cyber threats," she said, pointing out that this includes new requirements for third-party providers and cloud services, critical for maintaining financial stability.
The official also took time to reflect on the recent CrowdStrike outage, which sent ripples throughout the world and gave a strong indication to how necessary operational resilience planning is for companies in the financial services industry and beyond.
She noted that although the Latvian market was unaffected, such events highlight the vulnerabilities in third-party risk management.
"The DORA framework could help mitigate, though not entirely eliminate, such incidents by implementing robust cybersecurity measures," she said.
