How Fireblocks' Solution Unlocks DORA Compliance

Fireblocks has launched a compliance solution aimed at helping financial institutions align with the Digital Operational Resilience Act (DORA), which came into effect on 17 January 2025.
The solution not only addresses regulatory requirements but also enhances the way financial institutions manage third-party vendors, making it a valuable tool for procurement teams navigating the increasingly complex landscape of digital risk management.
The Cyber and Operational Resilience (COR) Compliance Package is specifically designed for banks, financial firms and crypto asset service providers (CASPs) operating under the new EU regulations.
By simplifying compliance and strengthening operational resilience, Fireblocks' solution enables organisations to confidently procure and collaborate with third-party ICT providers while meeting DORA's stringent standards.
DORA requires financial entities to strengthen their cybersecurity defences and ensure operational resilience.
The regulation establishes a framework for managing digital risks, enforcing stricter oversight of third-party information and communication technology (ICT) providers and ensuring that financial institutions maintain robust digital security.
With this in mind, Fireblocks has developed a package that simplifies compliance while maintaining operational efficiency. The solution is particularly relevant for organisations that classify Fireblocks as a Third-Party ICT Provider supporting critical functions.
It is important to note that DORA compliance fundamentally reshapes how financial institutions engage with third-party vendors in B2B procurement processes.
By integrating Fireblocks' COR Compliance Package, organisations can streamline vendor selection and oversight while ensuring adherence to DORA's stringent requirements.
The package not only simplifies contractual obligations through its legal addendum but also enhances due diligence with robust reporting, audits and security measures.
Regulatory support tailored for financial institutions
A key part of Fireblocksā compliance package is a legal addendum to its Master Service Agreement. This document aligns with DORAās contractual requirements under Article 30, helping financial institutions formalise their compliance obligations when working with third-party ICT providers.
In addition to legal support, the package includes periodic and annual reports covering ICT security, performance metrics and support management. These reports provide institutions with the documentation they need to demonstrate compliance with DORA's regulatory standards.
Fireblocks also offers financial institutions access to audit and penetration testing services. These can be conducted through pooled or individual engagements, allowing firms to assess their security posture and identify vulnerabilities.
One standout feature of the package is the Annual Fireblocks Security Pooled Audit Event, which gives clients the opportunity to engage directly with Fireblocks' security team. The initiative helps financial institutions gain deeper insights into their cybersecurity measures and ensures transparency in Fireblocksā security practices.
For procurement teams, this level of oversight is invaluable. With financial institutions required to closely monitor their third-party ICT providers under DORA, Fireblocks' package helps simplify vendor assessments.
Institutions can make more informed decisions, ensuring they partner with service providers who meet the highest security and resilience standards.
Oded Blatman, Chief Information Security Officer at Fireblocks, explains: "Fireblocks provides its customers with a holistic offering designed to meet their DORA obligations confidently and efficiently.
"We've built this package to simplify compliance, reduce complexity and allow our customers to focus on scaling their businesses and innovating in a rapidly changing environment."
Strengthening operational resilience
Unlike some compliance solutions that focus solely on regulatory paperwork, Fireblocks' package integrates technical security measures to help firms meet DORAās requirements in practice.
Fireblocks relies on Multi-Party Computation (MPC) technology, a cryptographic method that enables multiple parties to perform computations without revealing their private inputs to each other.
This enhances the security of digital transactions and asset management, which is critical for financial institutions operating in blockchain and digital finance.
The company also holds several security certifications, including:
- SOC 2 (Service Organization Control) ā a standard for managing customer data securely
- CCSS (Cryptocurrency Security Standard) ā a benchmark for secure handling of crypto assets
- ISO 27001 ā an internationally recognised standard for information security management
By building its compliance package on these security foundations, Fireblocks helps financial institutions meet DORAās requirements while continuing to operate efficiently in the digital asset space.
Oded emphasises that compliance is just one aspect of Fireblocksā approach: "DORA isn't just about compliance ā it's about setting a higher standard for ICT Security and operational resilience.
"With this package, we're empowering financial institutions to not only meet these standards but also thrive in a more secure and transparent financial ecosystem."
Fireblocks already supports more than 2,000 organisations, including BNY Mellon, Galaxy and Revolut. To date, the company has secured over US$7tn in digital asset transactions across more than 100 blockchains and 300 million wallets.
As financial institutions continue to adapt to the evolving regulatory landscape, solutions like Fireblocksā compliance package will play an essential role in ensuring both security and efficiency under DORA.
Explore the latest edition of Procurement Magazine and be part of the conversation at our global conference series, Procurement & Supply Chain LIVE.
Discover all our upcoming events and secure your tickets today.
Procurement Magazine is a BizClik brand.


