Financial Market Digitization Act

Digital financial services are an integral part of a future-oriented and competitive economy. With the Financial Market Digitization Act, Germany is now transposing key EU requirements (COM(2020) 591 final of 24 September 2020) into national law. The aim is to strengthen the financial sector for the digital future - with new rules for crypto assets, money transfers, and digital resilience.

In December 2024, the Federal Ministry of Finance (BMF) published the Act on the Digitization of the Financial Market (Financial Market Digitization Act) in the Federal Law Gazette. The entry into force was staggered, whereby all provisions of the law must be complied with by January 1, 2025, at the latest. The Financial Market Digitization Act integrates several EU regulations into German law, including MiCA (Markets in Crypto-Assets Regulation), DORA (Digital Operational Resilience Act), and the Money Transfers Regulation. This type of multilayer regulation is complex, as companies in the financial sector have to comply with the requirements of various laws for the first time. The implementation deadlines were tight, particularly for DORA (deadline: January 2025) and the new crypto transfer obligation (October 2025). The additional bureaucratic burden can also be significant, for example, if new business models in the crypto sector require approvals under the KMAG. Failure to implement this could result in fines, reputational damage, and loss of licenses. The development of know-how for employees should already be underway.

For the transactional financial systems for which the CIO is responsible, strengthening resilience or security against Cybercrime is a legal obligation. In addition, there are further challenges:

• Legacy systems: Existing IT infrastructures are often not designed for real-time reporting, resilience tests, or crypto transfer data.

• Interfaces & Data quality: The obligation to transmit sender and recipient data for crypto transfers requires clean master data and new interfaces.

• Cyber resilience: Companies must test and document their IT systems to ensure resilience, detect attacks, and establish recovery capabilities.

IT managers must act quickly to identify any regulatory gaps and technical risks that may exist. A gap assessment can be used to map requirements to existing processes and derive areas for action.

For DORA and MiCAR requirements can be established SAP technology Delivering added value:

• SAP Business Technology Platform (BTP): For central monitoring, emergency management and integration of external IT service providers.
• SAP Cloud ALM (CALM): For resilience testing, incident management and process documentation.
• SAP Identity Access Governance (IAM): For access controls and security policies.
• SAP Document and Reporting Compliance (DRC): For audit-proof transmission of sender/recipient data for crypto transactions.
• SAP S/4HANA Finance: For transparency in transactional accounting, real-time reporting and integration of digital assets.