Next event:

The QA Financial Forum: Chicago 2018

25 April, 2018
News and research on financial software quality assurance and risk management

Exchange trade body publishes cyber resilience principles

27 September 2016
Guidelines urge legislators to work hand-in-hand with industry to bolster defences

The World Federation of Exchanges (WFE), an industry body that represents more than 200 exchanges and clearinghouses, has published a set of principles on cyber resilience. The WFE says these are intended to complement a paper released on June 29th by a joint Committee on Payments and Market Infrastructures (CPMI) and International Organization of Securities Commissions (IOSCO) working group on the same topic.

Nandini Sukumar, the WFE's, said: “The WFE supports CPMI-IOSCO’s pragmatic approach to the design of cyber guidance and the engagement it has had with the industry. Regulators and FMIs [financial market infrastructures] need to continue to work hand-in-hand in implementing sensible and practical arrangements on a national level for the benefit of the wider system.”
As with the CPMI-IOSCO report, the WFE principles stress the importance of testing to ensure that cyber defences are effective against attack. Regulations should encourage robust testing, and reviews should be conducted after any attack in order to share the results through the appropriate industry bodies, the WFE says.

Market infrastructure organisations should always be consulted in order to learn the specificities of each organisation and to avoid any unintended consequences. “Different markets have different models and different needs, and incidents are unpredictable in nature,” says the WFE.

The industry body concluded that so far exchanges and clearinghouses have been proactive in developing robust cyber defences. However, given their critical importance in the global financial system, government intervention in matters of cyber resilience was welcome: “Given the global nature of the issue and its systemic significance, it is right and correct that authorities play a key role developing, fostering and promoting consistent industry-wide standards.”

The publication of the WFE report coincided with the Reserve Bank of Australia’s (RBA) annual review of the Australian Securities Exchange (ASX), which has see the regulator urge the exchange to upgrade its cyber resilience measure. By June 2017 the ASX should be able to recover its critical clearing and settlement operations within two hours of an extreme cyber attack, in line with CPMI-IOSCO recommendations, the RBA says.  On the 19th of September the ASX’s equities trading system suffered an outage that led to trading being suspended. The exchange said this failure was due to a failure in the system’s database, not a cyber attack.

The QA Vector 500: your route to the right partner

Looking for a quality assurance, IT risk, or testing partner? Then you need access our expertly researched resource tracking the most important 500 service providers, from the largest to the most specialist.

Sign up now

Get the latest
by email

Newsletter Sign-Up
First Name*
Last Name*
Email*

I understand my contact details will be entered into your database and used to contact me by email with QA Financial's newsletter. See our privacy policy here.

Opted-in to receive newsletter
Source - newsletter sign-up form