Exchange trade body publishes cyber resilience principles

Guidelines urge legislators to work hand-in-hand with industry to bolster defences

The World Federation of Exchanges (WFE), an industry body that represents more than 200 exchanges and clearinghouses, has published a set of principles on cyber resilience. The WFE says these are intended to complement a paper released on June 29th by a joint Committee on Payments and Market Infrastructures (CPMI) and International Organization of Securities Commissions (IOSCO) working group on the same topic.

Nandini Sukumar, the WFE’s, said: “The WFE supports CPMI-IOSCO’s pragmatic approach to the design of cyber guidance and the engagement it has had with the industry. Regulators and FMIs [financial market infrastructures] need to continue to work hand-in-hand in implementing sensible and practical arrangements on a national level for the benefit of the wider system.”
As with the CPMI-IOSCO report, the WFE principles stress the importance of testing to ensure that cyber defences are effective against attack. Regulations should encourage robust testing, and reviews should be conducted after any attack in order to share the results through the appropriate industry bodies, the WFE says.

Market infrastructure organisations should always be consulted in order to learn the specificities of each organisation and to avoid any unintended consequences. “Different markets have different models and different needs, and incidents are unpredictable in nature,” says the WFE.

The industry body concluded that so far exchanges and clearinghouses have been proactive in developing robust cyber defences. However, given their critical importance in the global financial system, government intervention in matters of cyber resilience was welcome: “Given the global nature of the issue and its systemic significance, it is right and correct that authorities play a key role developing, fostering and promoting consistent industry-wide standards.”

The publication of the WFE report coincided with the Reserve Bank of Australia’s (RBA) annual review of the Australian Securities Exchange (ASX), which has see the regulator urge the exchange to upgrade its cyber resilience measure. By June 2017 the ASX should be able to recover its critical clearing and settlement operations within two hours of an extreme cyber attack, in line with CPMI-IOSCO recommendations, the RBA says.  On the 19th of September the ASX’s equities trading system suffered an outage that led to trading being suspended. The exchange said this failure was due to a failure in the system’s database, not a cyber attack.

Tweet about this on TwitterEmail this to someoneShare on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*