Financial institutions of all kinds (sell-side, buy-side and market infrastructure operators) are facing stricter rules on how they manage their technology. From the United States to Australia, regulations across the globe are becoming ever more prescriptive in mandating technology best practices.
Some, like the Monetary Authority of Singapore’s (MAS) Technology Risk Management (TRM) notice, have set a strict bar when it comes to the availability of critical systems— specifying no more than four hours of unscheduled downtime in any 12 month period. Others, like the US Regulation Systems Compliance and Integrity (Reg SCI) and the European Markets Infrastructure Regulation (EMIR) have specified Recovery Time Objectives (RTOs) of two hours, requiring firms in scope to have swift and effective incident and problem management processes in place.
Stay current on your favourite topics
Although every jurisdiction varies in its approach, the common theme is that regulators are looking to set minimum standards to reduce risk in trading technology operations and prevent the possibility of disorderly markets. For the purpose of this research, Citihub has chosen to focus on Article 17 of the revised Markets in Financial Instruments Directive (MiFID II). This is set to impact trading and investment firms operating in Europe by January 2018, a one year delay from the original date of January 2017.
Although Article 17 is entitled ‘Algorithmic Trading,’ it has implications that are far broader, given that much of its requirements relate to what the European Securities Market Authority (ESMA) has defined as ‘trading systems.’ This MiFID II update focuses on requirements relating to the governance, testing, on-going review, monitoring and surveillance, pre-trade and post-trade risk management, as well as the security of those trading systems.