London, 12 April 2017 – The World Federation of Exchanges ("WFE"), which represents more than 200 market infrastructure providers including exchanges and CCPs, today published a set of cyber resilience standards designed to be used by WFE members, and other market infrastructure providers, to ensure alignment and common minimum standards across the global system.
The standards cover eight key areas:
- Strategy & Framework: Effective cyber framework arrangements should be in place to establish, implement and review the approach to managing cyber risk.
- Governance: There need to be appropriate lines of accountability, responsibility and cultural buy-in at all levels of an organisation regarding cyber resilience.
- Risk Identification: To mitigate against new risk - in addition to monitoring existing ones - processes and business functions should reviewed and updated regularly.
- Protection / Controls: It is important to continuously evolve protection measures, such as security controls, systems, processes (including behavioural monitoring) to keep pace with market developments.
- Monitoring & Detection: Strong detection controls and standards should be in place that are proportionate to the organisation's relative size, systemic importance, risk tolerance and threat landscape.
- Response & Recovery: Strategies should ensure that critical systems can be restored to full operation as soon as practicable, acknowledging conditions will vary.
- Information Sharing: Organisations should seek to proactively share experiences, knowledge and expertise, and to cooperate and collaborate through industry groups, such as the WFE's GLEX working group (see below).
- Testing, Situational Awareness, Learning & Evolving: Arrangements must evolve with the changing threat landscape.
Today's standards follow a set of cyber resilience principles (issued by the WFE on 23 September 2016) that authorities can take into account when implementing existing, or creating new, cyber standards for FMIs. In combination, the WFE principles and standards are intended to support and complement guidance already provided by global regulators. *
Nandini Sukumar, Chief Executive Officer, WFE said: "Cyber is a top priority for the WFE and its members. We are committed to enhancing cyber resilience within the exchange and CCP industry, and are working together to stay on top of the issue. These guidelines serve as the building blocks upon which WFE members and other global market infrastructure providers can base their individual approaches to cyber."
Gavin Hill, Head of Regulatory Affairs, WFE added: "Cyber resilience is a topic that requires no reminder of its importance. The WFE guidelines are aimed at assuring market stakeholders that the industry is committed to high standards, and to protecting the system as a whole."
The WFE is hosting its bi-annual Technology Conference in London, 24-26 July, with partner Imperial College London. As the lines between finance and industry converge, this event seeks to capture and discuss the latest technological innovations in the market structure space, including cyber.
* The WFE responded to the CPMI-IOSCO Consultative Paper on Guidance on Cyber Resilience for Financial Market Infrastructures in February 2016. You can read the submission here.
- Ends -
About the World Federation of Exchanges (WFE):
Established in 1961, the WFE is the global industry association for exchanges and clearing houses. Headquartered in London, it represents over 200 market infrastructure providers, including standalone CCPs that are not part of exchange groups. Of our members, 41% are in Asia-Pacific, 40% in EMEA and 19% in the Americas. WFE exchanges are home to nearly 45,000 listed companies, and the market capitalisation of these entities is over $67.9 trillion; furthermore, around $84.18 trillion (EOB) in trading annually passes through the infrastructures WFE members safeguard (at end 2016).
The WFE is the definitive source for exchange-traded statistics, and publishes over 350 market data indicators. Its statistics database stretches back more than 40 years, and provides information and insight into developments on global exchanges.
The WFE works with standard-setters, policy makers, regulators and government organisations around the world to support and promote the development of fair, transparent, stable and efficient markets. The WFE shares regulatory authorities' goals of ensuring the safety and soundness of the global financial system, which is critical to enhancing investor and consumer confidence, and promoting economic growth.
About the WFE's Global Exchange (GLEX) Cyber Security Working Group:
GLEX was established in 2013. Its primary function is as an information sharing facility for its members, who comprise a diverse set of Information Security professionals from nearly 30 exchanges and CCPs globally.
For more information, please contact:
Head of Communications, World Federation of Exchanges
Phone: +44 20 7151 4137 / +44 7850 287 685