The World Federation of Exchanges (WFE) is the global trade association that represents more than 200 market infrastructure providers including exchanges and CCPs. Each year over $26 trillion in trading is processed by the infrastructure operated by WFE members. Cyber security is a matter of enormous importance to WFE's members, and is vital to the continuing stability of the financial system.
The WFE applauds the initiatives undertaken by regulators globally in groupings such as CPMI and IOSCO to further strengthen the safety and resilience of the world's financial system.
Financial Market Infrastructure providers (FMIs) have also been proactive and vigilant as an industry: there are clear incentives to get this right given the extensive negative repercussions on their business of any cyber disruption. The industry's dynamic approach is typified by WFE's Global Exchange (GLEX) Cyber Security Working Group, composed of cyber experts - typically at CISO level - sharing their knowledge and delivering the solid technical foundations for policy formulation.
In its response to the CPMI-IOSCO consultative document, the WFE highlights the steps taken by the industry and the importance of having effective arrangements in place to establish, implement and review members' approaches to cyber threats.
"Exchanges and CCPs are vigilant and pro-active about cyber security and resilience, the issues at the heart of operating modern markets," said Nandini Sukumar, CEO of WFE. "As markets assume a greater role in funding and financing the economy, stakeholders must be confident that they can trust them. There is global consensus around the importance of investing and securing the framework on which the system rests."
The WFE supports the benefits of having a high-level, globally agreed framework within which to operate, but cautions against being overly prescriptive. For example, CPMI-IOSCO proposes a two hour post cyber attack recovery time. WFE believes that because of the unpredictable and complicated nature of such attacks, two hours is too specific and that FMIs should aim for critical systems to resume full operation as soon as possible without further compromising the orderliness of the market. Different markets are at different stages of development, and threats and risks are often different for FMIs than other parts of the financial system.
Gavin Hill, Head of Regulatory Affairs at WFE said "FMI cyber security is rightly attracting a lot of attention at the global level. The industry and regulators are working hard to satisfy the shared objectives of ensuring the continued delivery of well-functioning and well-managed financial infrastructure in which investors can have confidence. This response highlights the practical, proactive steps that the industry is taking."