RegTech Intelligence 
The International Organization of Securities Commissions (IOSCO) has published a report on market outages, including good practices for managing them. An IOSCO survey found 42 market outages on listed trading venues between 2018 and 2022, primarily caused by software errors.
Members of the World Federation of Exchanges (WFE) agreed with IOSCO’s recommendations.
“Our experience shows that operational resilience as a whole depends on all market participants, not just the market infrastructure that sits at the centre,” said James Auliffe, regulatory affairs manager at the WFE in London.
“Outages are rare occurrences, and our members are already taking them very seriously.”
IOSCO defined a market outage as an event where a trading venue’s essential services, such as order processing, trade execution and trade confirmations, are disrupted by technical or operational problems, leading to a temporary trading suspension.
The IOSCO report followed its 2022 examination of trading venues’ and market intermediaries’ operational resilience during the COVID-19 pandemic. Work-from-home conditions, cyber-attacks and unprecedented trading volumes assessed trading venues and their outsourcing partners’ operational resilience.
“IOSCO’s report once again highlights an issue that has been playing out across the world for years and shows no signs of abating,” said Nicky Maan, chief executive of Spectrum Markets, a pan-European trading venue in Frankfurt. “The global exchange landscape is dominated by big legacy players relying on complex, creaking infrastructure that, in some cases, is 30 or 40 years old. It’s no surprise they’re finding it hard to keep up with an increasingly demanding trading environment, whether that’s about higher volumes or evolving requirements like extended hours.”
The industry has an opportunity to lean into these IOSCO market outage principles, and other international standards by working collaboratively to apply them to the difficult questions the Digital Operational Resilience Act (DORA) asks that each firm answer by 17 January 2025, said PJ Di Giammarino, chief executive at regulatory think tank JWG.
“By working together, every financial institution can document how it meets DORA’s requirements for mitigating technology risk with its trading venues, CCPs, CSDs, Payments systems and other market infrastructure in a better, faster, cheaper and safer manner,” Di Giammarino said.
Five-point plan
IOSCO charted the various business continuity and operational resilience requirements covering market infrastructure, such as trading venues. It noted initiatives from the Australian Securities and Investments Commission (ASIC), the European Securities and Markets Authority (ESMA), the UK Financial Conduct Authority (FCA) and the Securities and Exchange Board of India (SEBI) to address regulatory initiatives targeting market outages. The European Union’s Digital Operational Resilience Act (DORA) also contains elements applicable to exchanges’ technological resilience and monitoring of third-party technology risks.
IOSCO added a five-point plan to this body of work and the Federation of European Securities Exchanges (FESE) framework governing industry-wide protocols for trading venue outages in equity markets.
Briefly, the standard-setter recommended that trading venues develop and publish effective outage plans, establish governance arrangements for those plans and regularly review and evaluate them.
Outage plans should include a communication strategy, a process to resume trading and a procedure for closing auctions and/or establishing alternative closing prices. Lastly, firms should also prepare a post-outage plan for identifying and incorporating lessons learned. Root-cause analysis is critical to informing and developing outage plans, incident responses and remediation activities.
This article was published by
Thomson Reuters Regulatory Intelligence on 20-Jun-2024