RegTech Intelligence

The handshake of death: How NYSE crashed the NASDAQ (and how it’s going to happen again)

So, now the dust is beginning to settle in regards to the NASDAQ outage of 22 August, what do we know about the cause?  It’s now clear that it was a ‘bad handshake’ between two rival exchanges that caused the failure, in that the NYSE was not able to connect and pass data to the NASDAQ.  But NYSE’s solution to this was to effectively hit the ‘refresh’ button again and again.  This resulted in a massive deluge of information being sent to the NASDAQ all at once and its systems simply were not designed or built to handle that amount of data.

Going forward, the SEC has stepped in to mediate between the two companies in order to mitigate any more risks.  Although it may be reassuring for the markets, the SEC’s meeting with Euronext and NASDAQ will do very little to prevent the next crash.  The fundamental lack of systems integration is still there and will not be going away anytime soon, unless something drastic happens.

Essentially, the biggest problem faced by institutions is the issue of rival companies who must cooperate with each other.  Development of the systems is not shared between rivals and most of these rival companies understandably keep each other at arm’s length, only working together when it comes to the exchange of mutually beneficial data or when forced to do so by regulators.

This method of system development is inherently unsustainable and becomes more unstable as the computer systems grow.  Imagine how a big institution like eBay would function if its payment system, Paypal, was one of its main rivals and the development of their systems was not collaborative.  It was for this reason that eBay acquired Paypal back in 2002.

This should be a lesson for those in financial markets who depend daily on the tie-ups between two systemic computer systems.

So what’s the solution?

The SEC has been considering whether it’s time to force these institutions to submit to required examinations of their technology infrastructure rather than the voluntary arrangement that’s in place now.

But perhaps that’s still not far enough… It might be that a new global tech oversight body is needed to regulate the integration of these large institutions’ IT systems and keep them talking to each other.

It is clear that technology systems have now evolved to such a level of complexity that it requires new methods of regulation.  The regulators are playing a very difficult game of catch-up, and unless a new proactive approach is considered these outages will only get worse and more frequent.

To promote global dialogue on how to deliver regulatory change JWG post hundreds of focused articles a year to thousands of subscribers. Get involved and join the mail list.

By hitting the subscribe button you agree to our Privacy Policy