The OpRes Resolution
Part one of an operational resolution series
Hello everyone and welcome to the latest edition of GreySpark Insights.
Please do not hesitate to contact us with any questions or comments you may have. We are always happy to elaborate on the wider implications of these headlines from our unique capital markets consultative perspective. Happy reading!
Operational resilience forms the backbone of many of the world’s most critical, and ultimately successful financial firms.
By definition, operational resilience refers to the ability of a firm to absorb and adapt to shocks and disruptions (i.e., system outages and breaches) that inevitably occur.
Recent events in the capital markets industry have served as a reminder of the importance of robust operational systems and frameworks among financial firms, and that system failures, with potentially damning reputational and financial consequences, are never too far away. More worryingly though, it appears that some systems are perhaps falling short of the mark in terms of operational resiliency, at a time where regulators, globally, are enforcing tighter operational resiliency standards.
On 19 October 2023, the London Stock Exchange Group (LSEG) was hit by an outage, which left only FTSE 100, FTSE 250, and IOB securities available for trading. The outage, which occurred roughly one hour before market close, forced an early end to the trading of affected stocks, including high-profile names such as fashion retailer Asos and food-delivery service Deliveroo. Trade orders made during the outage were marked as expired. LSEG has not released any further details on the reasons for the outage and it is currently investigating the matter. The outage was LSEG’s first major interruption since 2019, and unsurprisingly, caused huge backlash.
David Morrison, a market strategist at retail broker Trade Nation, noted:
“For a stock exchange, you have one job and that’s to keep your market going. And when these outages do occur, it doesn’t inspire a lot of confidence…”
Other capital markets firms have also been affected by system outages recently.
In June 2023, SIX Swiss Exchange experienced its worst outage for over ten years, halting trading for three hours. In February 2023, ION Markets was hit by a cyber attack that impacted some of its derivatives services and resulted in trade processing difficulties for clients. ION Markets revealed that the attack had a ‘huge impact’ on clients, with brokers reportedly having to manually input trades. Additionally, the Bank of Ireland was hit with a fine of €24.5 million in 2021 for its lack of service continuity processes in the event of IT disruption.
Such incidents underscore the importance of having robust operational resilience frameworks in place. Without such a framework, it is very difficult for a financial firm to build trust, maintain efficiency, and ultimately, run a profitable operating model.
However, achieving operational efficiency is not a given. In fact, achieving operational resilience is an intricate process spanning several business lines, and often filled with structural challenges, uncertainties, and ambiguities.
For example, GreySpark observes that although the Digital Operational Resilience Act (DORA) which entered into force in the EU January 2023, released arguably the most comprehensive set of IT operational resiliency standards to date, there is little guidance on how to actually meet these standards — especially, from a scenario testing and implementation standpoint. Thus, several financial firms are still left with gaps in their operational resiliency models, leaving them vulnerable to regulatory action. The clock is ticking, with EU-based financial firms having until 2025 to achieve full DORA compliance.
In the coming weeks, GreySpark will address these pain points in achieving operational resiliency compliance, and outline a solution that can help financial firms create a robust operational resiliency model in the face of uncertainty and growing regulatory pressures. Stay tuned.