DORA Fights Hackers: How new legislation will impact the Fixed Income market

DORA Fights Hackers: How new legislation will impact the Fixed Income market

Last week’s Equilend ransomware attack highlights the timeliness of this incoming DORA legislation in Europe. Similar ransomware attacks last year with ICBC and ION highlight that banks cannot afford to be cut off from markets for hours, let alone days or weeks.

January 2024 saw the release of the first set of rules under DORA for Information and Communication Technology (ICT), third-party risk management and incident classification by European Supervisory Authorities. Four final draft Regulatory Technical Standards (RTS) were published, aimed at enhancing the digital operational resilience of the EU financial sector.

How DORA impacts the Fixed Income market

DORA will have significant implications for financial institutions in the Fixed Income market and reshape their selection process and relationship with third party service providers (vendors).

The newly published regulatory standards will compel financial institutions to set up and maintain a dedicated ICT third party risk strategy, implement comprehensive business continuity policies and a management process to monitor ICT related incidents - all of which will need to be periodically tested. Financial institutions will need to demonstrate robust controls and carry out due diligence and risk assessments of all third-party vendors they use.

All this will need to be shared with regulators to help identify and reduce the impact of threats to financial markets.

As with most new regulation, the most obvious impact for the market will be the cost of compliance to financial institutions and vendors as protection against future potential cyber-attacks and outages, which ultimately may be borne by end users.

What does this mean for vendors in the Fixed Income market?

Perhaps the most significant development, will be the classification of Critical third-party service providers. Those vendors which regulators deem to represent systemic risk in the EU, due to the number of financial institutions they serve and functions they perform, will fall under direct regulatory oversight of supervisory authorities. There will be significant costs to vendors associated with this to comply with new stringent rules, pay Regulator oversight fees and ensure some incorporation in the EU for vendors which are not already there. In short, a two-tier vendor marketplace will evolve, with those vendors that are deemed Critical being under greater scrutiny.

It is important that vendors take pre-emptive steps to get ahead DORA, due to pass into EU law in early 2025.

Vendors must ensure that Fixed Income technology fully complies with the latest information security standards (SOC2), as this is a prerequisite for financial institutions when assessing vendors. Enhanced operational resiliency tests and requirements are also a key feature in DORA. At TransFICC, for example, our venue API translation product and eTrading platform for IRS and Credit Bonds are resiliency tested daily and full DR fail over processes are in place on our own global network with 5 physical data centres across the EU and US.

These features significantly reduce ICT risk and ensure institutions can complete and comply with the new Regulatory Technical Standards published.

How will Financial Institutions adapt their vendor strategy?

There is increased emphasis in the RTS for substitutability of vendors and exit strategies for institutions reliant on one service provider, so we expect to see institutions adopting a more modular approach to their technology stack and using more than one vendor for the same functions, particularly where the function supported is critical. One of the objectives of DORA regulation is to avoid concentration risk on vendors and ensure financial institutions are not locked in to one provider.

The final RTS draft published – ITS on the register of information - will be used by financial institutions as part of their ICT and third-party risk management framework and will enable the effective supervision of the financial institution’s third-party risk management framework by regulators. It will be this data which will be a key source of information in designating which vendors are critical and therefore require DORA oversight by regulators. The identification of critical vendors will impact existing and future contractual relationships and agreements going forward.

Planning for DORA
With DORA due to pass into EU law in 2025 it is important that the Fixed Income market (financial institutions and vendors) start planning for this major change in market structure.

While most regulation adds more costs for banks, DORA can also be viewed as an opportunity to test innovative hosted technology which has a lower cost of ownership. Modular, hosted software can provide a secure alternative to legacy vendors, but reviewing all available Fixed Income products and services requires a detailed project plan, and most important, the time to make an informed decision.



The timetable for DORA compliance is tight, so both Financial Institutions and Vendors need to plan and take action now.


Share
Filter by section
Most popular stories
TransFICC Confirms Intention to Bid for Fixed Income Consolidated Tapes

TransFICC Confirms Intention to Bid for Fixed Income Consolidated Tapes

TransFICC will bid to be the Consolidated Tape Provider (CTP) for the new UK and EU Consolidated Tapes. The FCA is expected to begin its tender process and criteria for the UK CTP in the next few weeks, and ESMA for the EU CTP in January 2025.


Read More Twitter LinkedIn
TransFICC Named "Best Workplace for Technologists"

TransFICC Named "Best Workplace for Technologists"

Having been shortlisted for two previous years, TransFICC has now been recognised at the "Top 1% Workplace Awards 2024"


Read More Twitter LinkedIn
New Report - Corporate Bond Dealers Focus on Trade Automation

New Report - Corporate Bond Dealers Focus on Trade Automation

Coalition Greenwich spoke with 26 bond dealers about the US corporate bond market. Sponsored by TransFICC, the report highlights key technology priorities for 2024


Read More Twitter LinkedIn
TransFICC Secures New Investment of $17 million Led by AlbionVC

TransFICC Secures New Investment of $17 million Led by AlbionVC

TransFICC has closed a Series A extension for $17 million. Led by AlbionVC, all existing institutional shareholders took part in this investment round, which follows the original Series A for $7.8 million, announced in April 2020.


Read More Twitter LinkedIn
TransFICC Named One of The Most Influential FinTech Firms of 2022

TransFICC Named One of The Most Influential FinTech Firms of 2022

Now in its 5th year, the Financial Technologist showcases leading Capital Markets FinTechs


Read More Twitter LinkedIn
TransFICC Launches Consolidated Tape Pilot For EU Fixed Income Using The AFM Regulatory Sandbox

TransFICC Launches Consolidated Tape Pilot For EU Fixed Income Using The AFM Regulatory Sandbox

Press Release - TransFICC has announced a new initiative to develop a Consolidated Tape (CT) for Fixed Income. As part of this initiative, TransFICC has developed a production ready pilot, for Banks, Asset Managers and Regulators to test.


Read More Twitter LinkedIn
Talking with The Trade about the Consolidated Tape for Fixed Income

Talking with The Trade about the Consolidated Tape for Fixed Income

Steve speaks with Kiays Khalil from The TRADE News about the need for a Consolidated Tape in Fixed Income.


Read More Twitter LinkedIn
Speaking with The Desk about Managing Fragmentation in Fixed Income

Speaking with The Desk about Managing Fragmentation in Fixed Income

A smart application of hardware, cloud and open source technology makes for efficient trading systems and reduces the inefficiency that complexity creates


Read More Twitter LinkedIn
Mob Rules - Moving to Virtual Pair Programming

Mob Rules - Moving to Virtual Pair Programming

Like all companies, lockdown has impacted the way we work at TransFICC. We have always championed Extreme Programming as our methodology of choice, so when we decided to close the office at the start of March, this raised some issues around how we would operate with everyone working remotely.


Read More Twitter LinkedIn
All Change - Technology & Efficiency Are The (Old) New Buzzwords in Fixed Income

All Change - Technology & Efficiency Are The (Old) New Buzzwords in Fixed Income

Steve writes for The Financial Technologist - published by Harrington Starr


Read More Twitter LinkedIn
Press Release - TransFICC Secures New Investment From AlbionVC, ING Ventures and HSBC

Press Release - TransFICC Secures New Investment From AlbionVC, ING Ventures and HSBC

TransFICC has closed its Series A investment round for £5.75 million. Led by AlbionVC, it included new strategic investments from ING Ventures and HSBC. The new investors join existing shareholders, Citi, Illuminate Financial, Main Incubator (the R&D unit of Commerzbank Group) and The FinLab.


Read More Twitter LinkedIn
Twitter Feed