Security is being overlooked in Mifid programmes
Security risks in danger of being overlook in rush to implement Mifid solutions, says panel.
New research has highlighted that security risks are in danger of being overlooked, as firms rush to comply with the Markets in Financial Instruments Directive (Mifid). A panel of industry experts has determined that as financial services firms get to grips with identifying and storing all the data required by Mifid, they may be exposing existing flaws in their security as well as introducing new threats they will need to manage.
The panel emphasises the importance of building security into record-keeping processes, to ensure the long-term integrity and security of records. It also points out that there are new risk drivers, which are increasing existing risk and introducing new internal and external risks. Technical solutions exist to many of the security risks that Mifid will introduce; the challenge is getting everything to work together. Some firms have already invested heavily in security solutions, and there is an opportunity to repurpose and re-use existing solutions. However, it’s not just a technical problem, as the panel points out, there needs to be a change in mindset inside firms as many of the new risks come from ‘soft’ factors such as people’s behaviour and attitude. Policy management and identity management will also be key challenges, as well as timeliness – the ability to detect intrusions or anomalous behaviour quickly – which will offer a major advantage.
Firms that do not tackle security issues raised by Mifid will substantially raise their risk profile and leave themselves open to both reputational damage and legal action, the panel warns.
The panel consisted of Ovum’s Graham Titterington, a senior business continuity and security analyst, PJ Di Giammarino, chief executive of financial services industry think-tank JWG-IT, and Brookcourt Solutions’ chief executive Phil Higgins.
“With the vast amount of data across the enterprise, firms will be required to store and trace documentation for significant periods under MiFID and make reconstitutable as at the time of capture," says Phil Higgins, CEO of Brookcourt Solutions. "Security is a key element for firms. For Financial institutions this means data will need to be accessible and auditable in order to comply with MiFID. This includes personal client information, financial products, transactions, governance policy and best practice. Firms are required to ensure this Information is secure and prove its integrity when requested by regulators or clients.”
“With only six months left until ‘M’ day, firms are waking up to the profound implications Mifid has on business processes and supporting infrastructure,” said Di Giammarino. “What JWG-IT are saying is that while it’s important to implement compliant processes and systems, these also need to be secure. Security is one of the key topics that our new financial services Technical Special Interest Group will be looking at over the coming months.”
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@risk.net
More on Infrastructure
Communications surveillance solutions 2024: market update
A report offering Chartis’ latest view of the vendor landscape for communications surveillance solutions
SIMONE, the AI that nearly took down a bank
An algorithm designed to create new structured products ran out of control last year with almost catastrophic consequences for a major bank, as our exclusive whistleblower account reveals
Revealed: where banks are (literally) warehousing their swaps
As derivatives notional grows, dealers experiment with novel storage solutions
E-trading takes hold for FX swaps – sort of
Bulk of trades are being executed over screen, but bolder changes have stalled
From DNA to DHA – Preparing for a new era of digital human augmentation
As technology increasingly permeates societies, cultures and everyday activities, its integration into people’s lives is having a profound impact on what is expected of people in the workplace. Deloitte examines this evolution of today’s workforce, the…
Risk and finance: Working more closely together
Video interview: Thomas Kimner, SAS
Video interview: Fabio Merlino, Intesa Sanpaolo
Fabio Merlino, head of retail and insurance risk discusses how the wealth management division of Intesa Sanpaolo upgraded its risk analytics capabilities with the algo system used by its proprietary traders
The changing face of Risk.net and our magazines
Extensive reader consultation has helped us reshape editorial teams and our site