Markets fight snafus in securities trading
Financial markets, now heavily dependent on technology, need to be safeguarded against cyberattacks, natural disasters and the more prosaic scourge of human error that can cause massive disruptions, according to experts and a federal panel.
In March 2012, a software error forced the equities exchange BATS to cancel its own initial public offering. Two months later, the IPO of Facebook was delayed when Nasdaq had trouble with its stock trading system. In August 2012, Knight Capital lost money when technology problems with trading software led the firm to submit unintended orders for New York Stock Exchange securities. Also last year, Superstorm Sandy led to a two-day closure of the NYSE and Nasdaq. And always looming is the threat of a cyberattack that could disrupt securities trading, erase financial records or even steal assets.
To combat these types of high-profile snafus of the past year, the Financial Stability Oversight Council's 2013 annual report lays out suggestions for protecting markets and people's money from technology failures.
"The extremely high speeds at which markets operate can compound the overall impact of even small operational failures," Treasury Secretary Jacob Lew testified in May before the Senate Committee on Banking, Housing and Urban Affairs.
The Financial Stability Oversight Council's report said the Securities and Exchange Commission, in conjunction with various market participants, is examining the relationship between the operational stability and integrity of the securities market and the ways in which market participants design, implement, and manage complex and interconnected trading technologies.
One called Regulation Systems Compliance and Integrity -- or Regulation SCI -- is aimed at making automated securities trading systems safer by requiring the many firms that are pieces of the financial market puzzle meet standards for the security of their technology. But Dave Lauer, owner of Step Ahead Technologies Inc., is worried that Regulation SCI is riddled with loopholes because all but the largest private electronic trading platforms -- called dark pools -- are exempted.
"It doesn't matter how much volume you are doing. If you're connected to the national market system, you are a threat. Anything can come through you," Lauer says.
Planning for disruption
To make securities trading more secure, the oversight council proposes:
- More testing exercises by those connected to the financial system, such as exchanges, clearinghouses, data repositories and the utilities that serve them.
- Contingency plans that can handle any stock market problem. Both staff and electronic systems need to be geographically dispersed so a disruption affecting a geographic area doesn't shut down operations.
- A review of the protocols for deciding when to close markets because of problems.
- Better sharing of information between government and companies about cyberattacks, and senior management attention to the issue within firms. The report notes that a dozen financial institutions were hit with distributed denial of service attacks during the last four months of 2012.
Lauer says the cyberattack scenarios haven't drawn enough attention from the financial industry because a high-profile attack hasn't happened yet.
But the industry already is aware of the risks, says Thomas Price, managing director of the Technology, Operations and Business Continuity Group at the Securities Industry and Financial Markets Association, or SIFMA. "(The) frequency and intensity are increasing at a dramatic rate (in) the types of cyberattacks," Price says.