A panel of leading experts are warning that, as financial institutions rush to comply with the European Union’s Markets in Financial Instruments Directive (MiFID) 1 November deadline, security risks are in danger of being overlooked, exposing firms to a range of potentially damaging new threats.
Research suggests that the cost of MiFID IT implementation, in the UK alone, is set to surpass £1 billion, with typical UK investment banks spending upwards of £10 million each.
Security issues highlighted in initial research by the panel found that the following issues are the key concern of investment firms:
- The importance of building security into record keeping processes – ensuring the long-term integrity and security of records
- There are new risk drivers, which are increasing existing risk and introducing new internal and external risks
- Technical solutions exist to many of the security risks that MiFID will introduce – the challenge is getting everything to work together
- Some firms have already invested heavily in security solutions and there is an opportunity to repurpose and re-use
- There needs to be a change in mindset inside firms – many of the new risks come from ‘soft’ factors such as people’s behaviour and attitude
- Policy management and identity management will be key challenges
- Timeliness – the ability to detect intrusions or anomalous behaviour quickly - offers major advantages
- Firms that do not tackle security issues raised by MiFID will substantially raise their risk profile and leave themselves open to both reputational damage and legal action.
“But as firms get to grips with identifying and storing the vast amounts of information required by MiFID, they need to be mindful that it will expose existing flaws in their security, as well as introduce new threats that they will now have to manage,” said Phil Higgins, executive partner at IT and networks security company and panel sponsor, Brookcourt Solutions.
The panel of experts were able to offer three different perspectives on the issues firms are facing. Ovum senior analyst, Graham Titterington said: “The main requirements lie in the area of secure, long-term and high-volume storage of information, with a rich layer of audit and reporting functionality built on top of it to allow MiFID compliance to be demonstrated. There is a particular challenge in providing this across a fast moving domain with multiple players – such as the financial trading environment."
“With only six months left until ‘M’ day, firms are waking up to the profound implications MiFID has on business processes and supporting infrastructure” commented PJ Di Giammarino, Barclays Capital chief IT operations officer and chief executive of financial services industry think-tank JWG-IT [www.jwg-it.eu].
“What JWG-IT are saying is that while it’s important to implement compliant processes and systems, these also need to be secure. Security is one of the key topics that our new financial services Technical Special Interest Group (TechSIG) will be looking at over the coming months.”