Less than 30 days until new FCA regulatory rules come into effect.
The Financial Conduct Authority is no longer comfortable with frequent outages and the unregulated adoption of new technologies. From 31 March, new rules and guidelines to strengthen operational resilience comes into force. The article highlights the impact of the rules, enabling operational resiliency and the challenges that follow.
A year since the FCA’s initial announcement, the new rules and guidance on strengthening operational resilience in the financial services sector will become effective on 31 March. Firms must have identified their vital business services, established impact tolerances, and carried out mapping and testing to a level of sophistication by then. Also, they will have identified vulnerabilities in their operational resilience.
Operational resilience has become a global concern, not restricted to the UK and frequently covered in reports when leading industry participants like Fidelity, Charles Schwab or stock exchanges themselves fall foul. Resilience is likely to remain in the spotlight with the advent of evolving digital technologies like cloud-based microservice applications.
Enabling Operational Resilience
Firms cannot optimize what firms don’t know
Microservices based applications usually run across numerous servers, VMs, containers, and serverless functions in data centres, cloud, or the edge. Considering all these moving parts, keeping a finger on critical market data infrastructure is crucial. DevOps teams (development and operations) must be capable of instantly processing massive quantities of data for issue resolutions, determining their root cause and patching before clients and revenues are impacted - creating demand for mosaicOA, a robust monitoring and observability solution.
Multiple sources agree that observability is a critical tool to improve operational resilience, especially in the capital markets where volatility can cause firms to suffer from capacity issues and subsequent disruption, as discussed previously. The challenge is that most traditional human-led analytics or IT monitoring solutions are reactive, potentially resulting in outages like those at the Australian Securities Exchange (ASX), where it launched a trading system before it was ready.
An alternative to costly repetitive outages is implementing a robust observability solution, like mosaicOA, which offers predictive IT analytics to enable action before an issue occurs.
As the last article highlighted, the advent of cloud-based infrastructure is rapidly becoming critical for firms to remain competitive. Also, a separate FCA regulation will require firms to scrutinize their third-party vendors and cloud service providers (CSP) much more closely. This regulatory and industry trend combination poses two challenges to financial firms;
Cloud services or platforms usually possess a proprietary monitoring solution. However, a survey of more than 1,300 CIOs and senior IT practitioners found that firms usually had five cloud environments and seven different infrastructure monitoring solutions on average. Inevitably this means there will be observability blind-spots in multi-cloud environments, an increased risk to digital transformation where there is no easy way to monitor infrastructure end-to-end, according to 61% of respondents.
With DevOps teams constantly switching between monitoring solutions, it’s no wonder that 58% of survey respondents said infrastructure management was a drain on resources and that 57% said it was difficult to optimize infrastructure performance and resource consumption.
Firms cannot optimize what firms don’t know.
To resolve this dilemma, a holistic observability and monitoring tool is the optimal solution so that team do not have to stitch various datasets and tools together to grasp a situation.
Out of the box, mosaicOA can connect and integrate with monitoring systems or restful APIs. The cloud-based solution provides incredible power and holistic insight to support teams in understanding tangible infrastructure behaviour without any stitching required - a feature that would have benefitted the ASX.
The incoming rules on outsourcing and operational resilience mean firms must update contract permissions, including permitting firms to test CSP performance levels, inspect relevant premises and access outsource-related data. Since the rules are built-on third-party dependencies, logical and reasonable - right?
Based on the findings above and using the CME Group’s partnership with Google as an example, economies of scale suggest a different perspective. Assuming the Google Cloud Platform is the only cloud provider, each managed service provider maintaining the five cloud environments and the seven individual monitoring solutions will need auditing. If we include micro-service application vendors and more infrastructure environments, complexities emerge.
A proposed solution is “supplier rationalization”, also known as supply base reduction (SBR). By rationalizing vendors, firms can limit the number of audits to a streamlined list of best-practice vendors that meet regulatory requirements and serve multiple business needs as a one-stop shop.
For example: Awarded “Best Specialist Market Data Consultancy” for three consecutive years, CJC provides multiple services to the financial industry (Consultancy; SRE driven operational support; Cloud solutions; Predictive IT analytics and Commercial management). It is ISO 27001 certified, complies from a security perspective, has ITIL + Agile based frameworks and zero-trust disciplines in place.
mosaicOA is a powerful IT observability SaaS solution that consolidates large data sets in real-time, enabling fast and accurate insights into critical capital markets infrastructure - including Refinitiv RTDS (TREP), Bloomberg, Exegy, and Solace. The ability to visualize market data infrastructure holistically means users can precisely assess systems’ performance and provide greater control over IT costs and capacity.
For more information, contact us or:
Tel: +44 203 328 7600