Risk Management, More Than Just A Book and B Book

This article was written by Jeff Wilkins, Managing Director of ThinkLiquidity.

Brokers face many kinds of risks. Market risk, operational risk, concentration risk, regulatory risk and credit risk are all factors in the day to day operations of a brokerage firm.

Join the Leading Industry Event!

While all these risks need to be considered, many brokers are still behind the times when addressing technological risks. It seems that every week there is some form of a hack or attack on the FX industry and MT4 brokers are an easy target.

It is alarming how vulnerable most MT4 brokers are to attack. Add to this the increasing data security standards imposed by regulators and many brokers find themselves trying cover too many bases at the same time.

Brokers need to address these risks immediately. Below are the key areas on which to focus:

Network Security and Reliability

It is becoming increasingly important to defend your websites and web applications from attacks.  DDoS (Distributed Denial of Service) attacks are up 125% over last year.

Not only are they more frequent, they are becoming more sophisticated and lasting longer. These attacks can be devastating to a brokerage, leaving it unavailable to provide services for hours or even days. Improperly configuring DDoS mitigation can result in data loss, with the potential to never recover from the damage.

Many brokerages try to save money on network reliability to reduce the upfront costs, thereby introducing single points of failure. The best defense against DDoS is to proactively monitor and analyze incoming data so that false requests can be rerouted. Combine a strong defense with a strong network and your brokerage will have the best chance of thwarting these attacks.

Once you are done reading this, please email your hosting provider and ask “What DDoS protection exists in the network where my servers are hosted?”

Hosting Provider Customer Service and Technical Support

We all know that the FX brokerage industry runs around the clock, around the world. You need a hosting provider that understands our industry’s requirements.

Slow customer response, downtime and other issues can affect reputations and bottom lines. Brokers need hosting providers who are highly responsive to market conditions and changing business needs. A responsive provider should address a broker’s needs quickly while handling any technical issues a broker may encounter.

Backups and Disaster Recovery

Disaster recovery and business continuity plans are a critical part of proper risk management.  For a brokerage that relies almost exclusively on electronic trading, the ability to replicate IT infrastructure and data is essential.

Most brokerages do not invest in proper disaster recovery services due to the overheads and lack of an immediate payoff.  While incurring this expense can seem tough to justify, running an entire business with a single point of failure can be devastating if something goes wrong.

No one likes paying for auto insurance, but driving without it is foolhardy.  Treat disaster recovery like you treat insurance.

Security and Compliance            

Do you meet critical security and compliance requirements? Security isn’t just smart, it’s often the law.

The FCA recently issued new guidance for firms looking to outsource IT Security services.  Last year ASIC published a report highlighting the importance of cyber resilience and how cyber risks should be addressed for businesses under ASIC jurisdiction.

If a hosting provider cannot protect a broker’s data, even if there has been no breach, a broker may still be in hot water with regulators or auditors. Brokers need to put security at the top of the list when considering a hosting provider.

Network infrastructure is the backbone of a brokerage. Everybody is fighting to grow volume, increase market share and retain clients. All of this work can be for nothing if the backbone of the business is not strong. Take time out of your day to properly review the above areas of your business.