Exclusive: CySEC Informs Some Brokers They Need to Audit Software
- MiFID II regulations prompt the regulator to mandate technology reviews, but the criteria are unclear.
Sources from the industry have confirmed to Finance Magnates that some brokers have been urged by the CySEC CySEC The Cyprus Securities and Exchange Commission (CySEC) is a financial regulatory authority of Cyprus. CySEC is one of the key watchdog authorities for brokerages in Europe, whose financial regulations and operations comply with the European MiFID financial harmonization law.Founded in 2001, CySEC is instrumental in providing licensing and registration for forex brokers and previously binary options providers.CySEC is responsible for a variety of different functions, which includes the supervision The Cyprus Securities and Exchange Commission (CySEC) is a financial regulatory authority of Cyprus. CySEC is one of the key watchdog authorities for brokerages in Europe, whose financial regulations and operations comply with the European MiFID financial harmonization law.Founded in 2001, CySEC is instrumental in providing licensing and registration for forex brokers and previously binary options providers.CySEC is responsible for a variety of different functions, which includes the supervision Read this Term to undertake technology audits. Stemming from the introduction of the MiFID II regulatory framework, the issue is an obstacle to some companies as the criteria for reviews are not clear.
The move is also resulting in a reinforcement of a trend to outsource technology instead of developing software solutions internally. Smaller and low-mid-sized brokers are the main companies that are suffering from these MiFID II requirements.
Third Party Audits
Since the CySEC and broader European regulators typically lack the necessary expertise to audit software, the audits of technology are conducted by third parties.
The additional burden has been confirmed by a source with intimate knowledge of the industry: “The CySEC doesn't know how to review our technology and there are no standards for firms to follow."
"The vague definitions a broker with generic MT4 and a bridge is getting less scrutiny than those with their own tech built to handle things like latency and Risk Management Risk Management One of the most common terms utilized by brokers, risk management refers to the practice of identifying potential risks in advance. Most commonly, this also involves the analysis of risk and the undertaking of precautionary steps to both mitigate and prevent for such risk.Such efforts are essential for brokers and venues in the finance industry, given the potential for fallout in the face of unforeseen events or crises. Given a more tightly regulated environment across nearly every asset class, One of the most common terms utilized by brokers, risk management refers to the practice of identifying potential risks in advance. Most commonly, this also involves the analysis of risk and the undertaking of precautionary steps to both mitigate and prevent for such risk.Such efforts are essential for brokers and venues in the finance industry, given the potential for fallout in the face of unforeseen events or crises. Given a more tightly regulated environment across nearly every asset class, Read this Term automatically,” the source elaborated.
Strict Definitions and Standards Missing
Definitions used by EU bureaucrats have been too general for firms to be able to affirm with certainty that their technology is on par. The CySEC is merely definitions are mandated from the supranational EU regulator.
Cybersecurity and IT standards have been in place for quite some time, and some companies have taken the steps to get audited and receive ISO certification.
This process, however, has proven to be lengthy and might not be cost-effective for every brokerage size.
ISO Certification
Some rather big companies from the trading industry have been increasingly more interested in obtaining ISO certificates. Major companies in the industry have announced recent certification with the international standardization organization.
Connectivity provider PrimeXM has ISO/IEC certifications 27001 and 27002. Spotware Systems have been actively engaged in the space too, and have been supporting ISO 27001 since 2012. The brokerage company ActivTrades sought the same standard, which certifies that the company is adhering to the best practices for an ISMS (information security management system).
To date, brokers are not required or mandated to adhere to ISO standards. Having such a document, however, can be key in securing institutional business. In the meantime, smaller firms are finding it hard to address the process of certification due to the vague guidance issued by European regulators.
Sources from the industry have confirmed to Finance Magnates that some brokers have been urged by the CySEC CySEC The Cyprus Securities and Exchange Commission (CySEC) is a financial regulatory authority of Cyprus. CySEC is one of the key watchdog authorities for brokerages in Europe, whose financial regulations and operations comply with the European MiFID financial harmonization law.Founded in 2001, CySEC is instrumental in providing licensing and registration for forex brokers and previously binary options providers.CySEC is responsible for a variety of different functions, which includes the supervision The Cyprus Securities and Exchange Commission (CySEC) is a financial regulatory authority of Cyprus. CySEC is one of the key watchdog authorities for brokerages in Europe, whose financial regulations and operations comply with the European MiFID financial harmonization law.Founded in 2001, CySEC is instrumental in providing licensing and registration for forex brokers and previously binary options providers.CySEC is responsible for a variety of different functions, which includes the supervision Read this Term to undertake technology audits. Stemming from the introduction of the MiFID II regulatory framework, the issue is an obstacle to some companies as the criteria for reviews are not clear.
The move is also resulting in a reinforcement of a trend to outsource technology instead of developing software solutions internally. Smaller and low-mid-sized brokers are the main companies that are suffering from these MiFID II requirements.
Third Party Audits
Since the CySEC and broader European regulators typically lack the necessary expertise to audit software, the audits of technology are conducted by third parties.
The additional burden has been confirmed by a source with intimate knowledge of the industry: “The CySEC doesn't know how to review our technology and there are no standards for firms to follow."
"The vague definitions a broker with generic MT4 and a bridge is getting less scrutiny than those with their own tech built to handle things like latency and Risk Management Risk Management One of the most common terms utilized by brokers, risk management refers to the practice of identifying potential risks in advance. Most commonly, this also involves the analysis of risk and the undertaking of precautionary steps to both mitigate and prevent for such risk.Such efforts are essential for brokers and venues in the finance industry, given the potential for fallout in the face of unforeseen events or crises. Given a more tightly regulated environment across nearly every asset class, One of the most common terms utilized by brokers, risk management refers to the practice of identifying potential risks in advance. Most commonly, this also involves the analysis of risk and the undertaking of precautionary steps to both mitigate and prevent for such risk.Such efforts are essential for brokers and venues in the finance industry, given the potential for fallout in the face of unforeseen events or crises. Given a more tightly regulated environment across nearly every asset class, Read this Term automatically,” the source elaborated.
Strict Definitions and Standards Missing
Definitions used by EU bureaucrats have been too general for firms to be able to affirm with certainty that their technology is on par. The CySEC is merely definitions are mandated from the supranational EU regulator.
Cybersecurity and IT standards have been in place for quite some time, and some companies have taken the steps to get audited and receive ISO certification.
This process, however, has proven to be lengthy and might not be cost-effective for every brokerage size.
ISO Certification
Some rather big companies from the trading industry have been increasingly more interested in obtaining ISO certificates. Major companies in the industry have announced recent certification with the international standardization organization.
Connectivity provider PrimeXM has ISO/IEC certifications 27001 and 27002. Spotware Systems have been actively engaged in the space too, and have been supporting ISO 27001 since 2012. The brokerage company ActivTrades sought the same standard, which certifies that the company is adhering to the best practices for an ISMS (information security management system).
To date, brokers are not required or mandated to adhere to ISO standards. Having such a document, however, can be key in securing institutional business. In the meantime, smaller firms are finding it hard to address the process of certification due to the vague guidance issued by European regulators.