Nasdaq Stockholm, Clearing Fined by Swedish Regulator for Lax Security

by Jeff Patterson
  • Swedish Regulator Finansinspektionen has fined Nasdaq Stockholm and Nasdaq Clearing a collective $6 million.
Nasdaq Stockholm, Clearing Fined by Swedish Regulator for Lax Security
Bloomberg
Join our Telegram channel

There presently exists a wide disparity in the levels of security and Risk Management deployed at institutional venues amidst a rising specter of cyber crime. Unfortunately, not all groups take this threat seriously, as Nasdaq Stockholm and its derivatives Clearing operation found itself facing a SEK 55 million ($6.0 million) fine for lax security measures.

To unlock the Asian market, register now to the iFX EXPO in Hong Kong.

Swedish regulatory authorities are in the midst of a crackdown to help shore up cyber security protocols in the country. Like many other regulators worldwide, an uptick in cyber crime has prompted action from groups in a bid to buttress their own infrastructures against hacking.

However, an investigation conducted by Finansinspektionen (FI), a Swedish public authority that helps police its domestic financial services industry, found that Nasdaq Stockholm and its derivatives clearing operation were unacceptably lax in their oversight of information security services provided by US parent company Nasdaq.

The regulator levied a $6 million fine after the risk management protocols in place at both operations failed to clarify the adequacy of the services provided nor effectively take local conditions into consideration. Nasdaq Stockholm was forced to pay a $3.3 million penalty (SEK 30 million), while Nasdaq Clearing was slapped with a $2.7 million (SEK 25 million) fine.

According to a recent regulatory statement from FI regarding its findings and consequent action: "FI finds that neither Nasdaq Clearing nor Nasdaq Stockholm have acquired the information required to assess the quality of the delivered services and place sufficient requirements on the service provider."

"FI has also identified that the companies’ continuity guidelines and emergency plans were prepared without considering a scenario that manages the risk of cyber attacks. Both companies have demonstrated deficiencies of such a degree that FI has made the assessment that there are grounds on which to intervene against them,” the watchdog group added.

There presently exists a wide disparity in the levels of security and Risk Management deployed at institutional venues amidst a rising specter of cyber crime. Unfortunately, not all groups take this threat seriously, as Nasdaq Stockholm and its derivatives Clearing operation found itself facing a SEK 55 million ($6.0 million) fine for lax security measures.

To unlock the Asian market, register now to the iFX EXPO in Hong Kong.

Swedish regulatory authorities are in the midst of a crackdown to help shore up cyber security protocols in the country. Like many other regulators worldwide, an uptick in cyber crime has prompted action from groups in a bid to buttress their own infrastructures against hacking.

However, an investigation conducted by Finansinspektionen (FI), a Swedish public authority that helps police its domestic financial services industry, found that Nasdaq Stockholm and its derivatives clearing operation were unacceptably lax in their oversight of information security services provided by US parent company Nasdaq.

The regulator levied a $6 million fine after the risk management protocols in place at both operations failed to clarify the adequacy of the services provided nor effectively take local conditions into consideration. Nasdaq Stockholm was forced to pay a $3.3 million penalty (SEK 30 million), while Nasdaq Clearing was slapped with a $2.7 million (SEK 25 million) fine.

According to a recent regulatory statement from FI regarding its findings and consequent action: "FI finds that neither Nasdaq Clearing nor Nasdaq Stockholm have acquired the information required to assess the quality of the delivered services and place sufficient requirements on the service provider."

"FI has also identified that the companies’ continuity guidelines and emergency plans were prepared without considering a scenario that manages the risk of cyber attacks. Both companies have demonstrated deficiencies of such a degree that FI has made the assessment that there are grounds on which to intervene against them,” the watchdog group added.

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}