Security risks in danger of being overlooked by Investment firms in rush for MiFID compliance

A panel of leading experts are warning that as financial institutions rush to comply with the EU’s Markets in Financial Instruments Directive (MiFID) 1st November deadline, security risks are in danger of being overlooked, exposing firms to a range of potentially damaging new threats.  
 
“MiFID implementation is complex, involving the coordination of resources across many departments in investment firms. Only a tiny number of firms look like they are on track to hit the 1 November deadline, while the vast majority face a range of challenges over the coming months in their journey to compliance. But as firms get to grips with identifying and storing the vast amounts of information required by MiFID, they need to be mindful that it will expose existing flaws in their security, as well as introduce new threats that they will now have to manage.  Research suggests that the cost of MiFID IT implementation, in the UK alone, is set to surpass ?1 billion, with typical UK investment banks spending upwards of ?10 million each.  Brookcourt solutions are conducting further in-depth research with the Tier-1 investment firms in the UK.” commented Phil Higgins, executive partner at Brookcourt Solutions.
 
Security issues highlighted in initial research by the panel found that the following issues are the key concern of investment firms:
 
1.      The importance of building security into record keeping processes – ensuring the long-term integrity and security of records

2.      There are new risk drivers, which are increasing existing risk and introducing new internal and external risks

3.      Technical solutions exist to many of the security risks that MiFID will introduce – the challenge is getting everything to work together

4.      Some firms have already invested heavily in security solutions and there is an opportunity to repurpose and re-use

5.      There needs to be a change in mindset inside firms – many of the new risks come from “soft’ factors such as people’s behaviour and attitude

6.      Policy management and identity management will be key challenges

7.      Timeliness – the ability to detect intrusions or anomalous behaviour quickly – offers major advantages

8.      Firms that do not tackle security issues raised by MiFID will substantially raise their risk profile and leave themselves open to both reputational damage and legal action.
 
The panel of experts were able to offer three different perspectives on the issues firms are facing. Ovum’s Graham Titterington, a senior and respected business continuity and security analyst, brought his considerable knowledge of the security industry to the table; while PJ Di Giammarino, CEO of financial services industry think tank JWG-IT, contributed a unique perspective gained from two years of research amongst firms and financial services vendors. Brookcourt’s Phil Higgins was able to share his considerable insight resulting from the experience his company has gained from implementing IT solutions in the financial services sector.
 
“With only six months left until “M’ day, firms are waking up to the profound implications MiFID has on business processes and supporting infrastructure” said PJ Di Giammarino “What JWG-IT are saying is that while it’s important to implement compliant processes and systems, these also need to be secure. Security is one of the key topics that our new financial services Technical Special Interest Group (TechSIG) will be looking at over the coming months.”
 
Ovum’s Graham Titterington noted that there was a major market opportunity for security and storage vendors, and that technical solutions to many of the threats being thrown up by MiFID were readily available: “MiFID presents a major opportunity for IT security & storage vendors and service providers,” he commented. “The main requirements lie in the area of secure, long-term and high-volume storage of information, with a rich layer of audit and reporting functionality built on top of it to allow MiFID compliance to be demonstrated. There is a particular challenge in providing this across a fast moving domain with multiple players – such as the financial trading environment.”
 
 
Phil Higgins
Is a Managing Partner at Brookcourt Solutions (www.brookcourtsolutions.com) and has a long track record of both domestic and international IT systems implementation and business consulting. Brookcourt Solutions provides state-of-the-art secure networking solutions that offer measurable business value with unrivalled customer service. The company’s success stems from not only its ability to solve business problems using IT, but also in its capability in identifying new technologies that improves the business environment. Coupled with its key technologies skills, the company offers a wide range of innovative solutions covering Security, Wireless, WAN/LAN, IP Secure Convergence, Compliance, Network Managed Service and Maintenance Solutions.
 
 
PJ Di Giammarino
Is the CEO of Financial Services industry think-tank JWG-IT (www.jwg-it.eu) and former COO IT Barclays Capital. JWG-IT facilitates collaborative work to resolve industry issues created by regulatory change.  Based on a working model started in 2005, JWG-IT has established strong relationships with EU administrators, leading banks and technology companies.  It is neither lobbyist nor consultancy, remaining strictly neutral and deriving its revenues from membership fees and content sales.  The JWG-IT Think-Tank is designed to help members and participants manage regulatory-driven change better, quicker, cheaper and with less risk. 
 
Graham Titterington
Is the Principal Analyst IT security and business continuity at industry consultancy and analyst firm Ovum. Ovum’s primary activity is providing value-added advisory services and consulting to retained and project clients. The company acts as a well-respected and trusted source of industry data, knowledge and expertise on the commercial impact of technology, regulatory and market changes. Ovum engages in continuous research and industry analysis to determine market dynamics in its specialist sectors. The company is now part of the Datamonitor Group.