Three Takeaways from FIA Boca 2024 – The Challenges of Growth and Need for Resilience are Top Concerns

Twelve hundred attendees, twenty countries represented, and three days of meetings: that sums up FIA Boca by the numbers. But what were the big topics of discussion and emerging trends that are shaping the industry? The BornTec team has a few ideas to share from conversations we had with customers and prospects at the futures trading industry’s biggest event of the year.

Growing Volume and Regulations, Shrinking Resources

From 10,000 feet, the futures industry has it very good but from ground level, there are a number of challenges to deal with. Volumes are strong, driven both by a surge in shorter-term options and micro-sized contracts as well as rising interest rates and general economic uncertainty. At the same time, regulatory mandates from governments and exchanges alike paired with constrained budgets and two recent technical disruptions – one a year ago and the other in January of this year –  mean that firms must be creative as they strive for flexibility and resilience.

Cloud Has the Numbers but Operational Resilience Has Everyone’s Attention

FIA Boca witnessed unprecedented levels of sponsorship and participation from the big, cloud hyperscalers with AWS, Google Cloud and Microsoft Azure all showing up in force. However, the number one topic of conversation with colleagues, customers and prospects was the need for improved operational resilience. Recent events have made clear that system outages can arise for any reason, not just the increased threats from ransomware and other cyber challenges. In all, this elevates the importance of resilience planning and vendor management. 

Everyone is Talking About AI but Few are Asking for It

AI was the topic of discussion on several panels but down in the trenches (or, in this case, the Palm Court) managers and their teams are not asking for AI to address their challenges, they only want pragmatic solutions that unite their disparate data and systems. AI shows great promise and will most likely become more embedded in processes but, for right now, the emphasis is on making the most of what they have in the least disruptive ways possible.

The View from BornTec

FIA Boca is a fantastic opportunity to meet with the most important players in the futures and derivatives trading industries and the blend of business and ideas is both enlightening and productive. Overall, the industry is dynamic and growing but there are a number of challenges that must be met. By virtue of our deep industry experience and focus on maximizing data to increase data transparency, improve operational resilience, enhance risk management and improve speed to insight, BornTec is excited to build on top of success as we partner with our clients to deliver outstanding outcomes. Contact us to learn more.

BornTec is a Chicago-based technology solutions firm that provides tools to support surveillance, risk, compliance, and regulatory reporting functions in financial markets. Contact us for a demo of our data resilience solutions.

More

One Year On: Lessons from the ION Ransomware Event

One year ago, the futures industry was well on the way to re-establishing normal operating procedures after a major ransomware event that targeted the critically important and deeply embedded services offered by ION Markets. In the aftermath, the Futures Industry Association (FIA) has taken a proactive path to address the issue of market resilience but on the ground, some very valuable lessons are already being implemented where operational resilience is concerned. As we talk to customers and prospects we have found three key themes that should be addressed before the next market disruption hits: data, agility, and communication.

What To Do NOW to Prepare for Market Disruption

In the past, cybersecurity was approached primarily with a “deep moat / high wall” mentality but the evolution of markets has made such an approach outmoded at best and dangerous at worst. At the same time, in an environment where shrinking budgets and cost compression are a given, it is not possible to install duplicate systems at 2.0x or even 1.5x the existing cost. New approaches are called for.

In this environment, the complex interconnectedness between customers, firms, exchanges, vendors and others calls for an approach that pivots from defense to one that focuses on operational resilience. And while regulators and industry groups have yet to publish definitive rules and regulations regarding resilience requirements, savvy companies are already making changes both because they will almost certainly be required soon and, perhaps most importantly, because they can have a positive impact on performance almost immediately.

Following last year’s ransomware event, several items stand out from our own experience as well as our conversations with both customers and prospects:

  • Know your data: A ransomware event or other technology-based disruption boils down to one thing: a disruption in the normal flow of data. Losing a key source of data or data management can throw a wrench into normal processes. In order to be prepared it is imperative to know where data is coming from, what systems play which roles, how they are interconnected internally or with other parties, and where the business rules reside. With preparation, it is possible to access most, if not all, data even if a key link in the chain of operations is impacted. 
  • Emphasize flexibility:  Behind the shift from defense to resilience is a key tenet: “keep the lights on” as much as possible.  In the future, regulators will be evaluating how well firms were able to maintain core, foundational operations and restore functionality in line with their resilience plan. When last year’s ransomware event occurred, our team at BornTec was able to work quickly with our clients to craft some novel solutions and one lesson that emerged was that having one-click access to data enabled teams to craft the solutions/create the outcomes that were needed.
  • Keep communication flowing: One problem with cyber disruptions is that the next one is rarely like the last one, making it impossible to know with complete certainty how operations will be impacted. With that in mind, it makes sense to take the time to examine your operation and identify the key interdependencies and handoffs that exist and then make certain that those areas have all of the relevant information and contacts that they’ll need when an event happens. It’s a good idea to make this a living document with regular updates and even practice drills. 

It’s Still a Matter of “When, not “If”

Prior to the ION Markets ransomware event last year, industry experts had long said that it was only a matter of time before a major cyber event hit financial markets. While that event proved the experts correct, those same voices are still singing the same refrain: it can, and likely will, happen again.

If that’s the case, then it stands to reason that the issues that were revealed in the 2023 ransomware incident are as relevant now as they were then. Markets are continually increasing in complexity and interdependencies are ever expanding. The reality is that resilience is the key to handling whatever comes next, and BornTec can help with improving operational resilience.

BornTec is a Chicago-based technology solutions firm that provides tools to support surveillance, risk, compliance, and regulatory reporting functions in financial markets. Contact us for a demo of our data resilience solutions.

More

2024: Looking Back / Looking Forward

By nearly any measure, 2023 was a momentous year for the derivatives and trading industries. While higher interest rates led to a realignment of trading strategies and stimulated what is certain to be a record year for trading volumes, other events had tremendous impacts on the industry as well. Turning the page on the calendar is always a good time to reflect on the year that just passed and to take a look ahead to see what might lie ahead in the New Year. Here are three items that caught our attention last year along with some thoughts on what they might mean for 2024 and beyond.

From Ransomware to Resilience

The trading industry got a wake-up call last year when third-party solutions provider ION Markets was hit with a ransomware attack in late February. Some firms were reduced to manual workarounds, slowing processing and raising risk, while others halted activity with select counterparties as the mess was sorted. While such an occurrence had long been discussed the actual event revealed many gaps in processes and other vulnerabilities that needed to be addressed. The Futures Industry Association (FIA) acted quickly to pull industry resources together to produce a comprehensive plan for future action and much more work needs to be done by all parties to increase resilience in their operations. With the EU’s Digital Operational Resilience Act (DORA) slated to be fully implemented by this time in 2025, firms can ill afford to let up in their efforts to automate, digitize, and rationalize their operations. 

BornTec’s take: read our blog post “What’s the ‘Equation’ for Operational Resilience?” to learn more.

Regulation HEATS up

If ransomware weren’t enough, the industry is also facing a seemingly unending rise in the tide of regulation. While exchanges like ICE and the CME are increasing their oversight, in some cases issuing penalties that can rise well into six-figures, the most explicit and direct instance of increasing regulation came from the CFTC. In October, the agency announced a new regulatory stance that closely hewed to the “Heightened Enforcement Accountability and Transparency (HEAT) Test that was first promulgated by Commissioner Christy Goldsmith. The CFTC promised to be more selective in their “neither admit nor deny” approach by seeking more admissions of guilt while simultaneously examining whether or not enforcement penalties were high enough, particularly in cases where firms or individuals committed similar or exact acts in the past. Taken together, resilience and regulation point to a need for firms to tighten up their processes or else pay the price.

BornTec’s take: we took a look at the stricter regulatory line taken by the CFTC in our LinkedIn article, “Bringing the HEAT”.

AI – Always and Everywhere?

You would have to be living under a rock to not recognize how generative artificial intelligence (AI, for short) became the most talked about topic ever since the introduction of ChatGPT in late 2022. It can almost seem that AI stands for “All In” as firms search for ways that they can take advantage of this hot, new trend. There’s a danger in this type of approach, however, as the technology takes precedence over business needs in a proverbial “hammer looking for a nail” scenario. While generative AI will undoubtedly transform nearly every aspect of business operations over time, application should be considered carefully at these early stages. It often makes more sense to focus on the fundamentals of normalizing and codifying data for achieving both short term gains and setting the stage for better results as AI and other technologies are deployed. 

Gartner has tracked “generative AI on its Hype Cycle™…..since 2020…..and the technology has moved from the Innovation Trigger phase to the Peak of Inflated Expectations.”

Looking back / looking forward with BornTec

For BornTec, 2023 was a banner year as we added new features, expanded our product offering and more than doubled our customer base. The new year promises more innovation and expansion as we continue our focus of delivering exceptional efficiencies for the back office and compliance operations for active trading entities across multiple asset classes. We look forward to being a trusted partner as our clients face an increasingly complex and daunting trading and regulatory landscape. Contact us to learn more.

More

What’s the “Equation” for Operational Resilience?

The ION ransomware event that began at the end of January 2023 was an unprecedented occurrence for the global derivatives industry. While there were no cataclysmic outcomes like bankruptcies or market crashes, the industry and its customers faced weeks of disruption and uncertainty as manual processes were required to keep the lights on and the wheels turning. It would be impossible to overstate how significant the event was when, in many instances, statements and margin calculations were days (or more) behind, leading customers and firms to fly blind and resulting in some firms refusing to do business with others, effectively black balling them. In short, it was both a “close call” and a “wake-up call” for the global financial industry.

In response, the Futures Industry Association (FIA) assembled a task force in March 2023 to examine the ransomware event. Composed of “subject matter experts and business leaders of the exchange-traded and cleared derivatives industry, including members from exchanges, clearinghouses, clearing firms, vendors, and end users”, the task force worked diligently to dissect the ION affair and issued a report within six months, on September 28, 2023. 

At first blush, the “FIA Task Force on Cyber Risk – After Action Report and Findings” appears short on details and long on recommendations for further study, new committees, better coordination, and the like. A closer reading, however, reveals that the FIA report is a solid indicator of both the present state and future climate when it comes to cyber risk and operational resilience.

The FIA report presents a six-part “equation” that focuses on communication, integration, coordination, information, standardization, and preparation:

  • Communication: One immediate lesson from the ION ransomware event was the importance of defined communication channels throughout the many tiers of responsibility and interest. Regulators, exchanges, clearing firms as well as third parties, including major cloud providers and other non-traditional vendors, need to have the ability to communicate in the event of any type of disruption. 
  • Integration: The connection and functioning of the trading and clearing function is pretty well established but work is needed to broaden that reach to include other interested parties, including “sector-wide groups that specialize in cybersecurity and operational resilience across the financial services sector.”
  • Coordination: Solid communication and integration plans are essential first steps but efforts need to go beyond initial crisis management to include the critical “what happens next” steps that will get operations back online following a disruption. It is critically important to quickly “right the ship” in a crisis but just as important to get back underway as soon as possible. In the case of the ION event, it took up to three weeks for some firms to fully come back online.
  • Information: A disruption like the ION affair quickly reveals where there are gaps and breakdowns in the transmission and sharing of information. As discussed in our blog post, “Data is a Key Component for Enterprise Resilience”, strong data policies are at the heart of operational resilience as the firm level and the same holds true for the industry as a whole. 
  • Standardization: One way to improve resilience in a future episode is to learn from the most recent event and improve questionnaires and other procedures that are used to assess states of resilience readiness. These standards should be continually evaluated and improved over time.
  • Preparation: Introspection and assessment are all fine and well but they won’t lead to improved results if the lessons learned aren’t applied in an active manner through thorough and continued preparedness testing. The industry is now fully aware of how important this is and should adopt an attitude of continual improvement when it comes to testing.

The Most Important Lesson from the ION Ransomware Event

For several years now, industry experts have sounded the cry that it was only a matter of time before a major cyber event affected financial markets and the ION affair brought those warnings to life. The financial industry is ever more complicated and interconnected and, at the same time, the bad actors of cybercrime are continually increasing both their activities and their sophistication. Every player in the financial services ecosystem must be aware of both current and future requirements for due diligence. At the end of the day, the FIA Task Force report is only the beginning, not the ending, of this episode and its after effects.

BornTec is a Chicago-based technology solutions firm that provides tools to support surveillance, risk, compliance, and regulatory reporting functions in financial markets. Contact us for a demo of our data resilience solutions.

More

Three Takeaways from FIA Expo 2023

FIA Expo is a high point of the year for the futures and derivatives industry. It doesn’t have the glitz and glamor of FIA Boca, held in March each year, or the international appeal of IDX, presented in London in June, or the Asia Derivatives Conference, hosted in Singapore in November, but it is the largest gathering of the bunch and it delivers a real “meat and potatoes” look at the industry. FIA has staged the event as late as November in years past but they moved it up to the first week of October, for 2023 and, in the process, gave all of the attendees a taste of fine Midwestern Fall weather, a condition that is sure to devolve into wind, rain and cold all too soon. 

BornTec was in attendance at the trade show and events at FIA Expo and has a few observations and takeaways to share:

  • FIA has been busy. The week before Expo was a busy one for FIA, as they released two important research papers, one with recommendations on how exchanges should proceed with regard to exchange volatility control mechanisms and the other a report with findings relating to the ION Markets ransomware event in January of this year.Volatility control mechanisms (VCMs) are tools employed by exchanges in times of market stress and may include pre-trade price bands, daily price limits, and other tools used to interrupt trading in times of market stress. In brief, FIA encourages as much transparency as possible for VCMs and, as such, once again displays their leadership as a source of improving market practices.

     

    It’s a little less clear-cut with the ransomware report. The issue is more pervasive and complex. The FIA report seemed to lack succinct recommendations outside of performing further study due diligence. Having said that, it is clear much more work needs to be done in this area and we look forward to the FIA exhibiting clear leadership to ensure that effective results are forthcoming. Banks, FCMs, and other industry participants report that internal work has begun to build processes, meaning that this issue won’t be going away anytime soon, if ever.

 

  • Out with crypto. Crypto was already on its way out last year at Expo, as FIA staff scrambled to black out FTX’s sponsorship mentions on presentations and signage, and it was virtually non-existent on the trade show floor this year. In the Innovators Pavilion, the “shark-tank” competition that highlights emerging technologies, only one firm was crypto related and that firm, Crossover, is essentially a hyperfast platform that most closely replicates prime brokerage. Crypto still has a place in the industry, particularly when it comes to tokenization in areas like repo, but the shine is largely off of the crypto apple. In fact, the beginning of FTX’s Sam Bankman Fried’s fraud trial coincided with the first day of Expo.

 

  • Up with AI. AI, on the other hand, is all the rage. For example, five of the ten firms in the Innovation Pavilion are powered by AI and the two winners chosen by the panel of experts, runner-up CodeComplete and overall winner ClearDox, are AI-based: CodeComplete as an AI-engine for writing proprietary code and ClearDox for the extraction, management and utilization of information in written documentation in the energy, agriculture, and metals markets. ChapGPT captured the public’s attention when it burst onto the scene last November but, like the Alien’s first emergence in the iconic space-horror film of the same name, AI has actually been gestating for some time. There’s a lot more to come. 

Overall, FIA Expo revealed an industry that is strong and dynamic. The past few years have been a challenge and incidents like the ION Markets ransomware event point to a complicated and challenging landscape but, overall, the derivatives industry is in good shape.

What are your thoughts? Please get in touch with any comments or questions.

BornTec is a Chicago-based technology solutions firm that provides tools to support surveillance, risk, compliance, and regulatory reporting functions in financial markets. Contact us for a demo of our data resilience solutions.

More