2024: Looking Back / Looking Forward

By nearly any measure, 2023 was a momentous year for the derivatives and trading industries. While higher interest rates led to a realignment of trading strategies and stimulated what is certain to be a record year for trading volumes, other events had tremendous impacts on the industry as well. Turning the page on the calendar is always a good time to reflect on the year that just passed and to take a look ahead to see what might lie ahead in the New Year. Here are three items that caught our attention last year along with some thoughts on what they might mean for 2024 and beyond.

From Ransomware to Resilience

The trading industry got a wake-up call last year when third-party solutions provider ION Markets was hit with a ransomware attack in late February. Some firms were reduced to manual workarounds, slowing processing and raising risk, while others halted activity with select counterparties as the mess was sorted. While such an occurrence had long been discussed the actual event revealed many gaps in processes and other vulnerabilities that needed to be addressed. The Futures Industry Association (FIA) acted quickly to pull industry resources together to produce a comprehensive plan for future action and much more work needs to be done by all parties to increase resilience in their operations. With the EU’s Digital Operational Resilience Act (DORA) slated to be fully implemented by this time in 2025, firms can ill afford to let up in their efforts to automate, digitize, and rationalize their operations. 

BornTec’s take: read our blog post “What’s the ‘Equation’ for Operational Resilience?” to learn more.

Regulation HEATS up

If ransomware weren’t enough, the industry is also facing a seemingly unending rise in the tide of regulation. While exchanges like ICE and the CME are increasing their oversight, in some cases issuing penalties that can rise well into six-figures, the most explicit and direct instance of increasing regulation came from the CFTC. In October, the agency announced a new regulatory stance that closely hewed to the “Heightened Enforcement Accountability and Transparency (HEAT) Test that was first promulgated by Commissioner Christy Goldsmith. The CFTC promised to be more selective in their “neither admit nor deny” approach by seeking more admissions of guilt while simultaneously examining whether or not enforcement penalties were high enough, particularly in cases where firms or individuals committed similar or exact acts in the past. Taken together, resilience and regulation point to a need for firms to tighten up their processes or else pay the price.

BornTec’s take: we took a look at the stricter regulatory line taken by the CFTC in our LinkedIn article, “Bringing the HEAT”.

AI – Always and Everywhere?

You would have to be living under a rock to not recognize how generative artificial intelligence (AI, for short) became the most talked about topic ever since the introduction of ChatGPT in late 2022. It can almost seem that AI stands for “All In” as firms search for ways that they can take advantage of this hot, new trend. There’s a danger in this type of approach, however, as the technology takes precedence over business needs in a proverbial “hammer looking for a nail” scenario. While generative AI will undoubtedly transform nearly every aspect of business operations over time, application should be considered carefully at these early stages. It often makes more sense to focus on the fundamentals of normalizing and codifying data for achieving both short term gains and setting the stage for better results as AI and other technologies are deployed. 

Gartner has tracked “generative AI on its Hype Cycle™…..since 2020…..and the technology has moved from the Innovation Trigger phase to the Peak of Inflated Expectations.”

Looking back / looking forward with BornTec

For BornTec, 2023 was a banner year as we added new features, expanded our product offering and more than doubled our customer base. The new year promises more innovation and expansion as we continue our focus of delivering exceptional efficiencies for the back office and compliance operations for active trading entities across multiple asset classes. We look forward to being a trusted partner as our clients face an increasingly complex and daunting trading and regulatory landscape. Contact us to learn more.


BornTec In Action: Exchange Compliance – Proactively Manage a Persistent Problem

Life for those responsible for compliance functions at futures brokerage firms is never easy. Doing more than less is imperative as headcount is reduced while, at the same time, trading volumes increase and new products are added. In addition, exchanges and regulators have stringent requirements for reporting and recordkeeping, requirements that have become more strict of late with initiatives such as the recent CFTC enforcement initiative, sometimes referred to as HEAT, and increasing fines and penalties from exchanges.

Fortunately, BornTec has the experience and insight necessary to create processes and reports that comply with requirements and provide support staff with time-saving tools that make the most of scarce resources by providing an enterprise solution to meet their needs. A good case in point is exchange compliance. 

What is Exchange Compliance?

In the course of day-to-day business, order routing compliance is required by exchanges to process, record, and report on a number of different types of information, and significant monetary penalties are often doled out if these tasks are not handled correctly. Important categories include FIX tags for trader/operator ID and location, block trades, and algo trading. Some of the specifics include:

  • CME Operator ID (Tag 50)
    • Operator IDs, also known as Tag 50 IDs, are FIX tags that identify trading participants that access and submit messages to or from CME Globex and are used to identify authorized individuals (individuals, terminal / algorithm operators – Automated Trading System (ATS) teams (head trader, ATS team members). Tag 50s are audited by exchanges and misuse or mislabeling of Tag 50 IDs often results in fines.
  • Block Trades
    • The rules and requirements pertaining to block trades are very complicated. Block trades are only permitted in specified products and are subject to minimum transaction size minimums, which vary according to the product, the type of transaction (e.g. outright, spread, or option) and the time of execution. At a major exchange like CME Group the number of combinations for these parameters runs into the thousands. Many exchange compliance fines arise from mishandling or misreporting of block trade transactions within a specified time period and these fines can run into the tens of thousands of dollars.
  • Manual Order Indicator (Tag 1028)
    • Both CME Group and ICE Futures U.S. require that FIX Tag 1028 be validly populated for all orders. Tag 1028 differentiates between manual and automated order entry with a manual order being one that is submitted by an individual “button pusher” (e.g., mouse, keyboard, touchscreen), whose terms are not modified by an algorithm after submission, and are submitted to the exchange without delay. Clearing firms are required as well to ensure that their client’s orders are correctly labeled and are responsible if they are not.
  • CME Tag 142
    • CME Group requires each order be tagged with the originating location in tag 142. This sender location ID is populated with the ISO code for the physical location of the individual or team head trader identified by the Operator ID in the message.
  • MiFID II Short Codes and Algo Codes
    • MiFID II, a European regulatory regime, requires that specific short codes be used as well as codes for algo (non-”button pusher”) orders. Short codes of the natural persons who are primarily responsible for both the execution and investment decision (if applicable) must be available for submission in the MiFID fields and registered with the trading venues.

BornTec Exchange Compliance In Action

With a multitude of requirements and very real monetary consequences for non-compliance, exchange compliance can be a daunting task. Fortunately, the professional team at BornTec has decades of experience in the trading industry and are experts in data, automation, and finding creative solutions to hard problems. In most cases, enabling any exchange compliance function is automated to the point of simplicity by BornTec, making it possible to perform the needed actions by simply checking a box. 

BornTec automates the handling of exchange compliance, fulfilling the required duties without the need for any intervention or maintenance on the part of compliance staff. The BornTec process for handling exchange compliance is a four step, recurring cycle:

  1. 1) Alert configuration: Determine the specific requirements that your business must adhere to and configure the relevant monitors.
  2. 2) Data discovery: Identify the precise information to be monitored and enable automated data discovery, imports and/or manual configuration from disparate sources and systems. 
  3. 3) Event alerting: With real-time monitoring, alerts are created with context for detailed insights and delivered in an intuitive and easy to configure dashboard.
  4. 4) Resolution: To speed processing and reduce noise, alerts are designed to provide pinpoint accuracy to rapidly identify issues and enable the ability to quickly correct configurations.

As rules and requirements change and evolve, so too are the parameters adjusted using the same four-step process. 

Managing Exchange Compliance with BornTec

At a time when enforcement activity by the regulators is on the increase and exchanges are increasingly strict in the application of their rules, it pays to choose a partner that understands your business and can proactively help you manage your responsibilities. With preparation, there is no need to scramble or put additional hands to work when an exchange query is received because all of the information that you need will have already been collected and available in one place. BornTec can help manage your requirements, bringing both peace of mind and a lower likelihood of fines from regulators or exchange.

To find out how BornTec can help manage your exchange compliance obligations, as well as other critical middle and back office tasks, contact us today for a call or demo. 

Further Information

  1. CME Group Market Regulation Home Page
  2. CME Group User Help System: Registering and Managing Operator IDs (Tag 50)
  3. CME Group Client Systems Wiki: Point of Order Origination (including Tags 142 and 1028)
  4. CME Group Block Trades
  5. ICE Futures U.S. Regulation Home Page
  6. ICE Futures Europe Regulation Home Page
  7. ICE Futures U.S. Tag 1028 FAQ 
  8. ICE Futures U.S. Block Trade FAQ
  9. Eurex Rules & Regulations
  10. Eurex MiFID II/MiFIR order flagging requirements: Short code solution enhancement

 Read our take on CFTC HEAT on the BornTec LinkedIn page.


What’s the “Equation” for Operational Resilience?

The ION ransomware event that began at the end of January 2023 was an unprecedented occurrence for the global derivatives industry. While there were no cataclysmic outcomes like bankruptcies or market crashes, the industry and its customers faced weeks of disruption and uncertainty as manual processes were required to keep the lights on and the wheels turning. It would be impossible to overstate how significant the event was when, in many instances, statements and margin calculations were days (or more) behind, leading customers and firms to fly blind and resulting in some firms refusing to do business with others, effectively black balling them. In short, it was both a “close call” and a “wake-up call” for the global financial industry.

In response, the Futures Industry Association (FIA) assembled a task force in March 2023 to examine the ransomware event. Composed of “subject matter experts and business leaders of the exchange-traded and cleared derivatives industry, including members from exchanges, clearinghouses, clearing firms, vendors, and end users”, the task force worked diligently to dissect the ION affair and issued a report within six months, on September 28, 2023. 

At first blush, the “FIA Task Force on Cyber Risk – After Action Report and Findings” appears short on details and long on recommendations for further study, new committees, better coordination, and the like. A closer reading, however, reveals that the FIA report is a solid indicator of both the present state and future climate when it comes to cyber risk and operational resilience.

The FIA report presents a six-part “equation” that focuses on communication, integration, coordination, information, standardization, and preparation:

  • Communication: One immediate lesson from the ION ransomware event was the importance of defined communication channels throughout the many tiers of responsibility and interest. Regulators, exchanges, clearing firms as well as third parties, including major cloud providers and other non-traditional vendors, need to have the ability to communicate in the event of any type of disruption. 
  • Integration: The connection and functioning of the trading and clearing function is pretty well established but work is needed to broaden that reach to include other interested parties, including “sector-wide groups that specialize in cybersecurity and operational resilience across the financial services sector.”
  • Coordination: Solid communication and integration plans are essential first steps but efforts need to go beyond initial crisis management to include the critical “what happens next” steps that will get operations back online following a disruption. It is critically important to quickly “right the ship” in a crisis but just as important to get back underway as soon as possible. In the case of the ION event, it took up to three weeks for some firms to fully come back online.
  • Information: A disruption like the ION affair quickly reveals where there are gaps and breakdowns in the transmission and sharing of information. As discussed in our blog post, “Data is a Key Component for Enterprise Resilience”, strong data policies are at the heart of operational resilience as the firm level and the same holds true for the industry as a whole. 
  • Standardization: One way to improve resilience in a future episode is to learn from the most recent event and improve questionnaires and other procedures that are used to assess states of resilience readiness. These standards should be continually evaluated and improved over time.
  • Preparation: Introspection and assessment are all fine and well but they won’t lead to improved results if the lessons learned aren’t applied in an active manner through thorough and continued preparedness testing. The industry is now fully aware of how important this is and should adopt an attitude of continual improvement when it comes to testing.

The Most Important Lesson from the ION Ransomware Event

For several years now, industry experts have sounded the cry that it was only a matter of time before a major cyber event affected financial markets and the ION affair brought those warnings to life. The financial industry is ever more complicated and interconnected and, at the same time, the bad actors of cybercrime are continually increasing both their activities and their sophistication. Every player in the financial services ecosystem must be aware of both current and future requirements for due diligence. At the end of the day, the FIA Task Force report is only the beginning, not the ending, of this episode and its after effects.

BornTec is a Chicago-based technology solutions firm that provides tools to support surveillance, risk, compliance, and regulatory reporting functions in financial markets. Contact us for a demo of our data resilience solutions.


Three Takeaways from FIA Expo 2023

FIA Expo is a high point of the year for the futures and derivatives industry. It doesn’t have the glitz and glamor of FIA Boca, held in March each year, or the international appeal of IDX, presented in London in June, or the Asia Derivatives Conference, hosted in Singapore in November, but it is the largest gathering of the bunch and it delivers a real “meat and potatoes” look at the industry. FIA has staged the event as late as November in years past but they moved it up to the first week of October, for 2023 and, in the process, gave all of the attendees a taste of fine Midwestern Fall weather, a condition that is sure to devolve into wind, rain and cold all too soon. 

BornTec was in attendance at the trade show and events at FIA Expo and has a few observations and takeaways to share:

  • FIA has been busy. The week before Expo was a busy one for FIA, as they released two important research papers, one with recommendations on how exchanges should proceed with regard to exchange volatility control mechanisms and the other a report with findings relating to the ION Markets ransomware event in January of this year.Volatility control mechanisms (VCMs) are tools employed by exchanges in times of market stress and may include pre-trade price bands, daily price limits, and other tools used to interrupt trading in times of market stress. In brief, FIA encourages as much transparency as possible for VCMs and, as such, once again displays their leadership as a source of improving market practices.


    It’s a little less clear-cut with the ransomware report. The issue is more pervasive and complex. The FIA report seemed to lack succinct recommendations outside of performing further study due diligence. Having said that, it is clear much more work needs to be done in this area and we look forward to the FIA exhibiting clear leadership to ensure that effective results are forthcoming. Banks, FCMs, and other industry participants report that internal work has begun to build processes, meaning that this issue won’t be going away anytime soon, if ever.


  • Out with crypto. Crypto was already on its way out last year at Expo, as FIA staff scrambled to black out FTX’s sponsorship mentions on presentations and signage, and it was virtually non-existent on the trade show floor this year. In the Innovators Pavilion, the “shark-tank” competition that highlights emerging technologies, only one firm was crypto related and that firm, Crossover, is essentially a hyperfast platform that most closely replicates prime brokerage. Crypto still has a place in the industry, particularly when it comes to tokenization in areas like repo, but the shine is largely off of the crypto apple. In fact, the beginning of FTX’s Sam Bankman Fried’s fraud trial coincided with the first day of Expo.


  • Up with AI. AI, on the other hand, is all the rage. For example, five of the ten firms in the Innovation Pavilion are powered by AI and the two winners chosen by the panel of experts, runner-up CodeComplete and overall winner ClearDox, are AI-based: CodeComplete as an AI-engine for writing proprietary code and ClearDox for the extraction, management and utilization of information in written documentation in the energy, agriculture, and metals markets. ChapGPT captured the public’s attention when it burst onto the scene last November but, like the Alien’s first emergence in the iconic space-horror film of the same name, AI has actually been gestating for some time. There’s a lot more to come. 

Overall, FIA Expo revealed an industry that is strong and dynamic. The past few years have been a challenge and incidents like the ION Markets ransomware event point to a complicated and challenging landscape but, overall, the derivatives industry is in good shape.

What are your thoughts? Please get in touch with any comments or questions.

BornTec is a Chicago-based technology solutions firm that provides tools to support surveillance, risk, compliance, and regulatory reporting functions in financial markets. Contact us for a demo of our data resilience solutions.


BornTec in Action: Audit Trail Compliance – Managing Complex Reporting Functions

Pop quiz: When it comes to functions performed in a trading or clearing operations, audit trail compliance:

  1. A) Makes little or no contribution to a business’s revenue line
  2. B) Is mandated by regulators like the CFTC
  3. C) Appears simple on the surface but is actually naggingly complex
  4. D) All of the above

Unfortunately, the answer is D.

However, the good news is that audit trail compliance, a component of CrossCheckTM from BornTec, can make this unpleasant task easy and, in the process, deliver both regulatory cover, greater operational efficiency and enhanced business insights. 

Challenges with Audit Trail Compliance (ATC)

The unification of trade flow data is a persistent and often difficult component of managing compliance responsibilities. Tracking and reporting on all trading activity is a seemingly simple exercise but it winds up being very complex in a real world setting. In the derivatives world, compliance is mandated by the CFTC but enforced by the individual exchanges, e.g. CME Group or ICE. 

Some of the challenges with ATC are:

  • Lack of uniformity in both information provided and reporting required by and among exchanges
  • Multiple ISV sources, e.g. TT, Fidessa, or CQG, that deliver what amounts to unstructured data due to a lack of consistent formatting 
  • Unique and non-standardized direct market access (DMA) feeds
  • Changes to source files and formats that lead to incorrect or incomplete data capture 
  • Difficulty in tracking and accounting for missing or incorrect files in real time
  • Requests for audit trail information may come a year or more after the fact: the CFTC requires that records be retained for 5 years
  • Fines from exchanges for non-compliance with rules and regulations

Given the complex and diverse data challenges involved, it pays to fully understand the issues to be faced. In order to fully manage audit trail requirements, a number of steps must be incorporated:

  1. Data retrieval: There are a large number of data sources so it makes sense to utilize automated data retrieval via SFTP or other standardized format wherever possible.
  2. File validation: Begin with a check to ensure that the file received is valid and proceed to confirm that the correct structure of rows and fields is in place.
  3. Data normalization: the format of data varies between sources so it needs to be parsed and recorded so that it fits within required data parameters in a common schema.
  4. Completeness checks: Data must contain all required information but is often deficient. Consuming and comparing to drop copy data is a check to fulfill this requirement.
  5. Query and export: data must be accessible in order to have value so a final step is to build out functionality that allows for easy querying and export of audit trail records. This information can then be combined with other trade data to deliver unique insights into market activity.

Audit Trail Compliance in CrossCheckTM from BornTec

ATC may be an unpleasant but necessary task in trade processing but it can be efficiently handled with the right tools. The ATC solution in CrossCheckTM has a number of winning attributes.

  • Completeness verification: Missing files, empty files or incomplete data are common problems that are routinely flagged and managed.
  • Full data validation: Vendor code changes can be common and lead to data corruption or inconsistency with respect to exchange requirements. Our ATC module allows you to stay on top of these changes.
  • Rapid Data Retrieval: Data that is stored on a file server is inaccessible to most personnel; searches take days-weeks. Our solution puts data and reports right at your fingertips. 
  • Format Auto Detections: Vendors often change the format of their files, making data searches and audit trail reconstructions difficult. We can readily flag discrepancies and our team stays on top of issues that are common to the industry. 

On its surface, ATC is one of those “no win” functions in a clearing operation that has nothing but downside: it is a non-revenue producing task but can lead to regulatory fines if it is handled incorrectly. In reality, a complete audit trail picture can be combined with other data to enhance risk management and trading analytics, increasing insight for the enterprise. ATC from BornTec delivers on all counts.

BornTec is a Chicago-based technology solutions firm that provides tools to support surveillance, risk, compliance, and regulatory reporting functions in financial markets. Contact us for a demo of our data resilience solutions.


Challenges Ahead for a Healthy Derivatives Industry

FIA IDX in London is one of the bellwether events for the international trading community, and the 2023 edition shone a spotlight on an industry that is experiencing strong growth while simultaneously dealing with the challenges brought along by rising volatility and outside threats like cybercrime. The record 1,100+ attendees attest to the health of the industry while the topics discussed highlighted the many challenges that must be faced in order to maintain that strength. In particular, panels on the future of markets, operational efficiencies, and operations resilience highlighted key areas that are attracting the attention and resources of participants.

Top Challenges for the Derivatives Trading Industry

The derivatives industry is seeing robust growth but that growth presents challenges that must be met. Three panels, in particular, brought these challenges into focus:

  • The future of markets: After years of low-interest rates and relatively quiet market volatility, risk is back. As a result, there is a heightened interest in improving real-time risk management in order to gain an understanding of a true risk management profile. To achieve the best results and drive innovation, collaboration is needed across the technology and operations stack. 
  • Operational efficiencies: Operations is the backbone that drives risk discipline and it requires good data in order to map the risk landscape. There are automation gaps in derivatives markets that must be addressed and new technology approaches, including low code / no code automations, are assisting in these efforts. More standardization of data from exchanges and CCPs is needed because high-quality, reliable data is a necessity to be able to grow safely at scale.
  • Operations resilience: The ION Post Trade Processing ransomware incident makes it plain that it’s not a matter of “if” but “when” a cyber event will affect an enterprise’s operations. A top-down understanding of infosec is required, with constant training around a response plan required. Collaboration, internally and with partners and competitors alike, is key and the industry is making great strides in these areas.

Building on Trust in International Markets

Trending topics get the headlines but it’s the nuts and bolts issues that most accurately reflect where the hard work in the derivatives trading industry is being done. Crypto was the buzz topic in recent years, and that focus has now shifted to AI, but the lessons learned from the systemic stresses encountered during the Covid 19 pandemic and, more recently, with the ION Trading ransomware event indicate where the difficult challenges are being met. 

In his opening remarks at IDX, FIA President and CEO Walt Lukken emphasized trust as a key to industry success. Pointing out that trust is “gained over a long time but lost in a moment”, Lukken noted that “in global derivatives markets, we need each other more than ever to overcome challenges, understand our differences, and find collective solutions that benefit our markets – and the global economy as a whole.” Trust is the essential foundation on which success is built. In that regard, the international derivatives industry is in very good shape.

BornTec is a Chicago-based technology solutions firm that provides tools to support surveillance, risk, compliance, and regulatory reporting functions in financial markets. Contact us for a demo of our data resilience solutions.