The market for derivatives clearing and prime services has undergone significant structural change over the last few years. Firms now face a number of new challenges, some of which have the potential to throw the viability of entire business lines into doubt. Based on joint work with Promontory and Minium, let’s take a closer look at the main challenges these organizations face and outline initial steps they need to take to overcome them.

Navigating a New Compliance Landscape

Compliance requirements are accelerating. Financial regulators around the world are placing a greater onus on top management to set and take accountability for effective cybersecurity policies and programs.

The U.S. Federal Trade Commission (FTC) now has authority to take action against organizations that fail to protect consumer information against cyberattacks, and the European Union’s General Data Protection Regulation (GDPR) will take effect in May 2018. Authorities will have the power to impose significant fines on organizations for noncompliance, scalable to nearly $28 million or 4 percent of the organization’s global annual turnover per incident, whichever is greater. Beyond this, financial regulators around the world are starting to set explicit expectations regarding security and resilience.

Legacy Systems Lag Behind

Many organizations providing derivatives clearing and prime services are still reliant on legacy systems. But as business models adapt, legacy systems are struggling to keep up, especially when it comes to security. It will not be possible to keep making incremental improvements, so demands for greater security and efficiency will impact competitiveness in the near future.

Cybersecurity Threats Abound

Companies face a constant threat of data breaches that escalates each year, especially organizations in the financial industry. In fact, according to the “2017 Cost of Data Breach Study,” the per capita cost of a data breach is higher for financial institutions than most other industries. Organizations in the clearing and prime services sector must manage the immediate financial consequences of the incident as well as loss of reputation and business in the wake of a breach.

A Road Map for Derivatives Clearing and Prime Services Providers

What can providers of derivatives clearing and prime services do to help mitigate these risks? There is an opportunity for firms to take a quantum leap forward by investing in new technologies that are tailored to modern businesses and aligned with the current regulatory environment. They should start with the two steps outlined below.

Understand the Regulations and How to Meet Their Requirements

Organizations need to understand all the forthcoming regulations and, most importantly, their impact on existing systems and processes. This will help them identify gaps and isolate the systems that will struggle to handle new requirements.

It will also help security teams determine whether they need to take a completely fresh approach to delivering compliance, potentially drawing on the latest technology tools. Firms should not hesitate to proactively engage with third-party experts to fully understand the nitty-gritty of the latest regulations and how they can be addressed with maximum efficiency.

Invest in New Technologies

Firms providing derivatives clearing and prime services should invest in new technologies, such as virtualization, cloud and blockchain solutions, that are tailored to modern businesses. This will help these organizations protect core revenue streams from competition from financial technology organizations and develop new offerings to meet clients’ changing expectations. In addition, new cloud-based technology environments that leverage the latest cybersecurity tools, including artificial intelligence, provide a better chance to stay ahead of cybercriminals.

Enhancing Resilience to Regulatory Change

Clearing and prime brokerage businesses should explore the potential of new technologies to enhance their resilience to regulatory change. If required, they should engage with third-party experts help them get started on this journey.

IBM Security released a joint white paper with Promontory and Minium to help derivatives clearing and prime services providers address challenges related to compliance, legacy systems, security and more. You can access the paper here.

Read the complete white paper: The Way Ahead for Derivatives Clearing and Prime Services

More from Banking & Finance

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today