The market for derivatives clearing and prime services has undergone significant structural change over the last few years. Firms now face a number of new challenges, some of which have the potential to throw the viability of entire business lines into doubt. Based on joint work with Promontory and Minium, let’s take a closer look at the main challenges these organizations face and outline initial steps they need to take to overcome them.

Navigating a New Compliance Landscape

Compliance requirements are accelerating. Financial regulators around the world are placing a greater onus on top management to set and take accountability for effective cybersecurity policies and programs.

The U.S. Federal Trade Commission (FTC) now has authority to take action against organizations that fail to protect consumer information against cyberattacks, and the European Union’s General Data Protection Regulation (GDPR) will take effect in May 2018. Authorities will have the power to impose significant fines on organizations for noncompliance, scalable to nearly $28 million or 4 percent of the organization’s global annual turnover per incident, whichever is greater. Beyond this, financial regulators around the world are starting to set explicit expectations regarding security and resilience.

Legacy Systems Lag Behind

Many organizations providing derivatives clearing and prime services are still reliant on legacy systems. But as business models adapt, legacy systems are struggling to keep up, especially when it comes to security. It will not be possible to keep making incremental improvements, so demands for greater security and efficiency will impact competitiveness in the near future.

Cybersecurity Threats Abound

Companies face a constant threat of data breaches that escalates each year, especially organizations in the financial industry. In fact, according to the “2017 Cost of Data Breach Study,” the per capita cost of a data breach is higher for financial institutions than most other industries. Organizations in the clearing and prime services sector must manage the immediate financial consequences of the incident as well as loss of reputation and business in the wake of a breach.

A Road Map for Derivatives Clearing and Prime Services Providers

What can providers of derivatives clearing and prime services do to help mitigate these risks? There is an opportunity for firms to take a quantum leap forward by investing in new technologies that are tailored to modern businesses and aligned with the current regulatory environment. They should start with the two steps outlined below.

Understand the Regulations and How to Meet Their Requirements

Organizations need to understand all the forthcoming regulations and, most importantly, their impact on existing systems and processes. This will help them identify gaps and isolate the systems that will struggle to handle new requirements.

It will also help security teams determine whether they need to take a completely fresh approach to delivering compliance, potentially drawing on the latest technology tools. Firms should not hesitate to proactively engage with third-party experts to fully understand the nitty-gritty of the latest regulations and how they can be addressed with maximum efficiency.

Invest in New Technologies

Firms providing derivatives clearing and prime services should invest in new technologies, such as virtualization, cloud and blockchain solutions, that are tailored to modern businesses. This will help these organizations protect core revenue streams from competition from financial technology organizations and develop new offerings to meet clients’ changing expectations. In addition, new cloud-based technology environments that leverage the latest cybersecurity tools, including artificial intelligence, provide a better chance to stay ahead of cybercriminals.

Enhancing Resilience to Regulatory Change

Clearing and prime brokerage businesses should explore the potential of new technologies to enhance their resilience to regulatory change. If required, they should engage with third-party experts help them get started on this journey.

IBM Security released a joint white paper with Promontory and Minium to help derivatives clearing and prime services providers address challenges related to compliance, legacy systems, security and more. You can access the paper here.

Read the complete white paper: The Way Ahead for Derivatives Clearing and Prime Services

More from Banking & Finance

Cost of a data breach 2023: Financial industry impacts

3 min read - According to the IBM Cost of a Data Breach Report 2023, the global average cost of a data breach in 2023 was $4.45 million, 15% more than in 2020. In response, 51% of organizations plan to increase cybersecurity spending this year. For the financial industry, however, global statistics don’t tell the whole story. Finance firms lose approximately $5.9 million per data breach, 28% higher than the global average. In addition, evolving regulatory concerns play a role in how financial companies…

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

The rise of malicious Chrome extensions targeting Latin America

9 min read - This post was made possible through the research contributions provided by Amir Gendler and Michael  Gal. In its latest research, IBM Security Lab has observed a noticeable increase in campaigns related to malicious Chrome extensions, targeting  Latin America with a focus on financial institutions, booking sites, and instant messaging. This trend is particularly concerning considering Chrome is one of the most widely used web browsers globally, with a market share of over 80% using the Chromium engine. As such, malicious…

BlotchyQuasar: X-Force Hive0129 targeting financial institutions in LATAM with a custom banking trojan

16 min read - In late April through May 2023, IBM Security X-Force found several phishing emails leading to packed executable files delivering malware we have named BlotchyQuasar, likely developed by a group X-Force tracks as Hive0129. BlotchyQuasar is hardcoded to collect credentials from multiple Latin American-based banking applications and websites used within public and private environments. Similar operations conducted in late 2022 have also been noted delivering an earlier variant of this modified QuasarRAT by likely Spanish-speaking actors. BlotchyQuasar, which X-Force describes as…