The Central Bank will impose cybersecurity standards for trading on stock exchange


Moscow exchange has proposed to introduce standards of cyber security for trading systems. The problem, according to the Director of the Department operational risk, information security and business continuity of the Moscow exchange Sergey Demidov, may lie in the means of access to the stock pad, which selects the customer enters into a contract with the broker. “Market participants can log on to the exchange market through a variety of access systems. Now there are several, but no requirements for their information security there,” he said.

As explained on the forum on information security in Magnitogorsk Demidov, the feasibility of introducing standards due to the increase in the number of retail investors. “On the one hand we want to attract to the market more private investors, with another — understand that as soon as the market comes a massive player, he becomes the target of cyber attacks,” he said, adding that while the market has not recorded a single case of cyber attacks on trading systems, but considers this prospect an obvious risk for the exchanges and investors. The greater the number of private investors, the more and more diverse will be the trading system, says Demidov. “It will be worse if we get to a significant number of private investors and will begin cyber-attacks”, — he warned.

Central Bank solidarity

The Central Bank supports the idea of the exchange to impose cybersecurity standards for market participants. “We can’t, of course, be required to comply with standards of the software manufacturers, but can make demands on those who are under our control and uses these systems, that is, the participants of the exchange market”, — said Deputy head of the main Directorate of security and information protection, Bank of Russia Artem Sychev. He said that the requirements for cyber security for exchange market participants can enter into force in mid-year. “The standards are designed for non-credit financial institutions, therefore, brokers get there machine,” said Sychev.

The price of safety

For market participants the news about the operational introduction of cybersecurity standards for trading systems was a surprise. “We like the idea heard six months ago, but specifics have not yet heard” — said the President-Chairman of the Board of “Finam” Vladislav Kochetkov. For some players by surprise and the idea. According to the head of the company “Opening Broker” Yuri Mintsev, he was not aware of the initiative to impose standards on cyber security for professional participants. “The idea is strange, given that the exchange itself provides direct access to trading derivatives for individuals. It is unclear what are the brokers?”, — he wonders.

Top Manager of a large Bank believes measures to introduce standards for brokers redundant. “The risks of banks, which have millions of retail customers and brokers, in which the active participants are 100-200 thousand people, are not comparable,” he says. Besides, said the banker, brokerage services to individuals have many major banks, using various trading systems. “It turns out that they will have to bear the costs of providing information security for banking and brokerage business,” says the banker.

However, the ideas exchange and the Central Bank has a positive side, indicate market participants. “The idea seems quite sensible, because there are plenty of players who develop their own trading system, while not paying attention to their safety,” comments Kochetkov. He believes that the introduction of cybersecurity standards for trading systems will allow to make the market more stable and protected from hacker attacks.

However, according to the broker, the introduction of standards will lead to further consolidation of the brokerage market. “The big players will be able to ensure compliance with the requirements of the Central Bank, but it will lead to higher costs and lower competition,” — said Kochetkov.

“Safety costs money”, — said Artem Sychev. According to him, it is unclear who will be liable if the small broker will be subject to cyber attack and the attackers will make transactions on the stock exchange for billions of rubles. “The answer is obvious: if you are engaged in the provision of financial services, be prepared for the fact that this business requires not a penny of spending,” he added.

A long-standing warning

Informed about the danger of hacker attacks on the stock exchange warned the representatives of the Center for monitoring and responding to computer attacks (FinCert) the Bank of Russia. “We expect that the attack on the stock exchange in 2017 will be strengthened. If built in the banks policy, it is somehow valid, then the exchange very many problems”, — said the head of FinCert Dmitry Frolov in early February. He noted that hacker attacks on exchanges can be not only economic but also political consequences.

In early 2016, the first Deputy Chairman of the Central Bank Sergey Shvetsov pointed to the risk of widespread computer systems, investment Advisory service, Robo-advisors (robo-advisor), which can be intercepted by hackers.

Source