The Board of the International Organization of Securities Commissions today published a Thematic Review (‘Review’) on the extent to which participating IOSCO member jurisdictions have implemented regulatory measures consistent with the two Recommendations and the two Standards set out in the 2015 IOSCO reports on Business Continuity Plans (BCPs) for Trading Venues and Market Intermediaries.
Authorities from 33 jurisdictions (16 developed jurisdictions and 17 emerging market jurisdictions) participated in the Review, which found that thirteen participating jurisdictions are Fully Consistent with the two Recommendations and the two Standards under review. The Review identified some gaps or shortcomings of different degrees of materiality in the other 20 participating jurisdictions for one or more of the Recommendations or Standards.
The two Recommendations under review state that regulators should require trading venues to 1) have mechanisms to help ensure the resiliency, reliability and integrity (including security) of critical systems and 2) establish, maintain and implement as appropriate a BCP.
The two Standards state that regulators should require intermediaries to 1) create and maintain a written BCP that identifies procedures for an emergency or significant business disruption and 2) update their BCP in the event of any material change to operations, structure, business or location and conduct an annual review of their BCP to determine whether any modifications are necessary due to these changes.
In terms of the gaps, the Review found that regulatory frameworks of some jurisdictions did not ensure that relevant provisions for critical systems extend to outsourced functions. The Review also found that regulations in some participating jurisdictions did not have any obligations for intermediaries to conduct a regular review of BCP arrangements or update BCPs in response to material business changes.
The Review recommends that members include in their regulatory frameworks the necessary powers for the regulator to set and enforce requirements for trading venues and intermediaries when they establish, maintain and update BCPs; to ensure the regulatory frameworks require enterprise-wide BCPs and not only disaster recovery or contingency measures for IT systems; and to provide sufficient clarity on governance and accountability for boards or senior management in relation to critical systems.
IOSCO undertook this Review in response to the rapid rise of new technologies in securities markets, which have created risks capable of potentially disrupting trading venues and intermediaries. These vulnerabilities underscore the importance of effective BCPs, supported by adequate regulatory frameworks. While the report also discusses the measures that regulators, trading venues and market intermediaries took to ensure BCPs remained resilient during the COVID-19 crisis, the Review did not assess the operational resilience of trading venues and intermediaries during the COVID-19 pandemic. Given the relevance of this topic, IOSCO will be separately conducting work on operational resilience as part of its effort to examine risks exacerbated by the COVID-19 pandemic, as announced in its work program for 2021-2022.
About IOSCO:
IOSCO is the leading international policy forum for securities regulators and is recognized as the global standard setter for securities regulation. The organization’s membership regulates more than 95% of the world’s securities markets in some 130 jurisdictions, and it continues to expand.
The IOSCO Board is the governing and standard-setting body of the International Organization of Securities Commissions and is made up of 33 securities regulators. Mr. Ashley Alder, the Chief Executive Officer of the Securities and Futures Commission of Hong Kong, is the Chair of the IOSCO Board. The members of the IOSCO Board are the securities regulatory authorities of Argentina, Australia, Bahamas, Belgium, Brazil, China, Egypt, France, Germany, Hong Kong, India, Ireland, Italy, Japan, Korea, Malaysia, Mexico, Morocco, Nigeria, Ontario, Pakistan, Portugal, Quebec, Russia, Saudi Arabia, Singapore, Spain, Sweden, Switzerland, Turkey, the United Kingdom and the United States of America (both the U.S. Commodity Futures Trading Commission and U.S. Securities and Exchange Commission). The Chair of the European Securities and Markets Authority and the Chair of IOSCO´s Affiliate Members Consultative Committee are also observers.
The Growth and Emerging Markets (GEM) Committee is the largest committee within IOSCO, representing close to 80 per cent of the IOSCO membership, including 11 of the G20 members. The committee brings members from growth and emerging markets together and communicates members’ views and facilitates their contribution across IOSCO and at other global regulatory discussions. The GEM Committee’s strategic priorities are focused, among others, on risks and vulnerabilities assessments, policy and development work affecting emerging markets, and regulatory capacity building.
IOSCO aims through its permanent structures:
- to cooperate in developing, implementing and promoting internationally recognized and consistent standards of regulation, oversight and enforcement to protect investors, maintain fair, efficient and transparent markets, and seek to address systemic risks;
- to enhance investor protection and promote investor confidence in the integrity of securities markets, through strengthened information exchange and cooperation in enforcement against misconduct and in supervision of markets and market intermediaries; and
- to exchange information at both global and regional levels on their respective experiences to assist the development of markets, strengthen market infrastructure and implement appropriate regulation.
