How to Navigate through a Crisis?

How to Navigate through a Crisis?

The securities services industry has been confronted with various challenges over the past years. The pandemic, to be mentioned as the key driver of change, has brought new ways of working and processing. The unprecedented and disruptive events highlighted why the industry must review and challenge their approach to operational resilience in the future. At SIX, we have the competitive advantage of being a safe place for people, technology and assets. Why are we convinced to be a strong custody provider to the securities services industry during these difficult times?

Asset Safety

When it comes to asset safety, the Central Securities Depository (CSD) and Financial Market Infrastructure (FMI) SIX is not engaged in any investment banking activities nor does it hold any proprietary securities. Hence, market risks such as share price fluctuations or exchange and interest rate changes are relatively low. This makes SIX a rather reliable and solid FMI with regards to its risk profile being a safe place to custodies assets. Furthermore, the provision of custody services is a regulated activity in Switzerland under several laws, i.e. the Financial Markets Infrastructure Act (FMIA), Banking Act (BA), Federal Intermediated Securities Act (FISA) and the Federal Act on Combating Money Laundering and Terrorist Financing (AMLA). Additionally, all financial market infrastructures operating in Switzerland are subject to supervision by the Financial Market Supervisory Authority (FINMA). SIX is regulated as CSD and as a systemically important financial market infrastructure under the supervision of the FINMA and the oversight of the Swiss National Bank (SNB). We can offer our clients a reduced credit risk exposure due to high settlement efficiency which we process internally also considering other entities of the SIX family.

The SIX CCP, for example,  offers multi-platform and multi-product clearing by processing transactions and immediately calculating the respective risk that provides clients a reduced exposure to counterparty risk while combining efficient margining and settlement netting. These components make SIX a strong partner to any clients.

Cyber Resilience

Being at the forefront of the Swiss financial center, the SIX Cyber Security Hub provides banks and insurance companies with reliable, relevant information on current risks and dangerous developments. Protection against cyber-attacks is an important basis for the attractiveness and stability of the Swiss financial center. Collaboration with the organizations involved improves protection against cyber risks.

We at SIX run our cyber resilience framework based on the standards published by the Information Security Forum (ISF) and use as basis the Standard of Good Practice. In order to start up our Cyber Security Program we conducted a general assessment against this standard inhouse and invited external auditors to provide deep dives (Cyber Security Assessments) in order to further develop and discover missing elements within our framework. 

Beside this, we run group-wide between 40 and 60 penetration tests and execute Red Team Exercises to discover additional weaknesses. Remediations will then be added to our agile Information Security Roadmap which helps to cover our cyber objectives such as cyber defense as malware protection, detection and recovery, baseline security and data protection and helps to mitigate cyber security events in the future.

Our Cyber Security Organization is organized in a tiered, 24/7 operation mode while it works either in split operation (On-site / Home Office) and can fulfil all assigned tasks as pre-Corona. Cyber security and its defense against attacks is the top issue within the securities services industry in the coming years.

People

The resilience of people involves ensuring the coverage of critical tasks and the continued availability of knowledge. It is essential that key person dependencies are reduced while ensuring that people can be allocated where needed. This will not only increase the workforce sustainability in times of crisis but will also add value and agility. At SIX, we foster a strong commitment towards Business Continuity Management. We have identified all business functions and the respective people while implementing the respective contingency arrangements accordingly. We always ensure that our services operate in accordance with the availability objectives. For services with very high availability requirements, the necessary organizational prerequisites are put in place to ensure the functioning even in emergency and crisis situations. Hence, the operational concept deals with human resources and know-how while we have also introduced alternative work models such as home working to address any loss-of-staff problems during a crisis.

To ensure successful application of  business continuity and IT recovery plans in the event of a disaster, the people as well as the emergency and crisis management organization responsible for their implementation are well trained. Additionally, the functionality of the plans is validated through tests and exercises.

Our company considers training, testing, and exercising to be an essential part of the recovery response. Hence, tests and exercises of different complexity such as plan reviews, tabletop/simulation exercises, emergency/crisis management exercises, unit tests, end-to-end tests or emergency workplace tests are carried out on a regular basis in order to be ready for any potential crisis. The SIX concept has proved to be working successfully during Corona.