Gary Wright
One of the biggest problems with T+1 or real-time processing is the capability or resilience of the capital markets to continue to keep the lights on when a major player or worse infrastructure is offline.
In T+1 when transactions all must settle the following day the market players do not have the luxury of an added day to tidy up problems as we do with T+2.
This is magnified for international settlement when time-zone differences and reliance on batch processing condense the work period to send settlement details to a few short hours.
For many firms that have outsourced back-office operations to Asia-Pacific, it is even shorter and nigh on impossible.
In effect, operations for all actors in the market must be working at an optimum level, for far longer, with no leeway for downtime of systems.
Most firms in the financial markets will have disaster recovery capabilities and these will have been successfully running for decades, many untested by real events.
However, real-time processing raises the ante from 24 hours to correct and recover, to the need for zero downtime. All systems go wrong as we all know, it is a fact of life but in real-time processing, the pressure to be 100 percent all of the time might prove impossible.
If we accept that the 100 percent notion is unrealistic, we are really looking at how fast recovery is. And what does the market do with a major outage?
Remember: under T+1, failed settlement starts immediately, so some financial buffer or headroom will be necessary to protect investors and the market actors to prevent financial loss.
Would any financial insurance against a loss caused by an outage be possible? And who should manage it — each firm or a central regulator?
So, recovery is one thing but what are the triggers? What constitutes an attack on the markets?
A recent Freedom of Information Act report stipulated that the U.K.’s Financial Conduct Authority (FCA) received 51 cyber incident reports in the first half of 2023, marking a 10 percent increase on the same period in 2022.
T+1 is rarely discussed in terms of market resilience, but it should be, and I am delighted that the U.K.’s T+1 technical task force has a dedicated workstream examining these issues.
Most importantly, we need to define market resilience and understand what to do when it happens.
There are concerns that the heavy reliance on legacy systems that firms have worldwide is a major weakness. Whole swaths of firms are still operating key systems designed in the eighties and even the bulge bracket banks still have a legacy system soft underbelly. This is well-known but not often aired.
Replacement of legacy systems is an acknowledged benefit that could accrue from T+1. However, global industry moves to upgrade to modern technology will take time and will require considerable investment.
Any fundamental change of systems on this scale will also increase the resilience threat. Anyone who has been involved in system changes will know it takes time to get it right and you’re at your weakest during the change. This element of T+1 resilience should not be underestimated.
For North America, T+1 implementation on May 27 for Canada, and May 28, 2024, for the U.S. are likely to be extremely attractive to cyber terrorists. A target date where wholesale changes are happening domestically in North America but will be felt worldwide will seem the perfect time to cause the most disruption.
Preparation for T+1 in North America and worldwide should have been like Y2K when we all spent years preparing for Armageddon only to pass into the year 2000 without any drama at all. Would that have happened without the preparation? We will never know.
On May 27 and 28 I hope we don’t find out that our lack of preparation for market resilience does not bring with it a major market outage with massive disruption.
I for one would like some comfort to know the lights will be on and that they will stay on.
(Editor’s note: The author Gary Wright is the director of industry affairs at ISITC Europe. An industry veteran, Wright has been part of the finance industry since 1969, holding senior positions within several major financial institutions. He was involved in many industry committees including setting the CISI Operations Management exam papers and has been a guest lecturer at Reading University and the ICMA. Wright has also undertaken consultancy assignments and worked in an advisory and industry relationship capacity for leading suppliers, enabling him to understand problems from the buy- and sell-side perspectives. He founded B.I.S.S. Research in 1997 creating the B.I.S.S. Accreditation, which independently benchmarked international financial technology.)
Need a Reprint?
Leave a Reply