Security overlooked in rush to comply with EU financial directive
Experts warn that security could be an afterthought as companies try to comply with new European financial markets directive.
Experts are warning that as companies rush to comply with EU rulings over financial markets, they may overlook security risks in doing so.
The EU's Markets in Financial Instruments Directive (MiFID) comes into effect on 1 November. The directive replaces the existing Investment Services Directive (ISD) and introduces a single market and regulatory regime for investment services across the 30 member states of the European Economic Area (EEA).
But some experts said that implementation of the directive is complex and only a handful of firms will be on track to meet the November deadline and could unearth security problems within organisations.
"As firms get to grips with identifying and storing the vast amounts of information required by MiFID, they need to be mindful that it will expose existing flaws in their security, as well as introduce new threats that they will now have to manage," said Phil Higgins, executive partner at business consultants Brookcourt Solutions.
Higgins said that the cost of MiFID IT implementation, in the UK alone, is set to surpass 1bn, with UK investment banks spending upwards of 10m each.
According to Higgins, firms that do not tackle security issues raised by MiFID will substantially raise their risk profile and leave themselves open to both damage to their reputation and legal action.
Financial Services industry think-tank JWG-IT chief executive PJ Di Giammarino said that with only six months left until the rules come into force, firms are only now waking up to the profound implications MiFID has on business processes and supporting infrastructure. "While it's important to implement compliant processes and systems, these also need to be secure," he said.
Analysts said that the main beneficiaries of the new rules would be security and storage vendors as it would provide a major market opportunity.
"The main requirements lie in the area of secure, long-term and high-volume storage of information, with a rich layer of audit and reporting functionality built on top of it to allow MiFID compliance to be demonstrated," said Graham Titterington, principal analyst at Ovum. "There is a particular challenge in providing this across a fast moving domain with multiple players - such as the financial trading environment."
Unlocking collaboration: Making software work better together
How to improve collaboration and agility with the right techDownload now
Four steps to field service excellence
How to thrive in the experience economyDownload now
Six things a developer should know about Postgres
Why enterprises are choosing PostgreSQLDownload now
The path to CX excellence for B2B services
The four stages to thrive in the experience economyDownload now