COB 9.5 COB 9.5 Technology resources
COB 9.5.1 COB 9.5.1
ATS Operatormust:(a) have sufficient technology resources to operate, maintain and supervise the facility it operates;(b) be able to satisfy the DFSAthat its technology resources are established and maintained in such a way as to ensure that they are secure and maintain the confidentiality of the data they contain; and(c) ensure that its members and other participants on its facility have sufficient technology resources which are compatible with its own.
(2) For the purposes of meeting the requirement in (1)(c), an
ATS Operatormust have adequate procedures and arrangements for the evaluation, selection and on-going monitoring of information technology systems. Such procedures and arrangements must, at a minimum, provide for:(a) problem management and system change;(b) adequate procedures for testing information technology systems before live operations, which are in conformity with the requirements that would apply to an Authorised Market Institutionunder App 1 of AMI;(c) monitoring and reporting on system performance, availability and integrity; and(d) adequate measures to ensure:(i) the information technology systems are resilient and not prone to failure;(ii) business continuity in the event that an information technology system fails;(iii) protection of the information technology systems from damage, tampering, misuse or unauthorised access; and(iv) the integrity of data forming part of, or being processed through, information technology systems.
COB 9.5.1 Guidance
1. In assessing the adequacy of an
ATS Operator'ssystems and controls used to operate and carry on its functions, the DFSAwill consider:a. the organisation, management and resources of the information technology department of the firm;b. the arrangements for controlling and documenting the design, development, implementation and use of technology systems; andc. the performance, capacity and reliability of information technology systems.
DFSAwill also, during its assessment of technology systems, have regard to the:a. procedure for the evaluation and selection of information technology systems;b. procedures for problem management and system change;c. arrangements for testing information technology systems before live operations;d. arrangements to monitor and report system performance, availability and integrity;e. arrangements made to ensure information technology systems are resilient and not prone to failure;f. arrangements made to ensure business continuity in the event that an information technology system fails;g. arrangements made to protect information technology systems from damage, tampering, misuse or unauthorised access;h. arrangements made to ensure the integrity of data forming part of, or being processed through, information technology systems; andi. third party outsourcing arrangements.
3. In particular, when assessing whether an
ATS Operatorhas adequate information technology resourcing, the DFSAwill consider:a. whether its systems have sufficient electronic capacity to accommodate reasonably foreseeable volumes of messaging and orders, andb. whether such systems are adequately scalable in emergency conditions that might threaten the orderly and proper operations of its facility.
Regular review of systems and controls
COB 9.5.2 COB 9.5.2
ATS Operatormust undertake regular review and updates of its systems and controls as appropriate to the nature, scale and complexity of its operations.
(2) For the purposes of (1), an
ATS Operatormust adopt well defined and clearly documented development and testing methodologies which are in line with internationally accepted testing standards.
COB 9.5.2 Guidance
Through the use of such testing methodologies, the
ATS Operatorshould be able to ensure, amongst other things, that:a. its systems and controls are compatible with its operations and functions;b. compliance and risk management controls embedded in its system operate as intended (for example by generating error reports automatically); andc. it can continue to work effectively in stressed market conditions.