Entire Section

  • COB 9.5 COB 9.5 Technology resources

    • COB 9.5.1 COB 9.5.1

      (1) An ATS Operator must:

      (a) have sufficient technology resources to operate, maintain and supervise the facility it operates;
      (b) be able to satisfy the DFSA that its technology resources are established and maintained in such a way as to ensure that they are secure and maintain the confidentiality of the data they contain; and
      (c) ensure that its members and other participants on its facility have sufficient technology resources which are compatible with its own.

      (2) For the purposes of meeting the requirement in (1)(c), an ATS Operator must have adequate procedures and arrangements for the evaluation, selection and on-going monitoring of information technology systems. Such procedures and arrangements must, at a minimum, provide for:

      (a) problem management and system change;
      (b) adequate procedures for testing information technology systems before live operations, which are in conformity with the requirements that would apply to an Authorised Market Institution under App 1 of AMI;
      (c) monitoring and reporting on system performance, availability and integrity; and
      (d) adequate measures to ensure:
      (i) the information technology systems are resilient and not prone to failure;
      (ii) business continuity in the event that an information technology system fails;
      (iii) protection of the information technology systems from damage, tampering, misuse or unauthorised access; and
      (iv) the integrity of data forming part of, or being processed through, information technology systems.
      [Added] DFSA RM123/2013 (Made 13th June 2013) [VER22/07-13]

      • COB 9.5.1 Guidance

        1. In assessing the adequacy of anATS Operator's systems and controls used to operate and carry on its functions, the DFSA will consider:

        a. the organisation, management and resources of the information technology department of the firm;
        b. the arrangements for controlling and documenting the design, development, implementation and use of technology systems; and
        c. the performance, capacity and reliability of information technology systems.

        2. The DFSA will also, during its assessment of technology systems, have regard to the:

        a. procedure for the evaluation and selection of information technology systems;
        b. procedures for problem management and system change;
        c. arrangements for testing information technology systems before live operations;
        d. arrangements to monitor and report system performance, availability and integrity;
        e. arrangements made to ensure information technology systems are resilient and not prone to failure;
        f. arrangements made to ensure business continuity in the event that an information technology system fails;
        g. arrangements made to protect information technology systems from damage, tampering, misuse or unauthorised access;
        h. arrangements made to ensure the integrity of data forming part of, or being processed through, information technology systems; and
        i. third party outsourcing arrangements.

        3. In particular, when assessing whether an ATS Operator has adequate information technology resourcing, the DFSA will consider:

        a. whether its systems have sufficient electronic capacity to accommodate reasonably foreseeable volumes of messaging and orders, and
        b. whether such systems are adequately scalable in emergency conditions that might threaten the orderly and proper operations of its facility.
        [Added] DFSA RM123/2013 (Made 13th June 2013) [VER22/07-13]

    • Regular review of systems and controls

      • COB 9.5.2 COB 9.5.2

        (1) An ATS Operator must undertake regular review and updates of its systems and controls as appropriate to the nature, scale and complexity of its operations.

        (2) For the purposes of (1), an ATS Operator must adopt well defined and clearly documented development and testing methodologies which are in line with internationally accepted testing standards.

        [Added] DFSA RM123/2013 (Made 13th June 2013) [VER22/07-13]

        • COB 9.5.2 Guidance

          Through the use of such testing methodologies, the ATS Operator should be able to ensure, amongst other things, that:

          a. its systems and controls are compatible with its operations and functions;
          b. compliance and risk management controls embedded in its system operate as intended (for example by generating error reports automatically); and
          c. it can continue to work effectively in stressed market conditions.
          [Added] DFSA RM123/2013 (Made 13th June 2013) [VER22/07-13]