COB 9.5.1 Guidance

1. In assessing the adequacy of anATS Operator's systems and controls used to operate and carry on its functions, the DFSA will consider:

a. the organisation, management and resources of the information technology department of the firm;
b. the arrangements for controlling and documenting the design, development, implementation and use of technology systems; and
c. the performance, capacity and reliability of information technology systems.

2. The DFSA will also, during its assessment of technology systems, have regard to the:

a. procedure for the evaluation and selection of information technology systems;
b. procedures for problem management and system change;
c. arrangements for testing information technology systems before live operations;
d. arrangements to monitor and report system performance, availability and integrity;
e. arrangements made to ensure information technology systems are resilient and not prone to failure;
f. arrangements made to ensure business continuity in the event that an information technology system fails;
g. arrangements made to protect information technology systems from damage, tampering, misuse or unauthorised access;
h. arrangements made to ensure the integrity of data forming part of, or being processed through, information technology systems; and
i. third party outsourcing arrangements.

3. In particular, when assessing whether an ATS Operator has adequate information technology resourcing, the DFSA will consider:

a. whether its systems have sufficient electronic capacity to accommodate reasonably foreseeable volumes of messaging and orders, and
b. whether such systems are adequately scalable in emergency conditions that might threaten the orderly and proper operations of its facility.
[Added] DFSA RM123/2013 (Made 13th June 2013) [VER22/07-13]