FMA releases damning review on NZX technology issues

This morning the FMA have released a report which says that the NZX woefully failed in meeting its obligations to consumers, in the 2020 DDoS attack.

Thursday, January 28th 2021, 9:17AM

A review of NZX by the Financial Markets Authority, has found it failed to meet its licensed market operator obligations due to insufficient technology resources.

As a licensed market operator, NZX is required to meet certain obligations under the Financial Markets Conduct Act. One of those obligations is to have sufficient technology resources to operate its licensed markets properly, including arrangements to ensure market disclosures are made available.

The FMA had already been reviewing the technological capabilities of the NZX after it suffered trading volume related system outages in April 2020. After the DDoS attacks took down the NZX for a number of days in August 2020, the scope of the review was expanded.

The key findings of the report read, “Overall, the FMA review found NZX did not have adequate technology capability across its people, processes and platform to comply with market operator obligations and especially in the context of its systemic importance. Additionally, the performance of NZX’s systems did not meet regulatory requirements or expectations for fair, orderly and transparent markets.”

FMA chief executive, Rob Everett, said market participants gave feedback that NZX did not accept responsibility for known systemic issues and was slow to act: “The feedback from market participants mirrors our own observations and is a major concern that needs to be addressed by the NZX Board and Executive. The failure to properly consider the broader ecosystem in which the exchange operates, and to fully engage with industry feedback and concerns, were contributing factors to the volume-related issues.”

In relation to the DDoS attacks, the FMA review found NZX’s crisis management planning and procedures were basic. A DDoS attack was foreseeable, the review found, and an attack of sufficient magnitude to take down servers – and with them NZX’s market announcement platform – was at least possible and should have been planned for.

In response to this review the FMA has asked the NZX to come up with a formal action plan to address these issues. The FMA has met with the NZX board to discuss its findings and received assurances that the board takes responsibility for making the necessary investment and addressing the issues highlighted in the report.

“We are confident that NZX understands our concerns,” said Everett. “We look forward to finalising NZX’s action plan and monitoring its progress over coming months.”

There will be no further sanctions from the FMA.

In response to the report NZX chief executive, Mark Peterson said NZX takes its market operator obligations extremely seriously. “We acknowledge the issues that have affected our technology platforms and market participants in 2020.

“NZX accepts that it did not meet the high standards it sets for itself in key areas of technology resources. We also agree that improvements are required and we are committed to delivering these improvements via an action plan that will be agreed with the FMA. We will work constructively with the FMA through that process and engage closely with the broader capital markets technology ecosystem.”

Tags: cyber security FMA NZX

« Review shows Super Fund on right trackMann on a mission to diversify financial advice »

Special Offers

Comments from our readers

No comments yet

Sign In to add your comment

www.GoodReturns.co.nz

© Copyright 1997-2024 Tarawera Publishing Ltd. All Rights Reserved