The securities services industry, like most industries, has been confronted with various challenges over the past years. The pandemic, to be mentioned as the key driver of change, has brought new ways of working and processing. The unprecedented and disruptive events highlighted why the industry must review and challenge their approach to operational resilience also in the future.
SIX is a safe place from a technological point of view, in terms of assets but also in terms of employees. These three aspects make us a strong partner when it comes to the custody of securities, even in difficult times:
1. Technology: How Does SIX Provide a Resilient Infrastructure?
Cybersecurity and its defense against attacks is a top issue within the securities services industry in the coming years when it comes to technological resilience.
SIX runs its cyberresilience framework based on the standards published by the Information Security Forum and uses the Standard of Good Practice as a basis. In order to start up the cybersecurity program, SIX conducted a general inhouse assessment against this standard and invited external auditors to provide cybersecurity assessments in order to discover missing elements and further develop the framework.
Beside this, SIX runs company-wide penetration tests and executes Red Team exercises to discover additional weaknesses. Remediations will be added to the agile Information Security Roadmap. The roadmap helps to cover objectives such as cyberdefense to protect from malware, detection and recovery, baseline security, and data protection in order to mitigate cybersecurity events in the future.
Cybersecurity at SIX is organized in a tiered, 24/7 operation mode. Also in split operation (on-site/work from home) it can fulfil all assigned tasks as before the COVID-19 crisis.
Being at the forefront of the Swiss financial center, the SIX Cyber Security Hub provides banks and insurance companies with reliable, relevant information on current risks and dangerous developments. Protection against cyberattacks is an important basis for the attractiveness and stability of the Swiss financial center. Collaboration with the organizations involved improves protection against cyberrisks.
2. Assets: Why Is SIX a Safe Place?
As a Financial Market Infrastructure (FMI) and as the Central Securities Depository (CSD) SIX is not engaged in any investment banking activities nor does it hold any proprietary securities. Hence, market risks such as share price fluctuations or exchange and interest rate changes are relatively low. This makes SIX a reliable and solid FMI and a safe place assets under custody.
Furthermore, the provision of custody services is a regulated activity in Switzerland under several laws, i.e. the Financial Markets Infrastructure Act, the Banking Act, the Federal Intermediated Securities Act, and the Federal Act on Combating Money Laundering and Terrorist Financing. All FMI operating in Switzerland are subject to supervision by the Financial Market Supervisory Authority (FINMA). SIX is regulated as the CSD and as a systemically important FMI under the supervision of the FINMA and the oversight of the Swiss National Bank.
Additionally SIX can offer its clients a reduced credit risk exposure due to high efficiency in settlement which we process internally considering other entities of SIX. The Central Counterparty Clearing of SIX, for example, offers multiplatform and multiproduct clearing that immediately calculates the respective risk. Clients are provided a reduced exposure to counterparty risk while combining efficient margining and settlement netting.
3. People: How Is SIX Ensuring Business Continuity?
Operational resilience involves ensuring the coverage of critical tasks through capable and trained people and the continued availability of knowledge. It is essential that key person dependencies are reduced while ensuring that people can be allocated where needed. This will not only increase the workforce sustainability in times of crisis but will also add value and agility. SIX fosters a strong commitment towards Business Continuity Management. All business functions and the respective people are identified while the respective contingency arrangements are implemented accordingly. The services of SIX always operate in accordance with the availability objectives.
For services with very high availability requirements, the necessary organizational prerequisites are put in place to ensure the functioning even in emergency and crisis situations. Hence, the operational concept deals with human resources and know-how. It also includes alternative work models such as working from home to address loss-of-staff problems during a crisis.
To ensure a successful application of business continuity and IT recovery plans in the event of a disaster, all involved employees as well as the emergency and crisis management organization responsible are well trained. Additionally, the functionality of the plans is validated through testings and exercises.
SIX considers testings, exercises – and training – to be an essential part of the recovery response. Hence, plan reviews are regularly made, tabletop exercises and simulations are conducted, emergency and crisis management is practiced, unit and end-to-end tests are executed, or the emergency scenario is played out in the workplace. This concept has also proven successful during the COVID-19 pandemic.
Switzerland’s national Central Securities Depository is part of a comprehensive post-trade portfolio, providing complete Swiss and international security services.
Find Out More