Where we are.
Cloud adoption is here, and we know it’s here to stay. Is your trader voice solution still secure and compliant in the cloud?
Covid-19 created a race to install trader voice solutions remote from the traditional trading floor to get financial institutions’ front office users up and running as soon as possible. Traders/Brokers are now working from home, BCP sites, main trading floors, and branch offices. The pandemic changed trader voice forever. Now, even as staff returns back to the floor, financial institutions need to make sure their end users are as secure working from various locations with different technologies as they were in the office before Covid-19. These solutions ranged from extending premised based solutions using VPNs and SD-WANs to community-based software residing in the public cloud with a range of hybrid solutions in between.
The truth about where we actually are.
Voice Trading System Manufacturers boast about their high levels of security by holding ISO27001 and SOC 2 certifications. The truth is, this only applies to their offices and data centers. How about their products and the emergence of their cloud-based voice trading solutions? Whilst they are leveraging their own products supporting physical turrets, soft turrets, or a combination of trader voice applications with some peripheral hardware, these were mostly inherently designed to be premise based and on a customer network with multitenancy and Cloud practices added in as an afterthought.
Manufacturers, their resellers, customers and consumers of cloud-based trader voice platforms believe the cloud-based solutions they are providing to their front office users are secure as can be. The incumbent providers check the mandatory compliance boxes ie. CDRs, Voice Recording, and metadata required by regulators like the SEC, CFTC, etc.
As trader voice decision makers assess their future architecture and solutions, what is the real compliance risk that regulators and financial institutions need to consider?
Does their actual voice trading solution and voice recorder have information barriers and support multitenancy?
If not, that’s a serious compliance risk. What if the end users have the ability to add LACs or line files (private wires) to their voice trading device or application? What happens if a system administrator or end user thinks they are adding a private wire to their trading counterparty, but enters the wrong LAC or line file? They could possibly have access to one of their competitors internal global trading hoots and can listen to their trading positions or shout their position globally to the competitor if the trader voice solution doesn’t support multitenancy. Who is at fault? The Trader? The Trading System Manufacturer? The Reseller of the trading system? The human who made a typo? These are real world scenarios that have actually taken place.
As financial institutions look to clean-up the quick and kludgy solutions they put in place before the pandemic caused offices to close, they need to ensure they select the best service providers and conduct due diligence on information management policies, not just the technology to meet their future compliance needs.
For more information please contact us!