Businessman Walk Over Cliff Gap Risk Mountain Balancing Flat Illustration

Regulators’ review of the disaster planning by critical financial market infrastructure organizations — such as payments systems, and clearing and settlement firms — reveals many wouldn’t be prepared to resume operations quickly after a major outage.

A joint review of business continuity planning (BCP) by the International Organization of Securities Commissions (IOSCO) and the Committee on Payments and Market Infrastructures (CPMI) uncovered a “serious issue of concern.”

In particular, the regulatory review — which examined 38 financial market infrastructures (FMIs) in 29 jurisdictions — found that FMIs’ recovery plans in the event of a calamity, such as a natural disaster or a major systems outage, fall short of expectations.

“The business continuity management of some, and potentially many, FMIs do not seem to aim to resume operations in a timely way, including in the event of a wide-scale or major disruption,” the regulators said.

The review noted that IT systems should be able to be restored within two hours of a major incident, and that FMIs should be capable of settling transactions by the end of the day of the disruption, even in “extreme circumstances.”

“Given this is a serious area of concern, the CPMI and IOSCO expect the relevant FMIs and their [regulators] to address this as a matter of the highest priority,” the review said.

FMIs have generally weathered the pandemic without serious disruptions, it added, by transitioning to remote working and maintaining critical functions.

“Although the Covid-19 pandemic did not cause service disruptions, it presented some operational challenges,” the report noted. For example, large trading volumes in the early days of the pandemic presented challenges to some FMIs.

The episode also “highlighted operational risks posed by third parties such as critical service providers,” and the pandemic also intensified cyber security risks, the report said.