DTCC unveils technology resilience principles to help industry further protect against risks of digital innovation
The Depository Trust & Clearing Corporation (DTCC), the premier post-trade market infrastructure for the global financial services industry, today outlined enhanced resilience measures that financial firms should consider adopting to ensure the continued safety of the financial markets amid an increasingly complex technology landscape.
As DTCC outlines in a new white paper, “The Power of Technology Resilience: A Framework for the Industry,” the twin dynamics of firms moving their infrastructures to virtual environments including the cloud, and adopting new and innovative technologies at a rapid pace, can introduce new types of risk. This evolution has reinforced the need for firms to ensure that resilience practices are embedded into technology development initiatives, including the delivery of their applications and the continued modernization of infrastructure.
“There is no one-and-done approach to resilience,” said Lynn Bishop, Managing Director and Chief Information Officer (CIO) at DTCC. “We believe we’ve laid the foundation for a solid and robust framework for ensuring technology resilience, but we intend to continue working with our clients and stakeholders to refine our approach and continue evolving.”
Given DTCC’s role as a critical infrastructure for the global markets, the firm follows strict recovery and resumption methods across services to enhance its resilience. As part of this, DTCC developed a resilience framework to prepare for a vast array of scenarios, including cyberattacks, natural disasters, and pandemics. The new white paper, which builds upon measures first outlined in the firm’s 2019 report, Resilience First, details four resilience principles that should be considered during the development of all software, services, and components, including:
- Plan – Firms should define the criteria to help support the delivery of resilient solutions in a repeatable and standardized manner.
- Build – Firms should employ common architectural patterns that can be leveraged by all teams to help deliver repeatable, resilient solutions. Firms should also conduct Failure Mode Analysis (FMA) to investigate the technical design of an application, and to identify any failure points in the system.
- Test – DTCC recommends a robust testing framework that leverages automation to confirm applications are consistently tested against resilience principles. Firms should leverage Chaos Engineering to experiment on a system’s ability to withstand turbulent conditions, including hardware failure or an unexpected surge in volume.
- Operate – Firms should consider enhancing their operational processes, which might include adopting dynamic alerting and monitoring practices that empower their engineers to rapidly respond to environmental failures by shifting workloads to an alternate data center. Additionally, firms should reimagine traditional, monolithic resilience exercises and adopt a model that enables a more continuous state of readiness for disaster events.
As described in the paper, firms should also design their applications to both detect and recover from possible failures, using automation where possible. Applications should be designed to operate independently of each other, to help isolate and contain any potential failures.
“When it comes to any firm’s resilience journey, it’s important to remember that you don’t have to go it alone,” said Neelesh Prabhu (pictured), Managing Director of Architecture & Enterprise Services in Information Technology at DTCC. “Industry collaboration is a key enabler of continued progress in this area. In support of this, we remain committed to sharing our experiences and best practices to help firms collectively safeguard the entire financial services industry.”