The Depository Trust & Clearing Corporation (DTCC) is looking to advise financial services firms with a new white paper that highlights the “risks of digital innovation.”
The document is entitled “The Power of Technology Resilience: A Framework for the Industry,” and reviews the heightened risk of cloud, virtual environments and financial innovation or Fintech.
DTCC states that given their position within the financial services industry, one that provides critical infrastructure, they advise industry participants to prepare and beware.
“There is no one-and-done approach to resilience,” stated Lynn Bishop, Managing Director and Chief Information Officer (CIO) at DTCC. “We believe we’ve laid the foundation for a solid and robust framework for ensuring technology resilience, but we intend to continue working with our clients and stakeholders to refine our approach and continue evolving.”
The paper recommends financial firms to:
- Plan – Firms should define the criteria to help support the delivery of resilient solutions in a repeatable and standardized manner.
- Build – Firms should employ common architectural patterns that can be leveraged by all teams to help deliver repeatable, resilient solutions. Firms should also conduct
- Failure Mode Analysis (FMA) to investigate the technical design of an application, and to identify any failure points in the system.
- Test – DTCC recommends a robust testing framework that leverages automation to confirm applications are consistently tested against resilience principles. Firms should leverage Chaos Engineering to experiment on a system’s ability to withstand turbulent conditions, including hardware failure or an unexpected surge in volume.
- Operate – Firms should consider enhancing their operational processes, which might include adopting dynamic alerting and monitoring practices that empower their engineers to rapidly respond to environmental failures by shifting workloads to an alternate data center. Additionally, firms should reimagine traditional, monolithic resilience exercises and adopt a model that enables a more continuous state of readiness for disaster events.
DTCC says that firms should design their applications to both detect and recover from possible failures, using automation where possible while applications should be designed to operate independently. No need to create your own internal system risk trap.
Neelesh Prabhu, MD of Architecture & Enterprise Services in Information Technology at DTCC, said they remain committed to sharing their experience to safeguard the entire financial services industry.