570 likes | 654 Views
Independent Advisory Group Giovannini Barrier 1 Meeting 2. August 3rd, 2005. Agenda. Review of 19 th July minutes Protocol ‘shelf-life’ Focus on the Interface Layer Standards Security Service Mandatory outsourcing of: Dispute resolution support service Commodity services
E N D
Independent Advisory GroupGiovannini Barrier 1Meeting 2 August 3rd, 2005
Agenda • Review of 19th July minutes • Protocol ‘shelf-life’ • Focus on the Interface Layer • Standards • Security • Service • Mandatory outsourcing of: • Dispute resolution support service • Commodity services • Any other business
Agenda • Review of 19th July minutes • Protocol ‘shelf-life’ • Focus on the Interface Layer • Standards • Security • Service • Mandatory outsourcing of: • Dispute resolution support service • Commodity services • Any other business
Review of 19/07 minutes‘Protocol, Standard & Syntax’ • Protocol: The protocol definition should go further than simply a technical protocol and should be a definition of the best practice business rules that govern the communication procedure between any two counterparties • Standard: A single standard practically relates to the use of a single business model with its associated single data dictionary to enable translation between standards/syntaxes, thereby leveraging current investment in existing standards • Syntax: There are some syntaxes which are also considered to be standards and so at this level, the identification should be syntax/standard, not simply syntax
Review of 19/07 minutes‘Protocol, Standard & Syntax’ • End to end STP can be achieved via interoperability of agreed standards (inc. market practices) within a best practice protocol • Interoperability achieved through the adoption of a single data dictionary
Review of 19/07 minutes ‘Protocol scope’ • Long term: the protocol should apply to all processes, all instruments and all participants • Short term: phasing of implementation of the protocol should be as follows: • Instrument: Priority to Equities, Fixed Income and Exchange Traded Derivatives • Participant: Priority to Broker Dealers, Clearing Houses (CCP), Clearing Agents, Settlement Agents, Global Custodians, Sub-Custodians and [I]CSD’s • Market Sector: Priority to all post trade processes including Asset Servicing/Custody on the sell side together with Clearing & Settlement plus Asset Servicing/Custody on the Buy side
Review of 19/07 minutes‘Protocol scope’ - Short Term - Long Term Institutional (buy) Side Street (sell) Side Trade Date Order IMI B/D B/D Trade Space 1 Pre-trade / Trade Exchange IMI: Investment Manager B/D: Broker Dealer VMU: Virtual Matching Utility GC: Global Cust SC: Sub-Cust SA: Settlement Agent (Clearer) CCP: Central Counterparty ICSD: (Int‘l) Central Securities Depository 1 VMU / ETCP CCP Space 2 Post Trade / Pre-Settlement Trade Date + X 2 GC SC SA SA Space 3 Clearing & Settlement (I)CSD 3 Non Trade Related Activity Space 4 – Asset Servicing
Review of 19/07 minutes ‘Protocol framework’ • The proposed 9 element framework correctly frames a potential communication protocol
Review of 19/07 minutesElement 7: Network Standards • The minimum acceptable network standard is the implementation of IP for communication and routing
Review of 19/07 minutesElement 8: Network Security • Security, at either the network or the messaging layer, must be set at a level that satisfies business & regulatory requirements
Review of 19/07 minutesElement 9: Network Service • Service must satisfy business & regulatory requirements for performance, resilience and network management
Review of 19/07 minutesAccreditation of comms service providers • Specific accreditation is not required as market forces will provide natural accreditation
Agenda • Review of 19th July minutes • Protocol ‘shelf-life’ • Focus on the Interface Layer • Standards • Security • Service • Mandatory outsourcing of: • Dispute resolution support service • Commodity services • Any other business
Protocol ‘shelf-life’:The problem • «the future protocol should include the possibility to be extended to include other mechanisms in line with future technology evolution and to transmit newly defined data standards when the business requires to»
Protocol ‘shelf-life’:Why is it a problem? • Business decision & implementation cycle = Y months • Technology development cycle = X months vs X=Y • Result: New technologies & standards appear with random frequency & in the absence of market guidelines, participants adopt varying technologies according to internal business cycles
Protocol ‘shelf-life’:To resolve this issue? • Establish a protocol with a fixed content & pre-set ‘shelf-life’ • Fixing content & shelf-life may preclude the use of the latest technology but for all participants, it will: • Provide a fixed technology target • Allow a realistic timeframe for implementation • Provide a reasonable period for amortisation of development costs - take-up incentive based on knowing development cost is not wasted
Protocol ‘shelf-life’:Potential problems? • Is a protocol with a pre-set ‘shelf-life’ or renewal cycle desirable? • If yes, do we accept that this may mean not using the latest technology? • If yes, what should the protocol renewal cycle be and who should renew it? • If no, what is the alternative?
Protocol ‘shelf-life’:Proposed Ratification • From the time of initial recommendation, the anticipated lifespan of the content of the protocol will be X years. This will provide: • Provide a fixed protocol content target • Allow a realistic timeframe for implementation • Provide a reasonable period for amortisation of development costs • The lifecycle should comprise o 2 distinct elements; • X1 = Implementation period • X2 = Amortisation period • The content of the protocol should be reviewed on a X year cycle • This review should be conducted by XXXXXX
Agenda • Review of 19th July minutes • Protocol ‘shelf-life’ • Focus on the Interface Layer • Standards • Security • Service • Mandatory outsourcing of: • Dispute resolution support service • Commodity services • Any other business
Focus on the Messaging/Interface Layer • Clarifications • Standards • Security • Service
Focus on the Messaging/Interface LayerClarifications: • Provision of service elements • The service elements and service levels referred to in the consultation document relate to the provider of communications services, not the user of those services • Needs vs Solutions • Concerns raised at the confusion of needs vs solutions, e.g. • Need = authentication and data integrity • Solution = PKI
Focus on the Messaging/Interface LayerElement 4: Standards - Consultation content An interface must offer: • Message transfer service • File transfer service • Operator based service
Focus on the Messaging/Interface LayerElement 4: Standards - Consultation responses • Q4.2 generic responses • 51 responses in total Agree • 15 EU FI 13 – 87% • 11 FI EU rep orgs 8 – 73% • 7 EU C&S Infrastructures 5 – 71% • Total (inc above) 34 – 67%
Focus on the Messaging/Interface LayerElement 4: Standards - Consultation responses • Additional points raised • CSFB/SCFS: File & GUI mechanisms should be optional • Deutsche Bank/Euroclear: Selection of appropriate mechanism to be agreed bilaterally
Focus on the Messaging/Interface LayerElement 4: Standards – Proposed ratification A Giovannini compliant interface must offer: • Message transfer services • File transfer services • Operator based services • The selection of the service appropriate to a specific communication is agreed bilaterally between participants
Focus on the Messaging/Interface LayerElement 5: Security - Consultation content Minimum security needs: • Authentication of source • Data integrity & confidentiality • Non-repudiation • Time stamping PKI
Focus on the Messaging/Interface LayerElement 5 Security - Consultation responses • Q4.2 generic responses • 51 responses in total Agree • 15 EU FI 13 – 87% • 11 FI EU rep orgs 8 – 73% • 7 EU C&S Infrastructures 5 – 71% • Total (inc above) 34 – 67%
Focus on the Messaging/Interface LayerElement 5: Security - Consultation responses • Q4.10 specific security responses • ‘Is the minimum security level defined at the messaging layer appropriate to all communication?
Focus on the Messaging/Interface LayerElement 5: Security - Consultation responses • Q4.10(a) Generic information, e.g. end of day pricing’ • 45 responses in total Agree • 13 EU FI 7 – 54% • 10 FI EU rep orgs 5 – 50% • 8 EU C&S Infrastructures 3 – 38% • Total (inc above) 21 – 47% • Explicitly disagree 9 – 20%
Focus on the Messaging/Interface LayerElement 5: Security - Consultation responses • Q4.10(b) Binding information, e.g. statements, status reports etc’ • 45 responses in total Agree • 13 EU FI 9 – 69% • 10 FI EU rep orgs 7 – 70% • 8 EU C&S Infrastructures 4 – 50% • Total (inc above) 28 – 62% • Explicitly disagree 2 – 4%
Focus on the Messaging/Interface LayerElement 5: Security - Consultation responses • Q4.10(c) Business critical information, e.g. instructions & confirms’ • 45 responses in total Agree • 13 EU FI 9 – 69% • 10 FI EU rep orgs 8 – 80% • 8 EU C&S Infrastructures 4 – 50% • Total (inc above) 28 – 62% • Explicitly disagree 2 – 4%
Focus on the Messaging/Interface LayerElement 5: Security - Consultation responses • Additional points raised answering Q4.10: • Security levels/non-repudiation should be determined by activity type: AFTI, Citigroup, ECSA, SEB • Is PKI the right answer? AFTI, ECSA, Euroclear • Confusion between needs and solutions: Au/NZ NMPG, Euroclear • Network provider must not be CA : AFTI • Security & Service should be combined: Deutsche • Bilateral & centralised security arrangements can co-exist: Euroclear
Focus on the Messaging/Interface LayerElement 5: Security – Questions to answer GenericBindingCritical Authentication Data integrity & confidentiality Non-repudiation Time stamping
Focus on the Messaging/Interface LayerElement 5: Security – Questions to answer • Are the minimum security needs correctly defined? • Authentication of source • Data integrity & confidentiality • Non-repudiation • Time stamping • What are the correct definitions of the key types of communication? • Generic, non binding: pricing } BusinessConfidential? • Binding: statements, status, entitlements } Business • Business Critical: instructions, confirmations} Critical?
Focus on the Messaging/Interface LayerElement 5: Security – Questions to answer • How do you balance need vs cost? • Total trading, clearing and settlement cost to investor : AFTI 11/02 AFTI 11/02 2005 2005 Domestic X-border Tower Tower EuropeEurope Dom X-B Broker technical 6-15 6-15 Custodian internal 6-12.5 6-12.5 Custodian xs internal 0 9-18 Custodian external*1-2.510 0.4-0.8 0.6-35 Total 13-30 31-55.5 Total message cost (inc security) 1.50-2.00 depending on matching, using local agents etc * Local custodian plus local CSD All costs in EUR, 30,000 Eur trade
Focus on the Messaging/Interface LayerElement 5: Security – Questions to answer Business Confidential Business Critical GenericBindingCritical Authentication Data integrity & confidentiality Non-repudiation Time stamping
Focus on the Messaging/Interface LayerElement 5: Security – Questions to answer • Is PKI the correct security mechanism? • How should the PKI service be offered? • FI specific • MI specific • Comms Provider specific • Market level single PKI scheme • Interoperable PKI • PKI strength (key length, RA checks etc): • What is the appropriate minimum level • How will service providers prove this? Accreditation? • Technical definition team?
Focus on the Messaging/Interface LayerElement 5: Security – Proposed ratification • A Giovannini compliant service must offer: • Authentication/data integrity (PKI) with liability • Non-repudiation with liability • Time stamping • RA must implement KYC standards for Certificate issuance • Market best practice minimum PKI strength • These features are considered mandatory for the following types of communication: • Business critical (Changing ownership, moving value): …….. • Business confidential (Entitlements, status reports, statements): ……….. • Other: ..........
Focus on the Messaging/Interface LayerElement 6: Service - Consultation content • Services and Service Levels • The minimum mandatory services that a messaging/interface layer must offer are: • Message/file audit • Message/file guaranteed delivery • Message/file delivery once and only once
Focus on the Messaging/Interface LayerElement 6: Services - Consultation content • Optional services that a messaging/interface layer can offer are: • Message/file archival & retrieval • Message/file store and forward • Message/file validation • Message/file analysis • Message/file delivery control • SLA’s for provisioning, implementation etc • Testing facilities • Interface adapters
Focus on the Messaging/Interface LayerElement 6: Services - Consultation responses • 51 responses in total Agree • 15 EU FI 13 – 87% • 11 FI EU rep orgs 8 – 73% • 7 EU C&S Infrastructures 5 – 71% • Total (inc above) 34 – 67%
Focus on the Messaging/Interface LayerElement 6: Services - Consultation responses • Additional points raised: • AFTI: • Optional delivery notification: AFTI • Euroclear: • Messaging layer must use multiple networks • NCSD: • Mandating service levels is not required as different users have different needs • OMX: • Put confirmation of receipt requirement on receiver • SEB: • Baseline set too high
Focus on the Messaging/Interface LayerElement 6: Services - Consultation responses • Additional mandatory features recommended: • Mandatory archive (period?) & retrieval: AT NMPG, Bank of Valetta, Merrill Lynch, Omgeo, ZA NMPG • Mandatory testing facility: ABN, AFTI, CH NMPG, CSFB, UBS, ZA NMPG • Mandatory replay : AT NMPG, BVI, ZA NMPG • Mandatory store & forward : AT NMPG, BVI, ZA NMPG • Mandatory validation : AT NMPG, AU/NZ NMPG • Mandatory delivery control: AT NMPG • Mandatory message cancellation: ECSA • Mandatory resend: ABN
Focus on the Messaging/Interface LayerElement 6: Services - Consultation responses • Q4.9 Should providers of messaging & network functionality police the quality of traffic against standards? • If yes, should they be empowered to stop traffic that does not conform or merely report on non-conformance • Clarification: Validation of format/standards, not business content • 51 responses in total Agree • 14 EU FI 12 – 86% • 12 FI EU rep orgs 8 – 67% • 9 EU C&S Infrastructures 7 – 78% • Total (inc above) 37 – 73%
Focus on the Messaging/Interface LayerElement 6: Services - Consultation responses • BUT • 51 responses in total Agree • Optional 13 – 25% • Report only 10 – 20% • Stop traffic 8 – 16% • Explicitly disagree 12 – 24%
Focus on the Messaging/Interface LayerElement 6: Services – Proposed ratification A Giovannini compliant service must offer: • Message/file audit, (inc. archival & retrieval?) • Message/file guaranteed delivery • Message/file delivery once and only once • All other services remain optional value added services provided at the discretion of the Service Provider
Focus on the Messaging/Interface LayerElement 6: Service Level - Consultation responses • Q4.3 Should a minimum set of performance standards be quantified for each service element? • 49 responses in total Agree • 15 EU FI 14 – 93% • 11 FI EU rep orgs 7 – 64% • 9 EU C&S Infrastructures 8 – 89% • Total (inc above) 39 – 80% • Explicitly disagree 7 – 14%
Focus on the Messaging/Interface LayerElement 6: Service Level - Consultation responses Most common service levels noted in the consultation: • 24x7 Agree • EU FI 6 – 40% • FI EU rep orgs 3 – 27% • EU C&S Infrastructures 2 – 22% • Total (inc above) 15 – 31% • 99.999% availability - continuity Agree • EU FI 5 – 33% • FI EU rep orgs 2 – 18% • EU C&S Infrastructures 2 – 22% • Total (inc above) 11 – 22%
Focus on the Messaging/Interface LayerElement 6: Service Level – Proposed ratification • From Network Layer, Element 9: Service must satisfy business & regulatory requirements for performance, resilience and network management • Is this enough? • Will it make a difference? • Do we need to revisit the Network Layer?