Operational resilience and risk management in APAC: a changing landscape

Operational resilience has become increasingly important for Asia-Pacific (APAC) financial markets in the past few years, with regulators following in on their global counterparts’ footsteps to ramp up the pressure on all financial players.

Different levels of economic development across the region, paired with cybersecurity challenges, social and political instability and the COVID-19 pandemic have shed light on the need to reinforce operational resilience and risk management practices around the region and mitigate the impact of these threats in the financial sector.

Here are some key changes happening in the APAC region’s regulatory landscape:
 

Australia: ASIC taking the wheel

Following several incidents that impacted the ASX equity market in 2020, including a market outage, the Australian Securities & Investments Commission (ASIC) has released a detailed report in November 2021 outlining a new set of expectations to support a more robust approach to resilience in the Australian equity market.

These expectations apply to all market operators, market participants and large institution investors.

For market operators, the report lays out the need to develop automated systems and processes to monitor for market data issues and identify any trading anomalies in real time, the need for comprehensive testing strategies that include regression testing as well as simulation testing to map out scenarios of disruption, including market outages, and ensure their business continuity plans are comprehensive enough to prevent and respond. Under the report’s recommendations, market operators will also be expected to have recovery strategies in place for critical business systems, in addition to standard business continuity tests.

Market participants, on the other hand, will be required to make sure their clients have access to alternative markets in case of disruption or outage, as well as map and remove any dependencies that their trading and order systems have on a single market, proving their ability to route orders to alternative markets, if needed. They will also be expected to put business continuity plans in place, test for disruptive scenarios and ensure their systems can react and recover with minimum client detriment.

When outlining their expectations for large institutional investors, the ASIC stated it expects them to review trading arrangements with their executing brokers to ensure transparency on trade dependencies and available trade types in case of a market outage. They’ll also be expected to be aware of market operators’ incident management protocols.

After publishing the report, ASIC proceeded to notify several market operators and market participants requesting them to develop a response and have stated they plan to monitor their progress throughout 2022 to ensure adequate steps are being taken.

ASIC has also made changes to the set of market integrity rules that apply to certain market operators and participants, operating in securities markets, futures markets and capital markets, to push for a unified approach to operational resilience, risk management and reliability.

Much like what we’ve been seeing in other regions of the world, such as the UK and the EU,  the main financial authorities in the APAC region are becoming increasingly aware of the need for comprehensive and unified action to step up operational resilience and operational risk management practices in the region, as external disruption and technological complexity continue to challenge financial firms on a global scale.

Read our whitepaper to learn more about how the financial services regulatory landscape is changing in other APAC countries and around the world.