Rachel Tyler, DTCC Executive Director, Business Resiliency
Resilience has garnered a lot of attention of late—it’s in the news and a standing topic at industry forums. It’s even been used in advertisements for cars, internet providers and at sports press conferences.
Although it may seem to be an issue that is just gaining attention, DTCC has long considered resilience an integral part of its strategy.
But what does it mean to be resilient? The term resilient is often used to describe people’s reaction to change or their ability to respond to adversity. At DTCC, resilience means the capabilities we have in place to plan for, and react to, an unexpected impact to our services. We’ve been evaluating impacts to our businesses for some time through several lenses including business continuity planning, third-party risk management and technology risk management. Resilience, however, adds an element of integration of these control areas with an increased responsibility on businesses to help evaluate what is important and what needs additional focus.
In 2003, the Federal Reserve Board, Securities and Exchange Commission, and Office of the Comptroller of the Currency jointly issued an interagency paper on Sound Practices to Strength the Resilience of the U.S. Financial System. The paper largely jump-started the conversation about how the financial services industry would maintain appropriate back-up sites and data centers for the recovery and resumption of clearance and settlement activities. Firms reacted to the paper with planning for impacts to the people, process and technology needed to withstand a physical event; for example, a hurricane which would impede an organization’s ability to access an office location.
Fast forward to today where cyberthreats are a greater concern than physical attacks. Potential impacts of cyber events include the deletion or alteration of data in such a way that businesses cannot operate.
In our new brochure, DTCC Resiliency Planning, we outline DTC’s approach to recovering from cyber event scenarios which impacts data in a significant way. Although we hope to never have to implement such a protocol, this type of dialogue is critical to ensure that DTCC provides the world’s most resilient, secure, and efficient post-trade infrastructure for our clients.