DTCC Operational Resilience | DTCC
Skip to main content

Operational Resilience at DTCC

SINCE DTCC’S FOUNDING 50 YEARS AGO, RESILIENCE HAS BEEN AT THE HEART OF OUR VALUE PROPOSITION. IT IS EMBEDDED IN OUR SERVICES; IT IS A CENTRAL COMPONENT OF OUR CULTURE, AND IT IS AMONG OUR MOST IMPORTANT PRIORITIES. RESILIENCE IS A JOURNEY AND AS WE PARTNER WITH THE INDUSTRY OUR RESILIENCE CAPABILITIES WILL EVOLVE. THIS WEBSITE OUTLINES DTCC'S CURRENT PROTOCOLS AND PRACTICES DESIGNED TO MITIGATE RISK AND SECURE THE CAPITAL MARKETS.

Operational resilience is generally defined as the ability to prevent, withstand and quickly recover from disruptive events to continue providing critical business services.

Ensuring operational resilience is a common answer to “What keeps you up at night?” for many financial organizations globally. DTCC is focused on ensuring operational resilience and is helping drive industry-wide efforts to keep financial systems running in the face of disruptions, such as pandemics, natural disasters, cyber-attacks or technology failures. This is a key strategic enabler that is consistent with our mission to deliver the world’s most resilient and secure post-trade infrastructure for our clients.

LATEST UPDATES

Resilience Strategy

As a result of accelerating international regulatory expectations, financial institutions like DTCC are reassessing their approach to operational resilience. As the nature of risk continues to evolve, DTCC reviews and – as needed – refines its approach to resilience to ensure a robust program is in place to support business needs and plan for potential incidents.

To support our strategy, teams across the three lines of defense partner to deliver the capabilities outlined, including representatives from Business Resilience, Business Continuity and Resilience, and Information Technology. These teams are supported by other second and third line functions to enable internal controls, regulatory compliance, and ongoing oversight and testing of our processes and capabilities.

Strengthening Our Current Resiliency Capabilities

  • Rapid but safe recovery from various types of disruptions
  • Client tools for business resumption
  • Increased client communication for disruptions
  • Enhanced testing for disruption scenarios
  • Integration of financial authority obligations for operational resilience
Close

Progress Toward a Modern Resilient Architecture

  • Reduce impact of disruptions through loosely coupled applications
  • Minimize reliance on infrastructure for resiliency
  • Facilitate business functions to run in any processing region independently
  • Enable capability for core clearing and settlement to run in the public cloud
  • Evaluate data center location
Close

Strategic Components

There are several components that enable effective preparation for prompt recovery across DTCC. These opportunities increase resilience, decrease risk for the firm and elevate the client experience.

 

Resilience Governance


Definition

Overarching structure to provide direction and transparency of the desired outcomes.

How We Evaluate It

Total work output by the organization over a specified period of time with frequent updates to committees in alignment with our corporate objectives.

X

 

Response Planning


Definition

Multifunctional approach that incorporates business drivers into technology solutions, with a defined criterion for the identification of the firm’s critical services, their interconnections, interdependencies, and risk tolerance thresholds.

How We Evaluate It

Consolidated inventory of scenarios taking into account the threat landscape.

X

 

Test Resilience Capabilities


Definition

Comprehensive set of metrics that are tracked on an ongoing basis to monitor and assess business outcomes.

How We Evaluate It

Tested through regularly scheduled exercises such as the Loss of Region, Reg SCI, and the Ad-Hoc Capabilities testing.

X

 

Actively Monitor Resilience


Definition

Maintain active engagements with the industry, supervisors, and standard setting bodies to identify and promote best practices for operational resilience.

How We Evaluate It

Assessed test results of regularly occurring exercises provide insight into our resilience performance.

X

 

Ensure Resilient Technology


Definition

Improve resiliency posture by implementing our resiliency principles across key categories: Design Resilient Architecture, Regional Availability, Out-of-Region Recovery and Resilience Success.

How We Evaluate It

A resiliency mindset has been established as it is built into the Software Development Lifecycle process. Technology’s continuous improvement effort also ensures that our resiliency capabilities evolve as new technologies become available.

X

Resilience Framework

Leveraging existing modernization efforts across DTCC will increase the opportunity to adopt new solutions to strengthen resilience, therefore enhancing client experience and decreasing risk for the organization. Our operational resilience framework includes:

  • An enterprise-wide definition and application of operational resilience
  • Oversight and escalation protocols
  • Holistic, enterprise-wide business resilience metrics and reporting

Continuity of Services

Through its various exercises DTCC continues to identify technical and operational tools for certain impactful events with testing standards, as well as areas of opportunity whereby enhancements could strengthen its resilience. These tools are accompanied by a decision framework outlining trigger points, compatibility, and timing of when the capabilities may be leveraged. Firms will benefit from creating and identifying such capabilities that may be invoked in response to rare events, with specific exercise criteria to ensure their validity.

An example of these tools is DTC's Settlement Rollover capability.

Settlement Rollover Client Considerations

What is Settlement Rollover?

In the event DTC cannot complete end-of-day funds settlement prior to the close of the Fed’s Funds transfer service, the Settlement Rollover process would be enacted. Settlement Rollover allows DTC to carry current day settlement balances to the next business day.

What is the impact to clients?

As DTC will not be running EOD DTC/NSCC settlement on the day of the outage, client's will be unable to process their settlement obligations and receive any expected funds from their settling bank. DTC will net clients' unsettled Day 1 balances in the following day's DTC/NSCC net settlement. ​

What action(s) will clients need to take in the event of a Settlement Rollover?

Clients will need to monitor their settlement balances in light of DTC not processing DTC/NSCC EOD settlement.

What are the implications to client liquidity?

Access Day 1 Funds on Day 2 – To assist with liquidity for its clients, DTC will allow clients to withdraw Settlement Progress Payments (SPPs) and Principal and Interest (P&I) money in the event of a Settlement Rollover. This process aligns with the standard protocols as outlined in the DTC Settlement Service Guide. Any unwithdrawn funds will be included in the client’s Day 2 DTC/NSCC Consolidated Net Settlement.

Unfunded Money Market Instruments (MMI) Decisions – With respect to Issue Paying Agents (IPAs), the normal funding decision procedures will be followed even if a Settlement Rollover is enacted before any MMI funding decisions are processed. DTC will perform a refusal to pay and, before the maturing obligations are restored, DTC will inform the IPAs that the obligations will be restored. If an IPA provides approval to restore, DTC will restore MMI decisions by the 5pm cutoff on Day 1. If an IPA does not provide approval to restore, the refusal to pay will not be restored.

Collateral Adjustments – At the end of business Day 1, DTC will perform collateral adjustments to recalculate the collateral value of positions based on new haircut and/or prices for Day 2. These adjustments ensure proper risk controls are in place.

Financial Stability Board (FSB) Questionnaire

The following documents contain the responses of The Depository Trust Company (DTC), National Securities Clearing Corporation (NSCC), and The Fixed Income Clearing Corporation (FICC), (collectively the DTCC Clearing Agencies), to the questionnaire published by the FSB. The questionnaire is entitled, FSB Continuity of Access to FMIs for Firms in Resolution, and is intended to streamline the collection of information to support resolution planning. The responses provided by the DTCC Clearing Agencies are intended to assist members and resolution authorities in their resolution planning. Please note that members of multiple DTCC Clearing Agencies should refer to the questionnaire for each applicable clearing agency, as responses may differ based upon the services provided and rules and procedures covering the clearing agency.

SUBJECT DESCRIPTION SUBSIDIARY DATE
  Continuity of Access to DTC DTC’s Responses to FSB Questionnaire
on the Continuity of Access to FMIs for Firms in Resolution		 DTC March 1, 2023
  Continuity of Access to FICC FICC’s Responses to FSB Questionnaire
on the Continuity of Access to FMIs for Firms in Resolution		 FICC March 1, 2023
  Continuity of Access to NSCC NSCC’s Responses to FSB Questionnaire
on the Continuity of Access to FMIs for Firms in Resolution		 NSCC March 10, 2023

Incident Management & Crisis Response

When an unexpected service disruption or degradation occurs, impacting clients’ ability to perform normal operations, DTCC works to restore service as quickly as possible.

Throughout the process, DTCC provides updates to clients and the industry when:

  • A potential or confirmed service disruption is identified
  • We identify and investigate a potential issue
  • There is a change in status or other incident details

Communicate early and often throughout the incident lifecycle to clients and internal stakeholders

  • Communicate promptly when a potential or confirmed service disruption is identified.

  • If the impact is unknown at the start of an incident, provide an early warning to clients by notifying them that "we are investigating a potential issue."

  • Provide updates every 30 minutes, or sooner if there is a change of status or other incident details.

Utilize multiple channels, including email and MyDTCC System Availability Dashboard

  • Clients must subscribe to "Availability and Incident" Notifications to receive incident communications.

  • Subscriptions are managed in the "Manage Preferences" section in the MyDTCC portal.

  • Instructions on how to subscribe to notifications can be found in MyDTCC Features Guide in the DTCC Learning Center.

Communicate with the industry, as appropriate

  • For high severity technology incidents, further communications will be determined by the executive team based on impact.

Client FAQs

How does the firm test its systems resilience?

A: DTCC's Business Continuity Program oversees operational and technical walkthroughs, tabletops, and simulations, including Disaster Recovery exercises, Work Area Recovery exercises, loss of critical or key third-party service provider exercises, and crisis management tabletops.

What is the firm’s approach to cyber response planning?

A: The firm has worked to assess and enhance its ability to respond and recover from a wide range of events, including those with a large impact on the integrity and availability of data. This approach is built on scenario impact, timely and appropriate communication, as well as a rapid and safe recovery.

What tools does DTCC have in place to ensure continuity of its critical services?

A: Resiliency is first and foremost for DTCC in respect to ensuring business continuity for its critical processes. These tools include automated system health alerting and monitoring, recovery playbooks, cross regional system rotation and failover and fallback capabilities. In the event that a critical process were not able to be resolved in a timely fashion, DTCC has a suite of ad hoc functional capabilities designed to direct the firm and clients to the most optimal outcome, such as Response Capabilities.

How does DTCC plan to restore its business data in the event it was either corrupted or destroyed across multiple regions?

A: In the event of an incident with a large-scale data impact, the firm has developed capabilities to resume services in an efficient and secure manner by restoring business data to an earlier point-in-time. The firm along with client input determined the industry would be best served by reverting to a defined point in time within the same business day, where the data is known to be accurate.

Do clients and other external parties have a role to play in DTCC’s response and recovery from an incident with a large-scale data impact?

A: Such an event could create significant business impacts, including the possibility of discrepancies with clients’ books and records due to corruption or destruction of data. In such scenarios, help from clients will be needed in order to reconcile books and records as well as validate and replay data. In order to prepare for these types of events, DTCC has defined external tools to allow clients to help with this reconciliation and is detailed in DTCC's Disaster Recovery Guide.

Given DTCC’s unique position in the industry, what key assumption(s) has the firm defined in its resumption of service following an impactful event?

A: DTCC’s primary goal is to minimize impact to members in the event of an outage, and with that in mind, the firm established that once settlement has occurred and the day is complete, the position record for that business day is considered final. In order to allow the industry to continue to operate, the firm established a “fall forward” procedure, where any prior settlement day’s activity remains unchanged, and errors would be corrected through adjustments in future settlement cycles.

Why does DTCC have a Disconnect and Reconnect rule?

A: DTCC’s Disconnect and Reconnect rule is designed to protect DTC, NSCC, and FICC, three Systemically Important Financial Market Utilities (SIFMUs) and, more broadly, the financial services ecosystem from the risks posed by cyber threats. In our interconnected environment, a cybersecurity incident at one firm can quickly impact others. This rule lets us act quickly to contain threats, keeping both DTCC systems and our clients safe.

What triggers a potential disconnect?

A: We may disconnect a firm's access to our services when we have concerns that a client or third party have been impacted by a cybersecurity threat that may pose risk to our SIMFUs’ infrastructure or other clients. For instance, if a firm is experiencing an active cyberattack or has suffered a security breach without knowing its full impact. These measures are not meant to be punitive; rather, they are designed to protect the SIMFUs, their members, and the securities industry from broader risks such as a compromise of sensitive information, invalid trades, inaccurate reconciliations, etc. It is recognized that many organizations have made significant investments in compensating controls and monitoring capabilities. These may be considered in assessing the scenario and recommended decisions.

What should firms do if they detect a security incident?

A: If a firm detects a security incident, immediate action and proactive communication with DTCC is vital. Begin by containing the incident, then notify us as soon as possible. Firms are required to report a security incident to DTCC immediately, but in any case, no longer than 2 hours from the discovery of the event. Next, assess the scope and potential impact the incident might have on your connectivity to our systems and data integrity and thoroughly document your response and remediation efforts. During the notification process, be prepared to share all relevant details so we can quickly assess what’s happening and respond effectively. Throughout the process, coordinate closely with DTCC on any protective measures that need to be taken. Being transparent about security incidents and providing timely updates helps us work together to safeguard the entire ecosystem and may even prevent the need for disconnection.

What is the preferred method to report a cyber event or outage to DTCC?

A: You can report a cyber event or outage to DTCC through several channels: the Cyber Event Hotline: +1 (212) 855-1086, or via MyDTCC Portal submissions (portal.dtcc.com).

How does disconnection help protect the industry?

A: There are several reasons DTCC may or may not choose to disconnect from an impacted firm. Disconnection serves as a tool to help protect the industry from cyber threats, acting much like a circuit breaker. It doesn’t always require the complete severing of all connections; instead, it allows for selective isolation based on risk levels. By disconnecting only those links that may pose the highest risk, a impacted firm can be effectively contained without disrupting all operations. This approach helps prevent the spread of security threats, safeguards sensitive market information, and maintains the stability of vital clearing and settlement functions. By containing issues before they escalate, disconnection reinforces the overall safety and resilience of the financial services network and the broader market.

What are the steps DTCC takes to evaluate an impacted entity?

A: Here’s what happens:

  • Notice, Investigate and Assess: DTCC learns of a major system event and initiates its incident management processes.
  • Evaluate Risk: DTCC gathers information and develops an impact analysis.
  • Decide and Authorize: If a decision is made to disconnect an impacted firm, the DTCC Executive Committee can authorize it with approval from at least two voting members. If sufficient and robust information from the client is not provided, and DTCC is unable to make an informed decision regarding the risk, DTCC may proceed with disconnecting the impacted firm based on the lack of necessary information.
  • Entity Notification and Isolation: DTCC sends a notice to the impacted firm and access to SIMFU services is suspended immediately to contain any threat.

What is required to reconnect to DTCC services?

A: The impacted firm has restored affected networks to a known trusted state that is appropriately protected and can demonstrate the integrity of remediated systems, data, and other components as required. The impacted firm should provide detailed testing information to validate integrity at every stage of the process. DTCC would expect that a third-party assessment is completed to verify at a minimum:

  • Industry best practice protections are deployed, tested and in place to minimise a recurrence of the compromise.
  • Patching is updated across systems to minimize chance of reoccurrence.
  • Implement additional cybersecurity controls where appropriate.
  • Enable enhanced monitoring to detect whether the issue might occur elsewhere in the network.

Prior to recommending a reconnection, the impacted firm must first confirm in writing that any immediate threats have been fully contained and eliminated. The attestion should state that the impacted firm is, to the best of their knowledge, ready to resume normal operations. The attestation should include that assurance and integrity tests have been performed on the services, applications, systems, back-up systems and network to validate and certify all systems as operational and functioning normally. If applicable, the impacted firm should include information on any issues the firm has not completely recovered from as well as an outline of lessons learned and planned enhancements made to prevent similar incidents in the future. We also expect a commitment to ongoing monitoring and compliance moving forward in the attestation.

Once a recommendation is made to reconnect a firm and DTCC’s Executive Committee approves, DTCC and the firm will work together to begin reconnection, send test messages or transactions to ensure everything is working properly, then begin restoration of connections and services.

How can my firm avoid being disconnected?

A: Prevention starts with strong cyber hygiene: maintain robust endpoint and network protection; keep systems patched and up to date; and conduct regular security assessments and penetration tests. Monitor for anomalies, develop and test incident response plans, train staff on cybersecurity, use multi-factor authentication and access controls and have secure backup and recovery capabilities. Respond promptly to our security advisories, report incidents immediately, participate in industry-wide security initiatives and, above all, stay vigilant and prioritize cybersecurity.

If my firm is impacted, what information does DTCC need immediately?

A: We’ll ask for:

  • Legal Entity Name information for all affected entities and affiliates.
  • Details on business impact, including size, market implications, outstanding positions, liquidity, counterparties and DTCC services used.
  • Infrastructure impact, including network connection points, DTCC portal access and types of data exchanged.
  • Major System Event details, including type and scale of issue, when it was identified and actions already taken.
  • Contact Information, so we can remain in contact in the event there’s a loss of phone or email in your environment.

How does DTCC work with my firm’s CISO during a cyber incident?

A: DTCC’s CISO (or their delegate) will communicate directly with your CISO to fully understand the incident’s scope and containment status. This technical discussion helps DTCC assess the current risk and informs the recommendation for any necessary disconnection.

If my firm is disconnected, can DTCC assist in helping to process outstanding transactions?

A: Following a disconnect decision, DTCC will look to minimize the impact to the broader industry by working with the impacted firm on any outstanding transactions or obligations. Prior to processing any transactions on behalf of the impacted firm, DTCC will require an indemnification letter signed by the firm’s senior leadership. This document acknowledges the situation and authorizes our support teams to proceed, ensuring clarity and alignment for all parties.

Who should my firm contact with questions about DTCC’s Disconnect and Reconnect policies?

A: If you have any questions, please reach out to your DTCC relationship manager or the DTCC Client Services team.

Resources

Recovery and Resolution Planning Video

This pre-recorded session was led by members of DTCC’s Recovery and Resolution Planning (R&R) team and will provide clients and other external stakeholders with insights into the following topics: Continuity of Access to DTCC Firms in Resolution as well as an overview of the DTCC SIFMU Recovery and Wind-Down Plans. At the conclusion, a panel of representatives from DTCC’s Risk, Treasury, and Legal departments join the R&R Team to address some of the most frequently asked questions concerning these topics.

back to top
dtccdotcom