Even with prep, did Wall Street's business continuity plans fail?
IDC report slams regulators and stock exchanges
Computerworld - Hurricane Sandy exposed a decided lack of contingency planning on Wall Street, according to a report by a research firm.
With the Northeast still experiencing the effects of widespread storm damage, the business continuity plans of stock exchanges and financial services companies will continue to be put to the test in the days to come, IDC Financial Insights stated in a report released Tuesday.
Megastorms like Sandy, which may become more common in the future, are good reminders of the need to double-down on business continuity planning, the report said.
"Not only has Sandy exposed the susceptibility of the contingency plans devised by major market players (exposing a lack of foresight concerning the potential impact of a hurricane that can simultaneously hit the [New York-Connecticut-New Jersey] area), but it has also given insight into [financial market regulators'] apparent inability to monitor electronic markets," IDC stated.
For the first time since the Sept. 11, 2001, terrorist attacks, the New York Stock Exchange voluntarily shut down for two straight days, opening again on Wednesday. As of Friday of last week, the exchange had planned to remain open throughout the storm.
IDC Financial Insights faulted the U.S. Securities and Exchange Commission and the Financial Industry Regulatory Authority, saying the industry watchdogs were "all too happy for stock markets to shut down completely," making it clear that the regulators had little confidence in their ability to police an entirely electronic market.
According to IDC Financial Insights, "there is little evidence to suggest that business continuity plans across Wall Street have so far stood up to such [difficult] conditions."
For the past three years, the NYSE Euronext stock exchange has had a contingency plan -- known as "Print as N" -- which in the event of a disaster allows it to remain open as an electronic-only operation using its Archipelago (Arca) Exchange communications network. However, the NYSE changed those plans after talking to regulators and investment firms.
The exchange chose to shut down out of concerns about fairness -- it wasn't sure all traders would be able connect to the Arca network, according to an NYSE spokesman, who added that officials were also concerned about customer safety.
The NYSE's "Print as N" plan calls for using Arca as the primary market, filtering NYSE trades through it using the letter 'N' to designate NYSE transactions.
At no time were any of the NYSE's data centers offline because of the storm, the spokesman said. The exchange could have remained open had it chosen to do so, but it chose the path of common sense instead, the spokesman said.
The SEC could not be reached for comment at deadline.
"The systems were fine -- it was getting people to run the systems that was the issue, which in of itself is also an issue, as they were unwilling to run without human intervention," IDC Financial Insights analyst Marc DeCastro stated in an email response to Computerworld.
However, IDC's report criticized the NYSE's contingency plan, "or as it turns out, the lack of a continuity plan," for such a natural "black swan" event, because the plan called for the stock market to operate "as an electronic-only exchange for the first time in its history."
"Keeping the market open on a purely electronic basis, with the market having never operated this way even under perfect conditions, would only increase the chance of any minor malfunction to a high-frequency trading algorithm, causing potentially great disruption," IDC wrote.
- IT Security - Fighting the Silent Threat "IT Security - Fighting the Silent Threat" is a global report into business attitudes and opinions on IT security. Download the report now...
- Cutting Complexity - Simplifying Security This white paper looks at how the latest IT Systems Management solutions can simplify and automate a vast range of routine IT management...
- Your Data under Siege: Defeating the Enemy of Complexity Even if you have adequate antivirus protection, are there still holes in your IT security armor? Is lack of bandwidth to manage the...
- Build Your IT Security Business Case In this latest whitepaper from Kaspersky Lab, you'll find useful facts, examples and business case arguments to help you get buy-in and commitment...
- Pre-Engineered solutions from VCE Simplify Core Infrastructure Implementation In this video, the CTO of Purdue Pharma, a privately held pharmaceutical company explains how Purdue transformed their data center infrastructure with VCE.
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now All Disaster Recovery White Papers | Webcasts