ASIC on enhancing market cybersecurity adaptability

Share

The Australian Securities and Investments Commission (ASIC) revised its guidance on operational and technological resilience for market participants. This update presents new requirements outlined in Chapters 8A and 8B, communicated through a letter, and elaborated in the ASIC Market Integrity Rules (Securities Markets) 2017 and ASIC Market Integrity Rules (Futures Markets) 2017. 

This initiative aims to strengthen the robustness of financial market infrastructure and ensure that market participants are equipped to handle disruptions. ASIC has revised its guidance to reflect its strategic focus for 2024–25 on enhancing digital and data resilience. ASIC clarifies expectations and processes to strengthen the integrity of Australia’s financial markets and protect against operational failures. This action demonstrates ASIC’s commitment to ensuring strong market functions and efficient regulatory supervision.

Implementing comprehensive cybersecurity measures

  1. Identification of critical business services: Market participants must clearly identify their essential business services as ASIC mandates. Understanding the essential services that support their business operations is key, and they must commit to keeping these services resilient against operational disruptions. The revised instructions emphasise that recognising these services involves a continuous effort, not just a one-time task. Implement necessary modifications to respond to shifts in business activities or external circumstances.
  2. Notification of major events: Participants must promptly inform ASIC about significant events that may affect their operational resilience. The definition of ‘immediately’ now ensures that notifications happen without unnecessary delay, enhancing the regulator’s ability to respond quickly to potential threats.
  3. Revisions to regulatory guides: ASIC updated its Regulatory Guides (RG 265, RG 266, and RG 172) to correct prior inaccuracies and provide clearer guidance on compliance. The revisions correct drafting mistakes that caused misunderstandings about identifying essential business services and clarify the timeline for significant event notifications.
  4. Ongoing consultation and updates: ASIC collaborates with industry participants to enhance and clarify the guidance. This approach includes three parts: first, revise initially; second, share expanded guidance; and third, engage in ongoing consultations to address further questions and requests for clarity.

Enhancing public sector resilience

The Australian Securities and Investments Commission (ASIC) recently expanded its operational resilience guidance, significantly impacting cybersecurity in the public sector. Market participants must identify essential business services and quickly communicate significant events, which have extensive consequences for cybersecurity in the public sector. ASIC’s improved guidance strengthens the operational resilience of financial markets. 

This focus directly supports public sector organisations involved with these markets, as a stronger financial sector reduces the risk of disruptions that could impact public services and infrastructure. Furthermore, timely communication about significant incidents leads to faster response and mitigation strategies. 

This prompt reporting enables swift coordination and intervention, which is essential for safeguarding public sector systems from cascading failures or cyber threats that may arise from market disruptions. The thorough method of identifying and overseeing essential services improves overall cybersecurity efforts. ASIC’s regulations require market participants to record and protect vital services, contributing to the development of more defined procedures for risk management and responses to cyber incidents.

Market integrity focus

ASIC recently expanded operational resilience guidance, emphasising its essential role in upholding market integrity and ensuring economic stability. The governing authority emphasises the importance of strong market operators and participants in maintaining the integrity of Australia’s securities and futures markets, as well as ensuring the efficient operation of the broader economy. ASIC clearly expresses the following view: “Resilient market operators and market participants are essential to the integrity of our securities and futures markets, as well as the efficient functioning of the economy.”

ASIC shows its commitment to strengthening the market’s robustness. ASIC’s new guidance mandates that market participants identify and protect their essential business services. This strategy aligns with ASIC’s overarching goal to strengthen market operations against interruptions, crucial for maintaining market stability and fostering investor trust.