Presentation is loading. Please wait.

Presentation is loading. Please wait.

Slide 1 Independent Advisory Group Giovannini Barrier 1 Meeting 2 August 3rd, 2005.

Similar presentations


Presentation on theme: "Slide 1 Independent Advisory Group Giovannini Barrier 1 Meeting 2 August 3rd, 2005."— Presentation transcript:

1 Slide 1 Independent Advisory Group Giovannini Barrier 1 Meeting 2 August 3rd, 2005

2 IAG_030805_v2.pptSlide 2 Agenda  Review of 19 th July minutes  Protocol ‘shelf-life’  Focus on the Interface Layer –Standards –Security –Service  Mandatory outsourcing of: –Dispute resolution support service –Commodity services  Any other business

3 IAG_030805_v2.pptSlide 3 Agenda  Review of 19 th July minutes  Protocol ‘shelf-life’  Focus on the Interface Layer –Standards –Security –Service  Mandatory outsourcing of: –Dispute resolution support service –Commodity services  Any other business

4 IAG_030805_v2.pptSlide 4 Independent Advisory Group: Membership & Contact

5 IAG_030805_v2.pptSlide 5 Review of 19/07 minutes ‘Protocol, Standard & Syntax’  Protocol: The protocol definition should go further than simply a technical protocol and should be a definition of the best practice business rules that govern the communication procedure between any two counterparties  Standard: A single standard practically relates to the use of a single business model with its associated single data dictionary to enable translation between standards/syntaxes, thereby leveraging current investment in existing standards  Syntax: There are some syntaxes which are also considered to be standards and so at this level, the identification should be syntax/standard, not simply syntax

6 IAG_030805_v2.pptSlide 6 Review of 19/07 minutes ‘Protocol, Standard & Syntax’  End to end STP can be achieved via interoperability of agreed standards (inc. market practices) within a best practice protocol  Interoperability achieved through the adoption of a single data dictionary

7 IAG_030805_v2.pptSlide 7 Review of 19/07 minutes ‘Protocol scope’  Long term: the protocol should apply to all processes, all instruments and all participants  Short term: phasing of implementation of the protocol should be as follows: –Instrument: Priority to Equities, Fixed Income and Exchange Traded Derivatives –Participant: Priority to Broker Dealers, Clearing Houses (CCP), Clearing Agents, Settlement Agents, Global Custodians, Sub-Custodians and [I]CSD’s –Market Sector: Priority to all post trade processes including Asset Servicing/Custody on the sell side together with Clearing & Settlement plus Asset Servicing/Custody on the Buy side

8 IAG_030805_v2.pptSlide 8 Review of 19/07 minutes ‘Protocol scope’ Exchange VMU / ETCP Trade Date Space 1 Pre-trade / Trade Space 3 Clearing & Settlement Order Trade IMI: Investment Manager B/D: Broker Dealer VMU: Virtual Matching Utility GC: Global Cust SC: Sub-Cust SA: Settlement Agent (Clearer) CCP: Central Counterparty ICSD: (Int‘l) Central Securities Depository Institutional (buy) Side Street (sell) Side Space 2 Post Trade / Pre-Settlement Trade Date + X GC SA CCP SA IMIB/D (I)CSD SC B/D Space 4 Space 4 – Asset Servicing Non Trade Related Activity Short Term- Long Term

9 IAG_030805_v2.pptSlide 9 Review of 19/07 minutes ‘Protocol framework’  The proposed 9 element framework correctly frames a potential communication protocol

10 IAG_030805_v2.pptSlide 10 Review of 19/07 minutes Element 7: Network Standards  The minimum acceptable network standard is the implementation of IP for communication and routing

11 IAG_030805_v2.pptSlide 11 Review of 19/07 minutes Element 8: Network Security  Security, at either the network or the messaging layer, must be set at a level that satisfies business & regulatory requirements

12 IAG_030805_v2.pptSlide 12 Review of 19/07 minutes Element 9: Network Service  Service must satisfy business & regulatory requirements for performance, resilience and network management

13 IAG_030805_v2.pptSlide 13 Review of 19/07 minutes Accreditation of comms service providers  Specific accreditation is not required as market forces will provide natural accreditation

14 IAG_030805_v2.pptSlide 14 Agenda  Review of 19 th July minutes  Protocol ‘shelf-life’  Focus on the Interface Layer –Standards –Security –Service  Mandatory outsourcing of: –Dispute resolution support service –Commodity services  Any other business

15 IAG_030805_v2.pptSlide 15 Protocol ‘shelf-life’: The problem  «the future protocol should include the possibility to be extended to include other mechanisms in line with future technology evolution and to transmit newly defined data standards when the business requires to»

16 IAG_030805_v2.pptSlide 16 Protocol ‘shelf-life’: Why is it a problem?  Technology development cycle = X months vs  Business decision & implementation cycle = Y months  Result: New technologies & standards appear with random frequency & in the absence of market guidelines, participants adopt varying technologies according to internal business cycles X=Y

17 IAG_030805_v2.pptSlide 17 Protocol ‘shelf-life’: To resolve this issue?  Establish a protocol with a fixed content & pre-set ‘shelf-life’  Fixing content & shelf-life may preclude the use of the latest technology but for all participants, it will: –Provide a fixed technology target –Allow a realistic timeframe for implementation –Provide a reasonable period for amortisation of development costs - take-up incentive based on knowing development cost is not wasted

18 IAG_030805_v2.pptSlide 18 Protocol ‘shelf-life’: Potential problems?  Is a protocol with a pre-set ‘shelf-life’ or renewal cycle desirable?  If yes, do we accept that this may mean not using the latest technology?  If yes, what should the protocol renewal cycle be and who should renew it?  If no, what is the alternative?

19 IAG_030805_v2.pptSlide 19 Protocol ‘shelf-life’: Proposed Ratification  From the time of initial recommendation, the anticipated lifespan of the content of the protocol will be X years. This will provide: –Provide a fixed protocol content target –Allow a realistic timeframe for implementation –Provide a reasonable period for amortisation of development costs  The lifecycle should comprise o 2 distinct elements; –X1 = Implementation period –X2 = Amortisation period  The content of the protocol should be reviewed on a X year cycle  This review should be conducted by XXXXXX

20 IAG_030805_v2.pptSlide 20 Agenda  Review of 19 th July minutes  Protocol ‘shelf-life’  Focus on the Interface Layer –Standards –Security –Service  Mandatory outsourcing of: –Dispute resolution support service –Commodity services  Any other business

21 IAG_030805_v2.pptSlide 21 Focus on the Messaging/Interface Layer  Clarifications  Standards  Security  Service

22 IAG_030805_v2.pptSlide 22 Focus on the Messaging/Interface Layer Clarifications:  Provision of service elements –The service elements and service levels referred to in the consultation document relate to the provider of communications services, not the user of those services  Needs vs Solutions –Concerns raised at the confusion of needs vs solutions, e.g. –Need = authentication and data integrity –Solution = PKI

23 IAG_030805_v2.pptSlide 23 Focus on the Messaging/Interface Layer Element 4: Standards - Consultation content An interface must offer:  Message transfer service  File transfer service  Operator based service

24 IAG_030805_v2.pptSlide 24 Focus on the Messaging/Interface Layer Element 4: Standards - Consultation responses  Q4.2 generic responses  51 responses in totalAgree –15 EU FI13 – 87% –11 FI EU rep orgs8 – 73% –7 EU C&S Infrastructures5 – 71% –Total (inc above) 34– 67%

25 IAG_030805_v2.pptSlide 25 Focus on the Messaging/Interface Layer Element 4: Standards - Consultation responses  Additional points raised –CSFB/SCFS: File & GUI mechanisms should be optional –Deutsche Bank/Euroclear: Selection of appropriate mechanism to be agreed bilaterally

26 IAG_030805_v2.pptSlide 26 Focus on the Messaging/Interface Layer Element 4: Standards – Proposed ratification A Giovannini compliant interface must offer:  Message transfer services  File transfer services  Operator based services  The selection of the service appropriate to a specific communication is agreed bilaterally between participants

27 IAG_030805_v2.pptSlide 27 Focus on the Messaging/Interface Layer Element 5: Security - Consultation content Minimum security needs:  Authentication of source  Data integrity & confidentiality  Non-repudiation  Time stamping PKI

28 IAG_030805_v2.pptSlide 28 Focus on the Messaging/Interface Layer Element 5 Security - Consultation responses  Q4.2 generic responses  51 responses in totalAgree –15 EU FI13 – 87% –11 FI EU rep orgs8 – 73% –7 EU C&S Infrastructures5 – 71% –Total (inc above) 34– 67%

29 IAG_030805_v2.pptSlide 29 Focus on the Messaging/Interface Layer Element 5: Security - Consultation responses  Q4.10 specific security responses  ‘Is the minimum security level defined at the messaging layer appropriate to all communication?

30 IAG_030805_v2.pptSlide 30 Focus on the Messaging/Interface Layer Element 5: Security - Consultation responses  Q4.10(a) Generic information, e.g. end of day pricing’  45 responses in totalAgree –13 EU FI7 – 54% –10 FI EU rep orgs5 – 50% –8 EU C&S Infrastructures3 – 38% –Total (inc above) 21– 47% –Explicitly disagree9– 20%

31 IAG_030805_v2.pptSlide 31 Focus on the Messaging/Interface Layer Element 5: Security - Consultation responses  Q4.10(b) Binding information, e.g. statements, status reports etc’  45 responses in totalAgree –13 EU FI9 – 69% –10 FI EU rep orgs7 – 70% –8 EU C&S Infrastructures4 – 50% –Total (inc above) 28– 62% –Explicitly disagree2– 4%

32 IAG_030805_v2.pptSlide 32 Focus on the Messaging/Interface Layer Element 5: Security - Consultation responses  Q4.10(c) Business critical information, e.g. instructions & confirms’  45 responses in totalAgree –13 EU FI9 – 69% –10 FI EU rep orgs8 – 80% –8 EU C&S Infrastructures4 – 50% –Total (inc above) 28– 62% –Explicitly disagree2– 4%

33 IAG_030805_v2.pptSlide 33 Focus on the Messaging/Interface Layer Element 5: Security - Consultation responses  Additional points raised answering Q4.10: –Security levels/non-repudiation should be determined by activity type: AFTI, Citigroup, ECSA, SEB –Is PKI the right answer? AFTI, ECSA, Euroclear –Confusion between needs and solutions: Au/NZ NMPG, Euroclear –Network provider must not be CA : AFTI –Security & Service should be combined: Deutsche –Bilateral & centralised security arrangements can co-exist: Euroclear

34 IAG_030805_v2.pptSlide 34 Focus on the Messaging/Interface Layer Element 5: Security – Questions to answer GenericBindingCritical Authentication Data integrity & confidentiality Non-repudiation Time stamping

35 IAG_030805_v2.pptSlide 35 Focus on the Messaging/Interface Layer Element 5: Security – Questions to answer  Are the minimum security needs correctly defined? –Authentication of source –Data integrity & confidentiality –Non-repudiation –Time stamping  What are the correct definitions of the key types of communication? –Generic, non binding: pricing } Business Confidential? –Binding: statements, status, entitlements } Business –Business Critical: instructions, confirmations} Critical?

36 IAG_030805_v2.pptSlide 36 Focus on the Messaging/Interface Layer Element 5: Security – Questions to answer  How do you balance need vs cost?  Total trading, clearing and settlement cost to investor : AFTI 11/02AFTI 11/ DomesticX-borderTowerTower EuropeEuropeDomX-B Broker technical Custodian internal Custodian xs internal09-18 Custodian external* Total Total message cost (inc security) depending on matching, using local agents etc * Local custodian plus local CSD All costs in EUR, 30,000 Eur trade

37 IAG_030805_v2.pptSlide 37 Focus on the Messaging/Interface Layer Element 5: Security – Questions to answer Business Confidential Business Critical GenericBindingCritical Authentication Data integrity & confidentiality Non-repudiation Time stamping

38 IAG_030805_v2.pptSlide 38 Focus on the Messaging/Interface Layer Element 5: Security – Questions to answer  Is PKI the correct security mechanism?  How should the PKI service be offered? –FI specific –MI specific –Comms Provider specific –Market level single PKI scheme –Interoperable PKI  PKI strength (key length, RA checks etc): –What is the appropriate minimum level –How will service providers prove this? Accreditation? –Technical definition team?

39 IAG_030805_v2.pptSlide 39 Focus on the Messaging/Interface Layer Element 5: Security – Proposed ratification  A Giovannini compliant service must offer: –Authentication/data integrity (PKI) with liability –Non-repudiation with liability –Time stamping  RA must implement KYC standards for Certificate issuance  Market best practice minimum PKI strength  These features are considered mandatory for the following types of communication: –Business critical (Changing ownership, moving value): …….. –Business confidential (Entitlements, status reports, statements): ……….. –Other:

40 IAG_030805_v2.pptSlide 40 Focus on the Messaging/Interface Layer Element 6: Service - Consultation content  Services and Service Levels  The minimum mandatory services that a messaging/interface layer must offer are: –Message/file audit –Message/file guaranteed delivery –Message/file delivery once and only once

41 IAG_030805_v2.pptSlide 41 Focus on the Messaging/Interface Layer Element 6: Services - Consultation content  Optional services that a messaging/interface layer can offer are: –Message/file archival & retrieval –Message/file store and forward –Message/file validation –Message/file analysis –Message/file delivery control –SLA’s for provisioning, implementation etc –Testing facilities –Interface adapters

42 IAG_030805_v2.pptSlide 42 Focus on the Messaging/Interface Layer Element 6: Services - Consultation responses  51 responses in totalAgree –15 EU FI13 – 87% –11 FI EU rep orgs8 – 73% –7 EU C&S Infrastructures5 – 71% –Total (inc above) 34– 67%

43 IAG_030805_v2.pptSlide 43 Focus on the Messaging/Interface Layer Element 6: Services - Consultation responses  Additional points raised: –AFTI: – Optional delivery notification: AFTI –Euroclear: – Messaging layer must use multiple networks –NCSD: – Mandating service levels is not required as different users have different needs –OMX: – Put confirmation of receipt requirement on receiver –SEB: – Baseline set too high

44 IAG_030805_v2.pptSlide 44 Focus on the Messaging/Interface Layer Element 6: Services - Consultation responses  Additional mandatory features recommended: –Mandatory archive (period?) & retrieval: AT NMPG, Bank of Valetta, Merrill Lynch, Omgeo, ZA NMPG –Mandatory testing facility: ABN, AFTI, CH NMPG, CSFB, UBS, ZA NMPG –Mandatory replay : AT NMPG, BVI, ZA NMPG –Mandatory store & forward : AT NMPG, BVI, ZA NMPG –Mandatory validation : AT NMPG, AU/NZ NMPG –Mandatory delivery control: AT NMPG –Mandatory message cancellation: ECSA –Mandatory resend: ABN

45 IAG_030805_v2.pptSlide 45 Focus on the Messaging/Interface Layer Element 6: Services - Consultation responses  Q4.9 Should providers of messaging & network functionality police the quality of traffic against standards?  If yes, should they be empowered to stop traffic that does not conform or merely report on non-conformance –Clarification: Validation of format/standards, not business content  51 responses in totalAgree –14 EU FI12 – 86% –12 FI EU rep orgs8 – 67% –9 EU C&S Infrastructures7 – 78% –Total (inc above) 37– 73%

46 IAG_030805_v2.pptSlide 46 Focus on the Messaging/Interface Layer Element 6: Services - Consultation responses  BUT  51 responses in totalAgree –Optional13 – 25% –Report only10 – 20% –Stop traffic8– 16% –Explicitly disagree12 – 24%

47 IAG_030805_v2.pptSlide 47 Focus on the Messaging/Interface Layer Element 6: Services – Proposed ratification A Giovannini compliant service must offer:  Message/file audit, (inc. archival & retrieval?)  Message/file guaranteed delivery  Message/file delivery once and only once  All other services remain optional value added services provided at the discretion of the Service Provider

48 IAG_030805_v2.pptSlide 48 Focus on the Messaging/Interface Layer Element 6: Service Level - Consultation responses  Q4.3 Should a minimum set of performance standards be quantified for each service element?  49 responses in totalAgree –15 EU FI14 – 93% –11 FI EU rep orgs7 – 64% –9 EU C&S Infrastructures8 – 89% –Total (inc above) 39– 80% –Explicitly disagree7 – 14%

49 IAG_030805_v2.pptSlide 49 Focus on the Messaging/Interface Layer Element 6: Service Level - Consultation responses Most common service levels noted in the consultation:  24x7Agree –EU FI6 – 40% –FI EU rep orgs3 – 27% –EU C&S Infrastructures2 – 22% –Total (inc above) 15– 31%  % availability - continuityAgree –EU FI5 – 33% –FI EU rep orgs2 – 18% –EU C&S Infrastructures2 – 22% –Total (inc above) 11– 22%

50 IAG_030805_v2.pptSlide 50 Focus on the Messaging/Interface Layer Element 6: Service Level – Proposed ratification  From Network Layer, Element 9: Service must satisfy business & regulatory requirements for performance, resilience and network management –Is this enough? –Will it make a difference? –Do we need to revisit the Network Layer?

51 IAG_030805_v2.pptSlide 51 Agenda  Review of 19 th July minutes  Protocol ‘shelf-life’  Focus on the Interface Layer –Standards –Security –Service  Mandatory outsourcing of: –Dispute resolution support service –Commodity services  Any other business

52 IAG_030805_v2.pptSlide 52 Mandatory outsourcing of certain services: Consultation content  Q4.6 ‘What is your opinion on the mandatory outsourcing of dispute resolution and commodity services to the provider[s] of messaging and/or network services’  Clarification: To provide services which would be considered as the neutral evidence required to resolve an operational dispute, e.g. Time stamping

53 IAG_030805_v2.pptSlide 53 Mandatory outsourcing of services: Consultation content  Dispute resolution services, e.g. time stamping others?  52 responses in totalAgreeDisagree –13 EU FI54%15% –13 FI EU rep orgs38%31% –9 EU C&S Infrastructures22%67% –Total (inc above) 35%37%

54 IAG_030805_v2.pptSlide 54 Mandatory outsourcing of services: Consultation content  Commodity services, e.g. PKI, others? PKI  52 responses in totalAgreeDisagree Agree –13 EU FI54%15%31% –13 FI EU rep orgs31%31%15% –9 EU C&S Infrastructures11%67%0% –Total (inc above) 33%37%17%

55 IAG_030805_v2.pptSlide 55 Mandatory outsourcing of services: Proposed ratification  Confirmation that at the security and service level: –Time stamping is a neutral activity that should be performed by the Messaging/Network provider –From an FI perspective, PKI should not be provided by Market Infrastructures

56 IAG_030805_v2.pptSlide 56 Agenda  Review of 19 th July minutes  Protocol ‘shelf-life’  Focus on the Interface Layer –Standards –Security –Service  Mandatory outsourcing of: –Dispute resolution support service –Commodity services  Any other business

57 IAG_030805_v2.pptSlide 57 The next meeting is…..  23 rd August at 11.00am  The subject will be the data layer


Download ppt "Slide 1 Independent Advisory Group Giovannini Barrier 1 Meeting 2 August 3rd, 2005."

Similar presentations


Ads by Google