Âre you a bull or a bear? If you can't access your data and money, do your sentiments about the market still matter?
I was recently asked about
how software vulnerabilities in stock trading apps and platforms might put
users’ finances and personal data at risk. Given the dependence of today’s societies and economies on technology
along with the skyrocketing interest in day trading of late, it’s only natural
that concerns about the increasing
number and severity of
security loopholes in all manner of software applications should rise in
lockstep. And that’s on top of numerous other cyberthreats that require the
continued attention of organizations and people, including those involved with
stock trading.
Recently, a string of
disruptions that have plagued stock exchanges and brokerages have thrown into
stark relief another problem: an outage, too – even if it’s caused by a
technical glitch – can ultimately impact the finances of people and
organizations. While this issue typically commands less public attention,
incidents that halt trading on platforms where billions of dollars normally
move every day may even impact investor confidence and have knock-on effects
for countries’ economies. Indeed, I spoke about the importance of
ensuring the availability of trading technologies back in 2018; if recent history is any
indication, things don’t appear to be improving.
The availability of data
and systems is, along with their confidentiality and integrity, one of the
pillars of the venerable CIA
triad, the concept at the heart
of information security and the guiding principle of any organization’s data
security efforts. The impact of availability problems varies from industry to
industry and from asset to asset; put bluntly, being unable to access a small
social media analytics platform is not quite the same as having problems
logging into your company’s Enterprise Resource Planning (ERP) application.
Common sense would lead us
to assume that the technologies behind stock exchanges are robust, fail-safe, and
would never fail under normal circumstances. 2020 proved us wrong – let’s look
at how major stock exchanges and brokerages have struggled to keep their
systems up and running recently.
Stock exchange blackouts
Tokyo Stock
Exchange (TSE)
On Thursday October 1st,
the TSE
trading session was halted for an
entire day. The TSE is the world’s third largest exchange with a market
capitalization of about $6 trillion. The outage was attributed to a hardware
malfunction in its stock trading system and auto-backup system. Two failures in
a row. Nonetheless, the TSE resumed operations on the next day.
This system proved
resilient against natural forces, having held up during a powerful earthquake
and tsunami in 2011; on the other hand, it
wasn’t the first time that
its Arrowhead trading system experienced a glitch.
On November 5th,
the Japan Exchange Group – the TSE’s owner – announced in a press release
that the
system had been upgraded. This update
offers higher availability and speed.
I ask, were these systems
tested regularly, either internally or by the vendor, or was this simply
misfortune? Wrong day? Wrong time? Who knows.
Mexican Stock Exchange (BMV)
On October 9th,
the trading session at Mexico’s oldest stock market halted at midday due to
operational problems with the system used to process trading orders. The stock
exchange blamed the outage on a
connection cut out mistakenly caused by a technology provider. It’s worth noting that Service Level Agreements
(SLAs) play an important role in these kinds of problems.
Even when a technology is
resilient and the IT General Controls are audited on a regular basis, people
will inadvertently make mistakes. Nonetheless, trading resumed the following
Monday with all platforms working normally.
Still in October, trading
on several major stock exchanges in Europe also
came to a standstill.
Broker bottlenecks
Rush hours are at market
opening and market closure (09:30-16:00 EST) are the most crucial moments for
the market. There is massive buying and selling during these times, with orders
being sent to the same API endpoints and the same servers at the same time.
Thousands of users from
different brokerages have reported availability problems on their web, mobile,
and desktop trading platforms. Angry users were not able to buy or to sell securities
at the right price. Millions of dollars vanished in lost opportunities.
In my opinion, regulators
should take action against such non-diligent behavior by brokerages.
Retail broker unavailability
After the COVID-19 pandemic
caused a huge increase in their user numbers, many retail brokers now suffer
from the same problem: availability at opening/closing hours.