International Financial Services Centres Authority
Circular No. IFSCA/CMD-DMIIT/DR/774/2022/01 | Dated November 16, 2022
To,
All the Stock Exchanges, including Bullion Exchange, in the International Financial Services Centres (IFSC)
All the Clearing Corporations in the International Financial Services Centres (IFSC) All the Depositories in the International Financial Services Center’s (IFSC)
Dear Sir/Madam,
Sub: Guidelines for Business Continuity Plan (BCP) and Disaster Recovery (DR) for Market Infrastructure institutions (MIIs)
1. IFSCA, as a member of IOSCO, has adopted the Principles for Financial Market Infrastructures (PFMIs) laid down by CPMI-IOSCO.
2. Principle 17 of PFMI that relates to management and mitigation of ‘Operational risk’ requires that systemically important market infrastructures institutions “should identify the plausible sources of operational risk, both internal and external, and mitigate their impact through the use of appropriate systems, policies, procedures, and controls. Systems should be designed to ensure a high degree of security and operational reliability and should have adequate, scalable capacity. Business continuity management should aim for timely recovery of operations and fulfilment of the FMI’s obligations, including in the event of a wide-scale or major disruption.”
3. The Stock Exchanges (including Bullion Exchange), Clearing Corporations and Depositories (hereinafter referred to as Market Infrastructure Institutions or MIIs) in IFSC form the backbone of capital market ecosystem. As part of the operational risk management, these MIIs are required to set up Disaster Recovery (DR) site to provide essential facilities and perform systemically critical functions relating to trading, clearing and settlement in securities market during any unforeseen circumstances.
4. Considering the advancement in technology and improved automation of various processes, a framework for Business Continuity Plan (BCP) and Disaster Recovery Site (DRS) for the MIIs in the IFSC is prescribed hereunder.
a) The MIIs shall have in place BCP and DRS to maintain data and transaction integrity.
b) Apart from DRS, all MIIs shall also have a Near Site (NS) to ensure zero data loss.
c) The DRS should preferably be set up in different seismic zones and in case due to certain reasons such as operational constraints, change of seismic zones, etc., a minimum distance of 500 kilometres shall be ensured between the Primary Data Centre (PDC) and the DRS so that both DRS and PDC are not affected by the same disaster.
d) The manpower deployed at a DRS/NS shall have the same expertise as available at the PDC in terms of knowledge/ awareness of various technological and procedural systems and processes relating to all operations such that the DRS/NS can function at a short notice, independently. The MIIs shall deploy a sufficient number of trained staff at their DRS in order to ensure the capability of running live operations from DRS without involving staff of the PDC.
e) All the MIIs shall constitute an Incident and Response Team (IRT)/ Crisis Management Team (CMT), which shall be chaired by the Managing Director (MD) of the MII or by the Chief Technology Officer (CTO), in case of non- availability of MD. The IRT/ CMT shall be responsible for the actual declaration of disaster, invoking the BCP and shifting of operations from PDC to DRS whenever required. Details of roles, responsibilities and actions to be performed by employees, IRT/ CMT and support/outsourced staff in the event of any Disaster shall be defined and documented by the MII as part of BCP-DR Policy Document.
f) The Technology Committee of the MIIs shall review the implementation of the BCP- DR policy approved by the Governing Board of the MII, on a quarterly basis.
g) The MIIs shall conduct periodic training programs to enhance the preparedness and awareness level among their employees and outsourced staff, vendors, so as to discharge their duties as per the BCP policy.
Configuration of DRS/NS with PDC
5. The following guidelines shall apply with respect to the configuration of DRS/NS with PDC:
a. Hardware, system software, application environment, network and security devices and associated application environments of DRS / NS and PDC shall have one to one correspondence between them.
b. The MIIs shall develop the necessary systems in a manner that does not require system configuration changes at the intermediary level (broker dealers/ clearing members/ depository participants) for switchover from the PDC to the DRS. Further, the MIIs shall test such a switchover functionality by conducting unannounced live operations from the DRS for at least 1 day in every six months. Unannounced commencement of live operations from the DRS of the MIIs shall be done at a short notice of 45 minutes, after 90 days from the date of this circular.
c. The ‘Critical Systems’ for an Exchange/ Clearing Corporation shall include Trading, Risk Management, Collateral Management, Clearing and Settlement and Index computation. ‘Critical Systems’ for a Depository shall include systems supporting settlement process and inter-depository transfer system.
d. In the event of a disruption of any one or more of the ‘Critical Systems’, the MII shall, within 30 minutes of the incident, declare that incident as a ‘Disaster’ and take necessary measures to restore operations, including from the DRS, within 45 minutes of declaration of a ‘Disaster’. Accordingly, the Recovery Time Objective (RTO) i.e., the maximum time taken to restore operations of ‘Critical Systems’ from DRS after declaration of Disaster- shall be 45 minutes, to be implemented within 90 days from the date of the circular.
e. The MIIs shall ensure that the Recovery Point Objective (RPO) i.e., the maximum tolerable period for which data loss is experienced, due to a major incident, shall be 15 minutes.
f. The solution architecture of PDC and DRS / NS shall ensure:
i. high availability,
ii. fault tolerance,
iii. no single point of failure,
iv. zero data loss, and
v. data and transaction integrity
g. Any updates made at the PDC should be reflected at DRS/ NS immediately (before end of day) with head room flexibility without compromising any of the performance metrics.
h. The replication architecture, bandwidth, and load consideration between the DRS / NS and PDC shall be within the stipulated RTO and shall ensure high availability, right sizing, and no single point of failure.
i. The replication between PDC and NS shall be synchronous so as to ensure zero data loss whereas, the one between PDC and DRS and between NS and DRS may be
j. Adequate resources (with appropriate training and experience) should be available at all times to handle operations at PDC, NS or DRS, as the case may be, on a regular basis as well as during disasters.
DR Drills/Testing
6. The following guidelines with respect to the DR drills/ testing shall apply:
a) DR drills should be conducted on a quarterly basis. In case of Exchanges and Clearing Corporations, these drills shall be closer to real life scenario (trading days) with minimal notice to the DRS staff involved.
b) During the drills, the staff based at PDC shall not be involved in supporting operations in any manner.
c) The drill shall include the execution of all operations from DRS for at least 1 full trading
d) The timing diagrams clearly identifying resources at both ends (DRS as well as PDC) shall be in place, before the commencement of DR drills.
e) The results and observations of these drills shall be documented and placed before the Governing Board of the MIIs. Subsequently, the same along with the comments of the Governing Board should be forwarded to IFSCA within a month of the DR drill.
f) The Systems Auditor, while covering the BCP – DR aspect, as a part of the mandated annual Systems Audit, shall scrutinize the preparedness of the MII to switch its operations from the PDC to the DRS, unannounced, and also comment on the documented results and observations of the DR drills.
g) In the case of Stock Exchanges (including Bullion Exchange), the ‘live’ trading sessions from the DR site shall be scheduled for at least two consecutive days in every six months. Such live trading sessions from the DRS shall be organized on normal working days (i.e. not on weekends / trading holidays). The Stock Exchanges shall ensure that the staff members working at DRS have the abilities and skills to run live trading session independent of the PDC staff.
h) The Stock Exchanges shall include a scenario of intraday switchover from the PDC to DRS during the mock trading sessions in order to demonstrate its preparedness to meet RTO/RPO as stipulated above.
i) The MIIs shall undertake and document Root Cause Analysis (RCA) of their technical/ system related problems in order to identify the causes and to prevent recurrence of similar problems.
j) In addition to the above, the following shall also apply:
i. Unannounced live trading session shall be conducted from the DR site of the Stock Exchanges with a notice of 4 hours, from IFSCA, before the start of the trading session, starting from January 2023.
ii. Unannounced live trading session shall be conducted from the DR site of the Stock Exchanges with a short notice of 45 minutes from IFSCA before the start of the trading session, starting from January 2023.
iii. The MIIs shall study the feasibility of intra-day switchover from the Primary Site to the DR site with a notice of 45 minutes from IFSCA.
iv. MIIs shall prepare comprehensive testing plan and build sufficient redundancy in its systems in order to mitigate impact of any unforeseen technical glitch and to ensure failure of any subsystem of MIIs would not impact other critical systems of MIIs and continuous functioning of securities
v. MIIs shall constantly monitor the health/performance of various communication links and take corrective measures, as required.
BCP – DR Policy Document
7. The BCP – DR policy document shall be prepared by the MIIs as per the following:
a) The MIIs shall put in place a comprehensive BCP-DR policy document outlining the following:
i. Broad scenarios that would be defined as a Disaster for an MII (in addition to definition provided in para 5 (c) of the circular).
ii. Standard Operating Procedure to be followed in the event of Disaster.
iii. Escalation hierarchy within the MII to handle the Disaster.
iv. Clear and comprehensive Communication Protocols and procedures for both internal and external communications from the time of incident till resumption of operations of the MII.
v. Documentation policy on record keeping pertaining to DR drills.
vi. Scenarios demonstrating the preparedness of MIIs to handle issues in Critical Systems that may arise as a result of Disaster.
vii. Preparedness of Depositories to handle any issue which may arise due to trading halts in Stock Exchanges.
viii. Framework to constantly monitor health and performance of Critical Systems in normal course of business.
b) The BCP-DR policy document of the MII should be approved by Governing Board of the MIIs after being vetted by Technology Committee and thereafter communicated to IFSCA. The BCP-DR policy document should be periodically reviewed at least once in six months and after every occurrence of a disaster.
c) In case an MII desires to lease its premises at the DRS to other entities, including to its subsidiaries or entities in which it has stake, the MII should ensure that such arrangements do not compromise the confidentiality, integrity, availability, targeted performance and service levels of the MII’s systems at the DRS. The right of first use of all the resources at DRS including network resources should be with the MII. Further, the MII should deploy necessary access controls to restrict access (including physical access) of such entities to its critical systems and networks.
8. Considering the above, the MIIs are advised to submit their BCP–DR policy to IFSCA within 3 months from the date of this circular. Further, they should also ensure that clause 6(f) and 7(a)(v) mentioned above is also included in the scope of System Audit.
This circular is issued in exercise of powers conferred by Section 12 of the International Financial Services Centres Authority Act, 2019 to develop and regulate the financial products, financial services and financial institutions in the International Financial Services Centres.
Yours faithfully,
Praveen Kamat
Deputy General Manager
Division of Market Infrastructure Institutions and Technology
Capital Markets Department
email: praveen.kamat@ifsca.gov.in
Tel: +91-79-6180 9820
