Resilience emphasized as Equilend hit by Ransomware

TLDR: A recent ransomware attack on EquiLend, a securities lending technology provider, has drawn attention to the importance of operational resilience and cybersecurity in the financial industry. The attack, which followed a similar incident involving Ion Markets in 2023, highlights the vulnerability of vendor services and market infrastructures to cybercriminals. Geopolitical tensions and increased funding for cybercrime have led to an increase in attacks targeting central vendor services, market infrastructures, and financial institutions. Regulatory bodies, such as the CFTC and SEC, have proposed regulations and frameworks to improve operational resilience and mitigate cybersecurity risks. For example, the CFTC has proposed a new framework for futures commission merchants and swap dealers, which includes requirements for information and technology security, third-party relationship management, and business continuity planning. The focus on operational resilience is expected to increase transparency around vendor relationships and reduce concentration risks. However, reducing dependencies on single providers may be costly and complex, and standardization across the industry is needed to facilitate the switching of providers. The Digital Operational Resilience Act (DORA), which will come into force in January 2025, aims to enhance operational resilience in the financial sector, but implementation may pose challenges for buy-side firms.