ASIC has today released a letter to market participants outlining technological and operational resilience guidance, clarifying how to identify critical business services and notification of a major event.

The guidance relates to the technological and operational resilience requirements detailed in Chapters 8A and 8B of the ASIC Market Integrity Rules (Securities Markets) 2017 and ASIC Market Integrity Rules (Futures Markets) 2017.

ASIC expects market participants to maintain a strong and continued focus on their technological and operational resilience, noting it is not a ‘set-and-forget’ process. Adjustments to critical business services arrangements should be made as required.

ASIC is committed to advancing digital and data resilience and safety as one of its strategic priorities for 2024-25. Resilient market operators and market participants are essential to the integrity of our securities and futures markets and to the efficient functioning of the economy.

The market integrity rules set minimum expectations and controls to mitigate risks to help safeguard the integrity and resilience of Australia’s markets.

ASIC encourages market participants to carefully consider the guidance set out in the letter and in Regulatory Guides 265 and 266, as it clarifies expectations around critical business service arrangements, specifically market participants’ identification of critical business services and major event notifications.

ASIC will now consult with industry on incorporating this guidance into Regulatory Guides 265, 266 and 172 when they’re next updated.

Download

Letter to Market Participants (PDF 276 KB)

Background

Chapters 8A and 8B of the ASIC Market Integrity Rules (Securities Markets) 2017 and ASIC Market Integrity Rules (Futures Markets) 2017 (the Resilience Rules), which came into effect on 10 March 2023, aim to promote the technological and operational resilience of market participants.

In 2023, ASIC conducted a thematic review of market participants’ arrangements for complying with the Resilience Rules, focusing on the requirements to identify their critical business services and notify ASIC of major events.

Since providing feedback to the market participants we reviewed, we have been meeting with industry organisations to discuss our observations, and have shared our three-step plan to review and expand guidance on the Resilience Rules in:

• Regulatory Guide 265 Guidance on ASIC market integrity rules for participants of securities markets (RG 265)
• Regulatory Guide 266 Guidance on ASIC market integrity rules for participants of futures markets (RG 266), and
• Regulatory Guide 172 Financial markets: Domestic and overseas operators (RG 172). 

As a first step, in May 2024, we made revisions correcting minor drafting errors in RG 265, RG 266 and RG 172 that caused confusion about the identification of critical business services, and clarifying what we mean by ‘immediately’ when notifying ASIC of a major event.

As a second step, we published a letter to market participants to share our observations and guidance from the thematic review we conducted of market participants’ arrangements for identifying critical business services and dealing with a major event.

Our third step, which is currently underway, is to meet with market participants to discuss and consider questions and requests for further expanded guidance.

ASIC is Australia’s corporate, markets and financial services regulator.