The Four Pillars for Building a Kill-Switch from the Data Streaming in the Network

Many customers have concluded that they must implement an automated “kill- switch” to terminate certain trading flows, enforce curbs and rate limits, re-route customers, or enforce other risk / compliance policies.

The Four Pillars for Building a Kill-Switch from the Data Streaming in the NetworkBy Donal Byrne    April 24, 2014      Thinking

A number of large banks and exchanges are leveraging Corvil to help mitigate the challenges of IT risk that have undermined the smooth operations of US financial markets. Due to the amount of money at risk in very short timescales, there is a need to react very quickly. Many of our customers have concluded that they must implement an automated "kill- switch" to terminate certain trading flows, enforce curbs and rate limits, re-route customers, or enforce other risk / compliance policies. Obviously this places a new range of demands and technical challenges. We have broken those down into four pillars, each of which need to be addressed if an effective risk mitigation tool is to be achieved:

  1. Work With Data You Can Trust - The information on which you are basing your decision to use the kill switch must be high quality. You have to have high confidence that the data you've acquired and the information linked to it is reliable. Accurate time stamping is critical. We need to know exactly when an event occurred. It's critical in modern trading environments to determine the order of events, thus attributing the appropriate cause and effect. Knowledge of the time allows you to take the right action at the right time.

  2. Detect Trading Anomalies - You need to detect and identify anomalies and behavior that represent a threat or are potentially disruptive to the operations of the IT systems supporting the markets. These events can come in many forms and require a very powerful event detection engine. This is hard to do due to high volume, velocity and diversity of data. The vast majority of these events is legitimate and represents normal business activity. The challenge is to build an event-recognition engine to detect and analyze these events.

  3. Detect in machine-time – Machine time = milliseconds, not seconds and minutes. If you rely on human behavior to both detect and react, you will already incur a risk and potentially significant financial loss. So, you must implement a system in machine real-time, not human real-time. A lot of systems currently are built around human real-time, and are not built to monitor and detect in a subsecond timeframe.

  4. React in the time that matters - Once you have the event alert, you then need to see all data associated with the suspicious event and compute in machine real-time the risk exposure. This ultimately determines if the activity needs to be killed or is allowed to persist.

These four pillars are the core foundation of any kill-switch paradigm, the biggest concern we see is people's willingness to trust the automated "kill" action without human oversight. This is a tough problem. We often advise that people should begin with the "big red light" before going for the "big red button",i.e. get real-time visibility and alerting of the risk situation first, then get experience in dealing with the anomalies. Once experience, understanding and confidence are built then the actions can migrate to a machine.

The Four Pillars for Building a Kill-Switch from the Data Streaming in the Network

Donal Byrne, Chief Executive Officer, Corvil
Corvil is the leader in performance monitoring and analytics for electronic financial markets. The world’s financial markets companies turn to Corvil analytics for the unique visibility and intelligence we provide to assure the speed, transparency, and compliance of their businesses globally. Corvil watches over and assures the outcome of electronic transactions with a value in excess of $1 trillion, every day.
@corvilinc

You might also be interested in...