Department of Homeland Security or Sarbanes-Oxley
Westborough, MA and New York, NY, June 21, 2005 â At the heart of the 100-km question that financial firms continue to confront in a post-9/11 world is the issue of data replication that allows them to quickly and accurately replicate all of their critical data in the event of an IT disruption or significant IT event preventing the loss of any critical data. According to TABB Groupâs first report released today by their Crisis & Continuity Services division, "Crisis in Continuity: Financial Markets Firms Tackle the 100km Question," firms employ three major methods of data replication â synchronous, asynchronous and hybrid replication solutions.
Data replication solutions meet two key objectives, to minimize the recovery-point objective (RPO), ensuring no data loss, while minimizing the recovery-time objective (RTO), the maximum allowable time between failure and recovery.
"Based on our interviews, 80% of firms we interviewed already had data centers within 35 miles of their primary production site," writes Alexander Tabb, report author, TABB Group partner and Crisis & Continuity Services practice director. "We learned 11% had a real-time RTO, while 44% and 45% of firms had a two-hour and a four-hour time objective, respectively. In light of these changes, a number of institutions are even trying to reduce their RTOs to less than two hours with the expectation that the markets will soon move in that direction."
To date, Tabb explains, government focus has been on significantly challenging major firms throughout the sector to reduce recovery-time objectives and increase their recovery-point objectives. âThe goal of this report is to provide insight into what firms within the financial services sector are actually doing to mitigate the risks associated with geographic concentration vis-Ã -vis their trading and high value operations.â
The report examines efforts by various market regulators and self-regulating organizations (SROs) to spur on their constituents to reduce the risks associated with the 100-km question; the existing technology that allows firms to mitigate the risks associated with geographic centralization; human factors that need to be addressed when developing a risk mitigation strategy that will alleviate the concerns associated with geographic centralization; and what various market players in New York, California, London, Paris, Singapore and other major financial centers are doing to mitigate their risk.
Of all the regulatory efforts put forward by governments and self-regulating organizations, the Federal Reserve, SEC and OCC "Interagency White Paper on Sound Practices to Strengthen the Resilience of the U.S. Financial System" has had the most impact on financial markets firms. "In one fell swoop," Tabb says, "the paper forced âfirms that play with a significant role in critical financial markets infrastructureâ to examine how they managed physical risk." By providing advice on how financial firms could take necessary steps to protect the overall financial system from risks posed by area-wide or regional outages, the White Paper has become the benchmark by which large-, medium- and small-sized institutions are mitigating physical risk.
"While a number of large institutions have taken very public positions on their overall risk mitigation strategies," said Larry Tabb, TABB Groupâs founder and CEO, "many of these same institutions are facing significant internal pressures to bring down the costs associated with their solutions. Overall, we learned that most are taking a hard look at their business-continuity solutions with an eye toward reducing the expenses associated with these programs and finding ways to capitalize on oftentimes expensive and underutilized assets."
The report also analyzes the distance question firms face when looking at their disaster-recovery and business-continuity tradeoffs between safety and cost, regulation and practicality and the technical challenges of distributing both data and operations more than 100km from their primary location. Other subjects include outsourcing, relocating data centers, hot site locations and the regulatory environment of NASD Rule 3510/3520, NYSE Rule 446, FFIEC, Department of Homeland Security, Sarbanes-Oxley and global regulatory efforts.