DTCC Urges Firms to Improve Technology Resilience

Anna Lyudvig

Traditionally, resilience has been platform-centric, but as business systems and processes are modernized, it’s imperative that resilient capabilities are built in at the application level, according to DTCC.

As the Depository Trust & Clearing Corporation (DTCC) outlines in its new white paper, “The Power of Technology Resilience: A Framework for the Industry,”  technology resilience is a key enabler of business resilience.

According to the paper, across the industry, modern technology ecosystems now operate in multiple physical and virtual environments, including Cloud. 

Increasing modularization of code components and supporting architectures, enabled by micro-services, have resulted in complex interactions and dependencies among multiple applications, DTCC said.

“Before, resilience was important at the singular application level, but now, these changes,”  DTCC said.

Lynn Bishop

“There is no one-and-done approach to resilience,” commented Lynn Bishop, Managing Director and Chief Information Officer at DTCC.

“We believe we’ve laid the foundation for a solid and robust framework for ensuring technology resilience, but we intend to continue working with our clients and stakeholders to refine our approach and continue evolving.”

Given DTCC’s role as a critical infrastructure for the global markets, the firm follows strict recovery and resumption methods across services to enhance its resilience. 

As part of this, DTCC developed a resilience framework to prepare for a vast array of scenarios, including cyberattacks, natural disasters, and pandemics. The paper, which builds upon measures first outlined in the firm’s 2019 report, Resilience First, details four resilience principles that should be considered during the development of all software, services, and components, including: Plan – Firms should define the criteria to help support the delivery of resilient solutions in a repeatable and standardized manner; Build – Firms should employ common architectural patterns that can be leveraged by all teams to help deliver repeatable, resilient solutions. Firms should also conduct Failure Mode Analysis (FMA) to investigate the technical design of an application, and to identify any failure points in the system; Test – DTCC recommends a robust testing framework that leverages automation to confirm applications are consistently tested against resilience principles. Firms should leverage Chaos Engineering to experiment on a system’s ability to withstand turbulent conditions, including hardware failure or an unexpected surge in volume;  and Operate – Firms should consider enhancing their operational processes, which might include adopting dynamic alerting and monitoring practices that empower their engineers to rapidly respond to environmental failures by shifting workloads to an alternate data center. Additionally, firms should reimagine traditional, monolithic resilience exercises and adopt a model that enables a more continuous state of readiness for disaster events.

DTCC said firms should also design their applications to both detect and recover from possible failures, using automation where possible. 

Applications should be designed to operate independently of each other, to help isolate and contain any potential failures.

DTCC remains focused on preparing for disruptions and failures, moving beyond the long-held notion that resilience is primarily a back-office IT concern. 

DTCC believes that enhancing resilience must be established as an industry-wide business and strategic imperative to ensure the continued safety and soundness of financial industry markets in the face of ever-evolving risks.

“When it comes to any firm’s resilience journey, it’s important to remember that you don’t have to go it alone,” said Neelesh Prabhu, Managing Director of Architecture & Enterprise Services in Information Technology at DTCC. “Industry collaboration is a key enabler of continued progress in this area. In support of this, we remain committed to sharing our experiences and best practices to help firms collectively safeguard the entire financial services industry.”