In the spring of the Year of the Pig, four years after the stock market crash in 2015, when the access to external systems of securities firms was banned, the CSRC solicited public opinions on the Interim Regulations on The Management of External Access to Securities Companies’ Trading Information Systems, which provided a clear institutional guarantee for securities firms to provide external access services. The release of the external access of the brokerage system will stimulate the enrichment of a-share investment strategy, and thus play A role in stimulating the activity of the market and improving liquidity, which is needless to say good for the development of the business of the brokerage institutions. As the responsible subject of external access services, qualified securities firms need to consider the following issues before carrying out business:
- Open trading system external access, how to do risk control?
- How to ensure compliance, security and stability of external access? Resolving these problems is the basis for a brokerage to conduct its business prudently.
- How to implement external access service in information system construction? Further, will opening up external access lead to intensified competition in the Internet industry? Will opening up external access lead to new business model innovation? How to develop the differentiation competition with Internet big factory? More worthy of brokerage thinking.
Access control and risk control are the basis for securities firms to carry out external access business prudently.
Access control ensures that securities firms can evaluate the rationality of customers’ access needs, verify investors’ qualifications and fulfill their external access management responsibilities in the process of external access business. Risk control ensures that securities firms can identify and control the global risks of investors’ trading behaviors, and effectively prevent artificial manipulation, system defects, procedural trading anomalies and other abnormal behaviors that affect the market.
Access control
All kinds of systems and services in the Internet industry usually do not need access conditions. As long as they have access to the Internet, they can register and access the content data provided by these systems and services freely. However, there is usually no unified standard for accessing these content data. Finance including the securities industry, by contrast, the industry’s proprietary, security systems and services are usually deployed in the network environment, access to this kind of system requires strict identity authorization, cannot use registered at random, but this kind of system, especially the trading system data access inside the industry standard to follow, such as FIX and FAST protocol.
The characteristics of restricted access and open standards in the securities industry determine that the information system construction of securities firms should take the controllability of access and the support degree of standards into more consideration when carrying out external access business.
In system construction, access control needs to consider the following points:
- authentication
User authentication is usually conducted in the form of issuing digital licenses. One certificate corresponds to one access user, and one access user can be authorized to bind to one or more trading accounts. The number of bound accounts is controlled by the certificate type and the background of the broker.
- Flow control
When external system access is released, strict traffic control must be performed on access clients or programs to avoid too much pressure on the system. Traffic control can be performed based on the number of requests per second and bytes sent per second by a single access user to avoid cross-impact between access users and reduce impact on the entire transaction system.
- security
User access license is the first step to access the system, so the security management of license is very necessary. User licenses can be bound to the MAC and IP of the machine the user is using. When necessary, online users and trading customers can be forced offline to improve the security control ability of the system.
- Protocol support
In financial business system, some standard protocols, such as Fix and Fast, are open. Hang Seng and Gold Securities trading systems, which are widely used by the securities industry, adopt T2 and FS closed protocols. When developing external access business, the protocol support provided to institutional customers can adopt Fix and REST
- Risk control
Under the background of strict supervision in recent years, it is natural that securities firms conducting external access business must strengthen the monitoring of abnormal, malicious and non-compliance trading behaviors, earnestly fulfill the management responsibility of customers’ trading behaviors, and regulate and restrain customers’ abnormal trading behaviors. The monitoring of investors’ trading behavior can be carried out from the sources of entrustment, related accounts, trading varieties, trading prices, quantity, frequency, direction and so on. Typical indicators include:
Transaction frequency, transaction turnover rate, large declaration monitoring, intensive declaration monitoring, continuous declaration monitoring, large frequent entrusted monitoring, large frequent transaction monitoring, knock monitoring and other risk control indicators.
In addition to monitoring, the control means can be refined to each site, each application, each trading user, and then to each financial service type, business flow, proportion, and even each trading order. In addition, it can also accurately control indicators such as leverage ratio, flow right, trading restriction, and withdrawal ratio.
Risk control often brings delay of transaction speed, while transaction speed is the most important indicator for securities firms to compete in external access services. It adopts parallel computing technology and is equipped with microsecond level real-time risk control engine to improve transaction speed and build real-time risk control and global risk control ability. It can help securities firms quickly establish an all-round, whole-process real-time risk control capability that meets the requirements of third-party external risk control, so as to meet the compliance monitoring and risk management requirements of securities companies on institutional transactions.
How to solve it? Look out for fan Tai Geek’s follow-up posts