It’s back to business as usual for stock markets in Paris, Amsterdam, Brussels and Lisbon.
On Monday, they were taken completely offline after their exchange operator, Euronext, suffered a software glitch. The company said it was caused by a technical failure on one of its data management systems and not the result of a cyberattack.
Euronext worked to restore full services that stopped trading on everything from stocks to commodities an hour into the European session on Monday. The glitch also caused large price discrepancies as brokers attempted to settle trades at the end of the day, which forced orders placed after the closing bell to be canceled.
The outage was one of a few that’ve hit the financial services industry this year. The world’s third-largest stock exchange in Tokyo was taken down by a hardware failure on Oct. 1, hack attacks have hit New Zealand’s exchanges and a software glitch took down electronic trading in Germany this summer.
When tech problems plague these financial market platforms, what really happens on the inside? And how do officials ensure trade is smooth when it restarts? Niki Beattie, CEO of the consultancy Market Structure Partners, gave the BBC’s Victoria Craig the inside scoop on the global edition of “Marketplace Morning Report.” The following is an edited transcript of their conversation.
Victoria Craig: How much are investors actually affected by events that take stock markets completely offline?
Niki Beattie: They are a big issue for investors, because the moment an exchange has an outage, nobody can see the prices in the market and they can’t trade. So if news breaks during that time, then it can significantly impact the price when the market reopens.
Craig: Obviously that means something has gone wrong. But what goes right in these situations that prevents chaos and volatility when the markets do eventually reopen?
Beattie: Well, it’s important to point out that there are some differences between the European market and the U.S. market. So there are many trading venues or exchanges competing with each other, both in the U.S. and in Europe. But, in the U.S., the data from all of those venues is combined into one place so that the market can carry on trading if one venue is out, and another isn’t.
In Europe, that doesn’t happen. So this data is not gathered in one place, and so the market doesn’t see what else is happening in other venues because most people are looking at the primary market. So, in answer to whether or not that creates chaos, it depends. But I think the U.S. market would function more smoothly in this sort of scenario.
Craig: Today, Euronext, we saw a very smooth open this morning. So what was going on behind the scenes in all likelihood that made it so smooth that didn’t make huge waves of volatility?
Beattie: I think it’s all gone smoothly this morning. That’s because everybody’s had a chance to have a breather. At the moment the outage actually happens, it is chaos behind the scenes at many, many investment banks and brokers, because they’ve all got to work out which orders actually got executed before the outage happened. They have to then go back and refill all of their orders. So it takes time to do all of those things. So it may not look like chaos on the top. But there’s a lot going on behind the scenes.
Are exchanges prepared to battle cyberattacks?
Craig: These days, our minds always tend to go to cyberattacks as the cause. But as we’ve seen, the Tokyo outage on Oct. 1 was a hardware issue. Euronext says yesterday’s failure was software related. Do you think cyberattacks are becoming a bigger risk? And are these exchanges adequately prepared do you think?
Beattie: Yesterday made me think about that. I do think cyberattacks in every business are becoming bigger issues, and certainly in my experience in financial markets, you see more and more evidence of them. And so it’s only a matter of time before an exchange has a cyberattack or is held to ransom. And then they could be out for days, which is quite frightening. And I don’t think people are prepared enough for that. I mean, if I look at the outage yesterday, even just in terms of how long it took to get back up and running, it suggests that people are so used to touching the steering wheel that when the steering wheel falls off, actually, there’s a lot of running around to work out how you deal with the back end. And there’s usually only a few specialists that really understand that. So it worries me that a cyberattack could take an exchange out for days. And I’m really not sure that people are ready for that.
Craig: How do they prepare themselves better then?
Beattie: I think it’s really important to have a sort of dress rehearsal and think about what type of cyberattack might happen. If we’re going to be held to ransom, are we just going to pay that? Do we have insurance? If we don’t, how are we going to deal with that? How long would we be out of the market? Or if it’s someone taking control of the software or changing the software, how quickly could we get to the bottom of that?
And I think regulators should be asking a lot of these questions. Some of the things that are built into regulations, actually, in Europe force other trading venues to take data from the primary exchange. So if the primary exchange goes down, then the entire market, for example, you know, the French market, if it’s a French exchange, it could be out for days in the event of a cyberattack.