.jpg)
NZX has considered the recommendations and potential cost impacts following the completion of reviews commissioned by the NZX Board from independent service providers into the clearing and settlement incidents between March and April 2020, and the Distributed Denial of Service (DDoS) attacks that began in August 2020. NZX accepts that it did not meet its own high standards in certain areas of its technology systems.
As outlined at the 2020 Investor Day, NZX recognises the need for further technology investment in 2021, particularly in the markets businesses, in order to enhance the stability and resilience of its technology framework.
This includes enhancing the Securities IT team and cybersecurity counter-measures, with related pricing to market participants to be considered. NZX is well advanced, in conjunction with market ecosystem participants, for a major upgrade to its core trading system around the end of March 2021.
NZX confirms that there is no impact on the FY2020 earnings guidance update communicated at the NZX Investor Day and released to the market on 2 December.
In order to provide an early indication to the market, the NZX Board considers the investment required to deliver on the recommendations of the reports from independent service providers EY and InPhySec will have an impact on ongoing technology costs.
The Board has not yet considered the consequences on pricing for NZX services, but some cost recovery process is likely.
The NZX Board acted decisively post these events in commissioning the reviews from independent service providers. The findings were publicly accepted by NZX and the Chief Executive, Mark Peterson, said NZX has already delivered on a number of these actions with others underway.
Recommendations included formalising the Technology Sub Committee of the NZX Board, enhancing its working relationship and communications with the ecosystem, a range of technical hygiene improvements which includes extending crisis management planning and bolstering NZX's IT organisational structure with some specific specialist skill sets.
Mr Peterson said NZX initiated its technology infrastructure modernisation programme in 2017, with $12 million invested over the four-year period to 2020, in projects that focused on clearing, infrastructure and trading system improvements, modernisation, and capacity improvements.
Since the technology disruptions in March and April, NZX has made additional changes to increase the resilience and stability of its systems. NZX has also strengthened its Distributed Denial of Service (DDoS) defences following the cyber-attacks.
NZX has shared its reports from independent service providers with the Financial Markets Authority (FMA), as part of the FMA's review of NZX’s compliance with market operator obligations and we expect the FMA to publish its report and findings later in January. NZX expects that it will need to agree a formal action plan with the FMA in response to its findings once finalised.
Once a formal action plan has been agreed with FMA, NZX will be in a position to quantify likely incremental technology costs (in addition to changes to NZX’s ongoing structural technology costs that have already been implemented).
Mr Peterson said NZX is determined to act on the recommendations of its reports from independent service providers, and the action plan ultimately agreed with FMA in response to its review, and will continue to communicate with the market and the FMA about its progress.
NZX will provide FY2021 Earnings Guidance with its FY2020 result and Annual Report on 17 February 2021.
