, , , ,

SaaS Market Gateways

SaaS Market Gateways

Complete your ETD desk within 1 week

SaaS Market Gateways

What are Market Gateways?

ETD trades (Futures & Options) are executed at the Exchanges and transferred to Clearing Houses for the clearing. Market Gateways connect middle/back offices with the electronic platforms of Clearing Houses and provide the operators with all features for the clearing of ETD trades: retrieve and match trades and orders, split, merge, allocate them on final accounts, give-up and take-up, etc.

Market Gateways: why, when, where

What “SaaS” stands for?

If you currently run a software (a service or an application) which is physically installed on your computer or your server, that means that it is an “on-premises” installation: you know exactly where your software and your data are located.

On the contrary, if the information where they are physically installed is not clear to you, you are probably using a Software-as-a-Service (e.g. Gmail, Dropbox, Zendesk, etc.).

More precisely SaaS refers to Cloud-based computing where “Cloud” indicates that the software services and data are handled not by your computer or local servers within your organisation but through a network of remote servers hosted by other organisations and accessible via the Internet. Remote servers could also belong to a department of your organisation or a subsidiary: in that case, the SaaS is provided through a “private” Cloud.

SaaS applications are accessible by web browsers or thin clients, i.e. lightweight client applications.

NB: SaaS is a new name for “ASP”, Application Service Provider.

A good rule of thumb for making a distinction between all types of “as-a-service”, SaaS, PaaS (Platform as a Service) and IaaS (Infrastructure as a Service), is to focus on who uses them.

  • SaaS: software services provided to end-users (e.g. Dropbox, Gmail, Microsoft Office 365, Slack...)
  • PaaS: used mainly by developers (e.g. Kubernetes, Apache Stratos,...)
  • IaaS: used by IT administrators (e.g. AWS EC2, Rackspace, Google Compute Engine)

Generally speaking, the Cloud is a technical advantage which provides cost reductions: physical resources are mutualised (RAM, processors, hard disks…) as well as the efficiency in the maintenance of servers (replacement of hard disks, increasing of RAM and CPUs,...) is increased since it is streamlined and simplified.

A shift of paradigm: from on-premises to SaaS Gateways

Traditionally, the financial institutions and corporates operating on ETD have Market Gateways installed on the premises within their own IT infrastructure. In-house solutions were preferred mainly because they were identified as more secure: often IT servers were in the building where the middle/back office operators worked. IT administrators applied the security protocols according to the financial institution internal policy. All front-to-back suites were installed on-premises: trading, pricing, clearing, accounting software, etc.

An on-premises installation is a legitimate approach which has several advantages: the IT infrastructure is “in house” and the financial institution manage them through high-skilled IT administrators.  Data are stored locally in servers physically belonging to the institution: the fact of having servers in the premises is undoubtedly reassuring. However, having a skilled team of IT administrators fully dedicated to apply resilience and security protocols to the infrastructure and data has a cost.

The primary reason for a shift from traditional on-premises to a SaaS model is for cost reductions: an efficient and consistent on-premises approach requires, in addition to the cost of IT infrastructure, high-skilled IT administrators who constantly have to setup and upgrade servers, operating systems, applications, etc.

Indeed, Market Gateways are already network components connected with Exchanges/Clearing Houses electronic platforms, therefore they a perfect candidate to shift towards SaaS. For end-users (operators) almost no change is perceived: they are provided with the same user interface and inputs/outputs; however, the Gateways are installed on remote servers.

Early adopters of the Cloud: a signal that time is up

In the past, only small institutions were able to justify the use of SaaS. Today we are witnessing a shift even in large financial institutions which agree to use banking solutions on SaaS.

In May 2019 Deutsche Börse and Microsoft have closed an agreement (*3) for using Cloud service within the EU financial services industry. Deutsche Börse has identified several benefits in migrating toward the Cloud:

Agility. The development and delivery of new functionalities is much quicker than before. Deutsche Börse will be able to react faster to new regulatory requirements.

Security. The companies providing the Cloud services have high expertise in security because they make huge investments on this.

Efficiency. More automation

Additional functionalities. E. g. Blockchain and Big Data

In November 2019 HSBC has announced (*6) to have been working on the Cloud for facing financial crimes. The aim of their new system for anti-money laundering,  based on the Cloud, will be able to identify suspected criminal activity. With their 39 million customers, 66 countries and territories, the huge amount of information brought HSBC to work on the Cloud.

In October 2018 at Sibos, SWIFT announced the project of deploying their messaging solutions in the Cloud (*1). The fact that SWIFT considers this change is a clear signal to the market that we are entering a new era where more and more actors will and can consider using a public Cloud for their processing. This might seem surprising as SWIFT has experienced cyberattacks resulting in the theft of millions of dollars (*2). The attack occurred within institutions which had, at that time, their SWIFT infrastructure installed on-premises. The fact that hackers were able to penetrate the SWIFT network was mainly due to stealing of the credentials required for authorising the access to SWIFT system and insufficient internal security controls.

Cloud and protection of data

For the protection of data, the regulation of the country where the servers are located is applied.

As a result, It is important to verify that the legislation is compliant with the policy of your organisation.

  • Europe: GDPR
  • USA: No general legislation, laws on specific sectors or specific types of data
  • Canada: PIPEDA
  • United Kingdom: GDPR (Brexit dependent)
  • ...

(*7) CNIL (24th January 2019). Data protection around the world - CNIL - https://www.cnil.fr/en/data-protection-around-the-world

Technical recommendations for SaaS Gateways

Microservices and containerisation. The Gateways have to be conceived as microservices and use the containerisation (e.g. Docker) to deliver single-function modules. The architecture of a Gateway has to be modular.

Performance and consistency. Independently from the approach (on-premises or SaaS) a Gateway has to be extremely performant and face bottlenecks due to overload of messages, e.g. a disruption in financial markets.

A Gateway has to implement all the features provided by the Clearing Houses, from the standard ones (regular trade allocation, give-up, take-up…) to the complex ones (average price, automatic residual optimisation calculations, reversal for give-up groups, give ups with several APS groups…).

Open system. Public documentation should describe how to interact with the Gateway (its APIs) and how to integrate the input/output of financial data (trades, orders, allocations, give-ups…) with other downstream systems (back-office, accounting, risk, regulatory…).

Integration of a SaaS Gateway with downstream systems

Despite the fact that a Gateway is installed on the Cloud, the integration of financial data with downstream systems is performed  according to usual protocols:

Files over FTP. Information is provided as files (FIXML, CSV…) transferred over an FTP folder. It is “the good old way” still used and still valuable in certain contexts, e.g read-only gateways which feed the back-office systems through periodical exports.

Message-Queuing system. Gateways communicate with most of Clearing Houses through MQ systems (e.g. IBM WebSphere). The same approach, but using any of the MQ systems available (e.g. Rabbit MQ), can be pursued for communicating with other systems of the financial institution. Data are wrapped into messages and sent into a queue from which they can be retrieved asynchronously. This approach allows a two-ways read/write communication. If operators use a  middle-office system, all clearing operations (allocation, split, merge, average price, give-up,...) can be sent to the Gateway directly from the middle-office system.

Calls to REST APIs. As an alternative to a Message-Queuing system, the connection between a Gateway and other systems can be established through calls to REST APIs.

NB: A VPN tunnel ensures the security of access to data

Setting up a SaaS Gateway

The setup of a SaaS Gateway is without any doubt faster than an on-premises installation.

For installing a Gateway on SaaS, the information you need to provide is the following:

  • Your membership ID for the connection to the Clearing House electronic platform
  • Your requirements for integrating financial data into your organisation

With this information, the deployment can be done within a week after ordering.

Summary

An on-premises Gateways installation is still a legitimate approach, especially if the IT administrators have been experiencing the connection with the Clearing House and maintenance of Gateways for a long time.

Undoubtedly, we are witnessing a global shift of paradigm, from on-premises to SaaS, which will probably be a standard approach in the near future even for financial institutions, which historically have been preferring to have total control on servers and data and related procedures of backup and restore. Market Gateways are “network objects” which require a read/write connection with Clearing Houses: as a result, they are better candidates to be deployed as SaaS.

When the SaaS approach is pursued, the organisation has to verify that their policies, in terms of protection and security of data, are compliant with the legislation of the countries which physically host the Cloud servers.

SaaS Market Gateways represent primarily a reduction of costs and a streamlining of infrastructure and applications maintenance. Within a SaaS approach, the maintenance and administration of Market Gateways are performed by dedicated and specialised IT administrator and support resources, who come directly from the software vendor. In addition to the technical infrastructure, they perfectly know Market Gateways and their troubleshooting: they are close to the Gateways developers. This brings more efficiency and resilience to the business.

Domenico ROTTA

Business Developer
domenico.rotta@enovea.net
https://www.linkedin.com/in/domenico-rotta/

https://crystalstream.net/

References

(*1) Guru Kirthigavasan (21st October 2018). “Microsoft and SWIFT make Azure cloud native payments a reality”. Microsoft Azure.

(*2) Corkery, Michael (30th April 2016). "Hackers' $81 Million Sneak Attack on World Banking". The New York Times.

(*4) Deutsche Börse Group (6th May 2019). Deutsche Börse and Microsoft reach a significant milestone for cloud adoption in the financial services industry.

(*5) Jennifer Shasky Calvery (25th February 2019). Technology targets financial crime. HSBC

(*6) Trond Vagen (28th November 2018). HSBC set to launch cloud-based AML system next year.. Reuters

(*7) CNIL (24th January 2019). Data protection around the world - CNIL - CNIL web site