Download presentation for consolidated audit trail (cat)

PRESENTATION FOR CONSOLIDATED
AUDIT TRAIL (CAT) BIDDER SUMMIT
JULY 29, SIFMA
Copyright 2014. EPAM Systems, Inc. & Broadridge Financial Solutions, Inc.
All rights reserved. All trademarks and service marks are the properties of their respective owners. The presentation contains proprietary content belonging to EPAM Systems, Inc. & Broadridge Financial Solutions, Inc.
AGENDA
•
Team Introductions
•
EPAM & Broadridge Overview
•
CAT Processor Organizational Structure
•
Highlights from our approach for CAT product definition, design and implementation
strategy
•
Overview of Technology Solution
•
Security and privacy issues, handling of customer information
•
Linking trade data information
•
Data collection
•
Approach to Project Management and the Build of the Solution
•
Q&A
Copyright 2014. EPAM Systems, Inc.
TEAM INTRODUCTIONS
Mark Bisker
SVP, Head of Capital
Markets Competency
Center, EPAM Systems
Mr. Bisker joined EPAM in 2007. Mark has been in the financial service industry for over 20 years, he
has expert level knowledge in market structure and Capital Markets front office technologies. Prior to
EPAM, Mark served on ISO 15022 committee, SRO technical advisory board, director of board of
brokerage company, and previously held leadership positions at Charles Schwab, Lava trading,
Hudson Securities, B2BITS.
Sam Rehman
Chief
Technology Officer
EPAM Systems
Mr. Rehman joined EPAM in May 2013 as CTO. Prior to EPAM, Mr. Rehman held positions as CTO
and SVP for Grid Dynamics, a professional services company specializing in E-commerce and high
performance computing. He has also spent close to 10 years with Oracle Corporation, where he led
development groups as Director and VP of Engineering.
Niten Jaiswal
Vice President, Cloud
and Datacenter
Services
Broadridge
Mr. Jaiswal joined Broadridge/ADP in 2006 as a Technical Consultant, and has 10 years experience
in Enterprise and Infrastructure Architecture and 15 years of experience as a systems administrator
Prior to Broadridge, Mr. Jaiswal has held technical and leadership positions at Big Foot Interactive
(now Epsilon), Cendant, and IBM.
Bob Urbanik
Vice President,
Product Management –
BPS Core Growth
Broadridge
Mr. Urbanik joined Broadridge in 2014 as a product manager responsible for the regulatory and
strategy for the BPS-Core product. He has nearly 25 years experience in software product
management and client service serving the front-middle-back office for institutional and retail
financial service firms. Prior to Broadridge, Mr. Urbanik worked at SunGard, Bessemer Trust, and
Merrill Lynch.
Copyright 2014. EPAM Systems, Inc.
EPAM/BROADRIDGE OVERVIEW
Copyright 2014. EPAM Systems, Inc.
ABOUT EPAM
A LEADING GLOBAL END-TO-END SOLUTIONS COMPANY
COMPANY
HEADCOUNT
INDUSTRY FOCUS
1993 founded, US HQ in
10,500+ technical staff dispersed
Banking & Finance
30%
Newtown, PA
across NA, Europe, and APAC.
ISVs & Technology
22%
Public (NYSE: EPAM)
50+ employees hold PhD degree.
Travel & Consumer
22%
Information & Media
13%
FINANCIALS
SECURITY
EXPERTISE
$555m revenues in FY 2013
ISAE 3402, SAS Type II
Order Management, FIX, OATS, ACT,
$175m cash, debt-free
ISO 27001:2005
TRACE, OCC, Exchanges, Big Data,
No client > 15% of revenue
CMMI Level 5
High Performance Computing
Copyright 2014. EPAM Systems, Inc.
ABOUT BROADRIDGE
Broadridge with over $2.4 billion in revenues, is a leading global provider of technology-driven
solutions to banks, broker-dealers, mutual funds, and corporations globally.
• Investor communication solutions, securities processing and
operations outsourcing.
• Clearance and settlement in over 70 markets for domestic
and international equities, options, fixed income, ETF and
mutual funds.
• Management of core books and records, tax reporting, multicurrency, cost basis, OATS, EBS, Large Trader reporting.
• Securities processing technology scale supports over 40
million customers and over 2 million compressed equities
trades per day.
#1 in Delivery Excellence
#1 in Scale
#1 in Customization
#1 in Best of Breed Technology
#1 in Data Security
#1 in Customer Care
Leading Securities Processor
• 6,400 associates operating in 14 countries, smart-shoring
20% of its associates in India.
• Established connectivity with majority of US broker-dealers.
Copyright 2014. Broadridge Financial Solutions, Inc.
OUR PARTNERSHIP
EPAM has identified Broadridge to be ideally positioned as
the premier operational provider for the CAT system
• EPAM will comply with the SROs requirements and will work
with SROs on formal contract to mutually agree on all aspects
of third-party relationship governance.
• EPAM and Broadridge teams will jointly develop and set clear
responsibilities and authorities in the Subcontract agreement.
• EPAM will assign Senior Vice President of CAT Processor to
lead the design, build, and enhancements of the CAT
platform.
• Broadridge will assign SVP of CAT Business and Operations
and Chief Compliance Officer (CCO).
Broadridge Responsibilities
• Product management – working with
EPAM
• Compliance, audit and security
• Finance and administration
• Operations
• Client & reporter relationship services
• Infrastructure support
• We are flexible to adapt the organizational structure based on
further discovery and recommendations from SROs and the
SEC.
Copyright 2014. EPAM Systems, Inc.
RELEVANT EXPERIENCE
Global Investment Bank
SWIFT confirmation matching engine:
• Distributed calculation platform on a
private cloud
• 30,000+ rules; 3M+ messages / day,
200+ messages / sec by a thread
• Efficient matching algorithm for SWIFT
messages
• Configurable rules (per location/product)
Financial Research Aggregation Platform:
• End-to-end management of virtualized
network, storage, computing resources
• Private cloud across 2 datacentres
with 500 compute instances, 100
application components
• 50 TB of storage, 10+ million
documents repository
Securities and investor data processing:
• 4 PB data warehouse
• 7,000 servers across 10 data centers
globally
• 350,000 jobs executed daily
• 10,000 data feeds
World’s Leading Travel Company
Global Oil & Gas Company
Global Investment Bank
Analytical Data Warehouse Solution:
• Processing ~10 TB daily booking data
in 1 PB Hadoop warehouse
• Spooling & archiving booking data in
Cassandra
• Near real-time monitoring of metrics and
KPIs associated with online bookings
via Hadoop / Hue
Warehouse for operational parameters:
• Transaction volume is 200+ GB daily
• Data warehouse structure modelled in
Hive / HDFS
• Hadoop API Integration
• Data sync / ETL via distributed
process in Hadoop
800+ FTEs provide build and run the bank
• Focus on FX, Equities, Prime Services,
Fixed Income & Commodities
• Development and support of trading
platform
• Solution to support Basel III SRA
• Full revaluation of the banks trading
books via Monte Carlo simulation
Copyright 2014. EPAM Systems, Inc.
CAT PROCESSOR ORG STRUCTURE
Copyright 2014. EPAM Systems, Inc.
HIGH-LEVEL ORGANIZATION STRUCTURE
Steering Committee
(EPAM, Broadridge, and SROs Representatives)
Product
Management office
Project
Management Office
Compliance
Legal
Architecture
Software
Engineering
QA
HR
Tech Services
Governance
Accounting
Operations
Delivery Group
Administrative Group
Copyright 2014. EPAM Systems, Inc.
BROADRIDGE GOVERNANCE AND OPERATING MODEL
Copyright 2014. Broadridge Financial Solutions, Inc.
CAT PROCESSOR OPERATED BY BROADRIDGE
(HIGHLIGHTS)
Help Desk (HD)
Client Service (CS)
• Provides support infrastructure 24 X 7 via direct client call or
BR-Track
• Monitors processing through automated applications and
tools
• Monitors key intraday and nightly SLAs
• Provides day to day support for report
loads and data transmission setup and
Support Model
testing
• Monitors CAT inbound and outbound
• 24 X 7 technical & functional support
transmissions
• Monitors client exception indicators
• Four areas of support with streamlined call
• Day to day primary point of contact
• Receive calls directly or through BR-Track
• Work with AM for business requirements Provide status
updates to clients on projects and requests
• Work with the PM to resolve product
specific issues
• Alert clients of impacting production
issues
• Introduce to the technical areas all
client initiated enhancement requests
workflow
• Single point of contact and ownership
Account Management (AM)
• Direct contract with SMEs or correct targeted service
support group
Product Management (PM)
• Responsible for CAT Client
• Subject matter experts with specific
• Client self-help BR-Track utilizes same workflow
Relationship Management (CRM)
brokerage operations experience
• Workflow enabled escalation
• Handle new business initiatives and
• Provide client support during regular
project management
business hours
• Prioritize open issues aligned with
• Provide 24X7 support via the
client requirements and business
Broadridge Help Desk escalation
needs
• Client Enhancement Process
• Responsible for setting up strategic/technical update
• Review, approve, and introduce to the technical areas all
sessions
client initiated enhancement requests
• Execution of bi-annual client satisfaction survey
Copyright 2014. Broadridge Financial Solutions, Inc.
HIGHLIGHTS FROM OUR APPROACH
FOR CAT PRODUCT DEFINITION,
DESIGN AND IMPLEMENTATION
STRATEGY
Copyright 2014. EPAM Systems, Inc.
KEY TENETS FOR OUR APPROACH TO CAT
• Open data repository
• Minimize increase of compliance staff
• Minimize changes to collection mechanisms
• Lower CAT Reporters overhead for data submission
• Improve quality of data submissions
• SMEs to support the CAT users with integration
• OATS operations to CAT processor in year 2
Copyright 2014. EPAM Systems, Inc.
KEY SOLUTION FEATURES
• Central repository for orders and quotes life cycle events
• Built from scratch to avoid inefficiency in the existing legacy data models
• Scalable and reliable
• Designed to last
• Designed to accommodate technology advances and for efficient maintenance
• Architected with highest availability and security standards
• Combines proven security and control standards with architecture for performance
• Provides personal, fast, and secure storage
Copyright 2014. EPAM Systems, Inc.
KEY SOLUTION FEATURES
• Meets security requirements
• Offers Personal Hosting Provides built-in preview data analytics,
collaboration, and provisioning tools
• Enables easy integration
• Supports multiple transmission protocols, accepts raw FIX logs
• Provides means to minimize submission errors
Copyright 2014. EPAM Systems, Inc.
TECHNOLOGY SOLUTION OVERVIEW
Copyright 2014. EPAM Systems, Inc.
HIGH-LEVEL SOLUTION ARCHITECTURE
Copyright 2014. EPAM Systems, Inc.
B2B INGESTION LAYER (B2BIL)
•
Manages original submissions and re-submissions
(data processing stage errors or trade-level data
modifications)
•
Ingests data via secure FTP (SFTP/FTPS),
SSH/SCP, PeSIT and NDM connections using SSL
or TLS. Ordinary FTP and HTTP only in private
networks after security validations
•
Supports REST, SOAP via SSL, HTTP(S) and FIX
protocol clients
•
Allows extension of existing data formats with
additional fields if required by CAT
•
Utilizes the uniform format that will be developed
by EPAM for SRO’s and large CAT reporters with
possibility to continue with existing data formats
•
Allows data consumption from SIPs in real-time
and in batch modes
Copyright 2014. EPAM Systems, Inc.
OPERATIONAL DATA STORE LAYER (ODSL)
•
Accepts data from B2BIL and verifies accuracy
•
Identified errors stored as exceptions and
communicated back to reporters
•
ETL subsystem for normalization, anonymity
and load to topical databases
•
Order ID’s generation and data enrichment,
including linking of order events
•
Time data element to resolve time sync
anomalies between the CAT reporters
•
Keeps order- and quote-related data until
processed to final state and moved to the
Central Repository for long-term storage and
immediate regulator use
Copyright 2014. EPAM Systems, Inc.
CENTRAL REPOSITORY – FUNCTIONAL
DECOMPOSITION
•
Provides data storage for 5 years
•
Progressive data compression to scale
the solution beyond 20 PB
•
Accommodates the need to modify data
structures and onboard new data types
•
Provides fast response time for
interactive requests with highperformance design and data
partitioning
•
Automated replication and data archiving
for two years in a disaster recovery data
center fully complied with industry
standards
•
PII Data stored and managed separately
Copyright 2014. EPAM Systems, Inc.
DATA DELIVERY LAYER (DDL)
•
Secure delivery of CAT data and hosting of all client applications
•
Supports bulk and interactive queries from SROs, regulators and the SEC
•
3 ways to deliver results based on user settings and other factors:
o Sending via direct communication
o Uploading to client infrastructure
o Storing in a CAT-hosted, user-specific sandbox as a data mart
Data marts and analytics software for data access and
administration
Data transfer technologies to ensure query results delivery to enduser environment:
o Zip compression supported (but not required)
o SFTP, FTTPS, HTTPS, FIX and PeSIT over the public internet
o FTP, HTTP in private networks after proper security validations
Common portal technology for the major user groups:
1. Secure Portal and Reporting for CAT Reporters
2. Secure Portal to access data for Regulators, Auditors, and
Reporters
3. Public Portal
Backs up and archives all operations occurring in the DL
Active/passive replication process within the DR environment
•
•
•
•
•
Copyright 2014. EPAM Systems, Inc.
LINKING TRADE DATA INFORMATION
Implement the daisy
chain concept
Algorithm for efficient
linking of orders
Parent/child
approach for
aggregation and
splitting of orders
Order events
- Attribute account
number.
- Account number
linked with Customer
ID in CAT.
Summary of
executed trades by
Customer ID or
account number
Trades and
allocations are not
defining topology of
order events
Query CAT Reporter
ID and original order
ID to quickly link to
the ultimate
execution, allocation
or cancellation
Copyright 2014. EPAM Systems, Inc.
DATA COLLECTION
Data types include:
- Account information
- Market data
- Order & Quotes life
time related events
Different data path for
each data type
Support of multiple
submission protocols
Considering
expanding use of FIX
messages
Potential to accept
raw FIX/binary feeds
logs
Considering
leveraging existing
data formats
Considering
consumption from
SIPs in real-time and
in batch modes
Support proposal of
collecting quotes for
options trading from
exchanges only
Copyright 2014. EPAM Systems, Inc.
CUSTOMER AND ACCOUNT INFORMATION,
CUSTOMER ID
Customer definition per SEC Rule 613
- The account holder(s) of the account at the broker-dealer originating the order
- Any person from whom the broker-dealer is authorized to accept trading instructions for such
account, if different from the account holder(s).
 We support approach suggested by SRO’s which relies on account number and customer associations
stored by the CAT
 Account Id is defined by the broker internally and must be unique (account, sub-account)
 We expect that initial submission to CAT will include all existing accounts and then incremental information
submitted when new accounts opened, removed or modified.
 Based on the information provided by reporters, CAT will generate unique through CAT System CAT
Customer ID and store it in dedicated CAT Customer database using this id as a key.
 This key will be used to associate Customer’s data with order data as well as to perform queries against
customer’s database.
Copyright 2014. EPAM Systems, Inc.
BROADRIDGE DATA CENTERS BFSNET
Copyright 2014. Broadridge Financial Solutions, Inc.
PRINCIPLE NETWORK INFRASTRUCTURE
Copyright 2014. Broadridge Financial Solutions, Inc.
SECURITY & COMPLIANCE
BROADRIDGE
EPAM
•
•
ISAE 3000/3402 Type 2 (SAS 70 II), CMMI Level 5,
ISO 27001
•
EPAM Security Framework
Certifications including ISO 27001 and SSAE16
Audits – there are only 11 financial services
companies in the U.S. that carry the ISO 27001
certification
•
Physical and Environmental Controls
•
Disaster Recovery audited by FFIEC and ISO
•
Network, Application and Third-party Vulnerability
Scanning
•
Global Data Loss Prevention program, providing
strict governance to protect confidential Client Data
 ensures high security across all locations
 combines effective measures to protect
client’s intellectual property and assure
productivity
•
NDA and Contracts ensure information protection
and legal liability of every staff member in
accordance with local laws
Copyright 2014. EPAM Systems, Inc.
ENCRYPTION & PII PROTECTION
We plan to leverage Broadridge policies and technologies to control and track PII data.
BROADRIDGE POLICY
SECURITY FACILITY
•
•
State-of-the-art, C2* compliant facility
•
Main system components: Top Secret from Computer
Associates, Enterprise Security Server from Blockade
Systems and BTS, Data Loss Prevention product
•
Data Categories being monitored and protected: Data at
Rest, Data in Use, Data in Transit
•
Customer data submitted to CAT will be sent using
secure encrypted communication channels
•
PII will be stored in separate Database
•
PII information columns will be encrypted
•
Order events records will carry token only (AccountID,
CustomerID), none of PII data will be exposed in CAT
system elsewhere
•
Storage devices use FIPS 140-2 level 2 self-encrypting
drives
Access to client data is restricted through Role
Based Access Control
•
Systems storing client data reside within restricted
areas
•
Access is controlled through logical (user
credentials, firewall rules, ACL, etc.) and physical
access methods (scan cards, biometric scanners,
guards, CCTV, etc.)
•
System logs are activated to record all pertinent
events
•
Sensitive Data is segmented through physical and
logical architectures
•
Isolated VLAN segments are defined and are
secured through perimeter Firewalls and Access
Control Lists granting authorized access through
Host Based / Network Based / Protocol
Copyright 2014. Broadridge Financial Solutions, Inc.
SECURITY AND PRIVACY ISSUES, HANDLING OF
CUSTOMER INFORMATION,
ENCRYPTION
• Infrastructure has the ability to encrypt data
in transit (SSL) and at rest (hardware disk
based encryption)
• Data repository software is able to encrypt
data columns
• File transmissions infrastructure is able to
consume encrypted files sent from SROs and
other data providers
SECURITY TRAINING
• Broadridge and EPAM both have security
awareness programs that are given annually
to ensure that employees understand current
policies and processes
DATA ACCESS
• Broadridge and EPAM follow the least
privileged access security principle to ensure
that only necessary individuals have the
ability to access confidential information
• Integration with Broadridge’s SSO
infrastructure will allow federated access to
information to authorized 3rd party users
DATA CLASSIFICATION
• Broadridge BPO associates are trained to
identify and properly classify data as it is
introduced into the environment to ensure
that it is protected with the appropriate
controls
Copyright 2014. Broadridge Financial Solutions, Inc.
CAT COMPLIANCE REPORTING COMPARISON, ELIMINATION
OF REDUNDANT SYSTEM CONSIDERATIONS
Copyright 2014. Broadridge Financial Solutions, Inc.
APPROACH TO PROJECT
MANAGEMENT AND THE BUILD OF
THE SOLUTION
Copyright 2014. EPAM Systems, Inc.
CAT PROJECT MANAGEMENT APPROACH
STATE OF THE ART PROJECT
MANAGEMENT PROCESSES AND TOOLS
STEERING COMMITTEE & PROGRAM
MANAGEMENT
• Robust distributed development
methodology based on mix of Waterfall
and Agile approaches
• Technical PMO and Operational PMO
• Project planning & KPI management
• Requirements management, prioritization,
and traceability
• Project artifact database & management
• Change, risk, quality, resource, issue,
incident management
• Project audit
• Transparency, communication, and
socialization
• Review Milestones & Checkpoints
• Resolve project ambiguities and issues
• Prioritization of all aspects of the project
• Program management stitches together all
individual sub-projects and tasks
• PMO focus will change as project moves
to production and steady state
Copyright 2014. EPAM Systems, Inc.
INDUSTRY ENGAGEMENT – PRODUCT
DEVELOPMENT
Gather High Level Requirements
Publish for Comments
SROs
CAT Committee (SIFMA/FIF)
• 24 X 7 technical & functional support
• Four areas of support with streamlined
• call workflow
Modify
and
Gain
Approval
from SROs
• Single
point
of contact
and ownership
• Direct contract with SMEs or correct
targeted service support group
• Client self-help BR-Track utilizes same
workflow and Functional Specifications
Write Technical
• Workflow enabled escalation
Publish for Comments
SROs
CAT committee (SIFMA/FIF)
Modify and Gain Approval from SROs
Copyright 2014. EPAM Systems, Inc.
HIGH LEVEL TIMELINE
Year 1
Year 2
Year 3
Year 4+
SROs Equities and
Options
Large SRO
Members
Remaining SRO
Members
Fixed Income
Equity Swaps
Credit Default
Swaps
Other Securitybased Swaps
Copyright 2014. EPAM Systems, Inc.
TIMELINE – YEAR 0
Copyright 2014. EPAM Systems, Inc.
TIMELINE – YEAR 1
Copyright 2014. EPAM Systems, Inc.
TIMELINE – YEAR 2
Copyright 2014. EPAM Systems, Inc.
OUR VALUE PROPOSITION
EXPERTISE




Big data
Capital Markets
Managing large projects
Operations
• Data stewardship
• Business continuity
• Client/reporter services
• Data service/self-service
BREADTH AND DEPTH IN
ENGINEERING CAPABILITIES
 Large repositories
 High volumes
 Distributed processing for comparable data
volumes
 Highly qualified group of engineers with
relevant expertise
EXTENSIVE EXISTING NETWORK
CONNECTING US BROKER-DEALERS
Copyright 2014. EPAM Systems, Inc.