While Systemically Important Financial Markets Utilities (SIFMUs) are part of the due diligence process every financial institution in the finance industry is required to perform, they are unique. First, since October 2014, they are the most highly regulated organizations in the FI due to their designation organizations that could threaten the stability of the entire U.S. financial system.
Their regulatory environment is such that three agencies, (Federal Reserve Board, SEC, and Commodity Futures Trading Commission) actively regulate them. Constantly. Any activity that can be construed as risky (read derivatives) may be scrutinized, in its entirety, by all three agencies.
Having said all that, your responsibility to "try" to obtain the due diligence your organization requires is complicated by the fact that these organizations all have extremely enhanced cybersecurity requirements. Which makes regulators a little skittish to require them to participate in the due diligence process.
The best you are going to be able to do is document every effort you make to obtain the information. Make sure you keep every piece of documentation you have for your auditors and examiners. Keep every email and records of phone conversations.
That's my take on SIFMUs; does anyone else have any experience with these rare entities?
Original Message:
Sent: 07-17-2020 03:24 PM
From: Anonymous Member
Subject: SIFMUs
This message was posted by a user wishing to remain anonymous
Re: Systemically Important Financial Markets Utilities (SIFMUs):
Hello all,
Not sure if this topic was a previous discussion. How is everyone handling reviews of their SIFMUs? From my experience, they are unwilling to respond to assessments or to other requests for information (e.g. providing details on their Business Continuity/Disaster Recovery program, including test locations, Recovery Time Objectives (RTO), Recovery Time Capabilities (RTC), etc). Do you threat as a Full Risk Acceptance or otherwise handle differently from your other suppliers?
Thank you.