Recent weeks show a rising new trend in the foreign exchange and CFDs trading industry. ISO certification is taking shape as a major requirement, especially for firms dealing with high-end institutional clients. While the certification itself is not that expensive, the implementation of a suite of processes costs a lot of time, money and effort.
That said, senior executives across the industry shared with Finance Magnates that getting a company’s processes in line with the requirements is well worth it. Apparently, signing high-end partnerships with big companies requires an independent stamp of approval. While smaller players don’t mind, big institutional players are not even considering any business relationship with a firm which isn’t ISO-certified.
The universal opinion which was shared with us dictates that among other things, ISO certification conveys security to clients. The assurances that the institution with which a customer is dealing is committed to following certain processes serves as a significant boost of confidence.
While not a requirement per se, ISO certification can certainly be a factor when clients are choosing the firms they partner with. ISO/IEC 27001 is an information security standard, which defines a management system. That is intended to bring information security under management control and gives specific requirements to comply with.
Accelerating Industry Trend
In recent weeks, several different types of companies in the industry have come under the arena spotlight. Trading technology provider Spotware Systems for example has been supporting the ISO 27001 standard since 2012 with its cTrader Trading Platform . The company was recently awarded at the Annual Quality Assurance Conference in Cyprus for its information security system.
Two other major companies in the industry have announced recent certification with the international standardization organization. Connectivity provider PrimeXM views ISO 27001 as the international standard. After officially receiving its ISO/IEC certifications 27001 and 27002, the firm can present an independent opinion that it adheres to the best practices for an ISMS (information security management system).
According to the CEO of PrimeXM, Christian Vlasceanu, the ISO certification process is essential to verify a firm’s security and safety standards. Aside from serving as proof to clients that a company is diligent in following certain processes, it also serves a practical purpose, since potential security risks are contained and the company adheres to tough regulatory requirements.
Specific security controls to protect both physical hardware and software are an essential part of the certification process. Clients with vast knowledge of the industry do their homework and are frequently influenced by the lack of an ISO certification when making a final deal decision.
London-headquarter ActivTrades has also recently received an ISO 27001 certification for its top-notch information security management systems (ISMS). The reliability stamp of approval is acknowledging that a brokerage has the ability handle ISMS control responsibilities in the best possible way.
Clients of brokerages, especially at a time when security is a top issue across the globe, demand the utmost commitment from their partners.
Costs and Commitment
While companies to whom we spoke shared that the certification process itself is not that expensive, it is the preparation stage that gets the ball rolling. Hiring external consultants before inviting ISO’s representatives to do an audit is customary and identifying gaps in the system and exterminating them is essential.
On a very high-end institutional level, banks, Singaporean brokers, and other strictly-regulated entities are using ISO certification as a big portion of their decision whether or not to make certain deals. A company like Equinix for example became the Data Center provider for the industry after establishing a reputation of an organization that runs its operations efficiently and strictly.
The processes at the firm are structured, there are strict procedures, multiple levels of security and others. Equinix has obtained not only all ISO certificates popular in the industry, but also stamps of approval from other organizations.
Overall, an ISO certificate proves the quality of a business. Everything is getting tested - from systems and software to passwords, safety of hardware and access to controls. On-site visits from ISO certification experts include interviews with people in an organization, full fledged reviews, and ultimately suggestions for improvements which after implementation grant the company the certificate.
This isn’t where the commitment of the company stops however. Regular reviews are required to maintain a company’s status as a certified entity. When dealing with financial institutions, the process is expensive, with an internal round of preparation and heavy costs followed by a simulated audit by consultants.
From top to bottom, the certification process takes up to one and a half years, so if you’re up for the challenge and in it for the long run, you'd better get moving soon.