In the financial world, the scope and impact of information technology evolves rapidly. The role of chief technology officer (CTO) at a U.S. financial exchange goes beyond the “traditional” IT realms of hardware, networking and software programming, to managing the Governance, Risk Management and Compliance (GRC) functions of an exchange in regards to the IT infrastructure for trading and back-office systems.
When I began my IT career in the late 80s at the Chicago Board Options Exchange (CBOE), Information Technology, or as we referred to it then, “Systems” was a landscape of mainframe computers, large disk frames and the beginnings of the proliferation of personal computers. IT staff focused on software development and computer operations. The concept of the data highway and networks was just coming to life, with the internet not far behind.
“Traditional IT disciplines and tasks remain, but now they are accompanied by responsibilities in the area of GRC.”
As CTO, my job responsibilities in the early 90s centered around building the infrastructure to support CBOE’s trading and back-office systems, including server installation, storage and networking, data-center management, disaster recovery planning and information security.
As we approached the millennium, CBOE engineered its leading-edge trading technology to process millions of order and quote messages per second, even on the most volatile trading days. As we moved forward, we sped up, racing to micro seconds in trading response times.
The largest options exchange in the U.S., CBOE, has two options exchanges and one futures exchange running on thousands of servers in Chicago and New Jersey data centers that connect to market participants around the globe, trading millions of contracts daily. Traditional IT disciplines and tasks remain, but now they are accompanied by responsibilities in the area of GRC.
In response to a rise in new trading technology, the Securities and Exchange Commission adopted a new Systems, Compliance and Integrity (SCI) regulation in November 2015. To comply with Regulation SCI, the IT departments of financial organizations, such as CBOE, had to retool to new regulatory standards.
Regulation SCI was adopted to strengthen the technology infrastructure of the U.S. securities markets and applies to certain self-regulatory organizations, including CBOE and other stock and options exchanges, that are central to our country’s financial markets.
The associated growth of GRC at CBOE has meant more dedicated staff and the creation of a vast library of policies and procedures. While it is an added workload, it’s a task that must be accomplished by IT and other departments.
CBOE, as an organization, is driven to better manage and increase efficiencies with the GRC effort. Since GRC crosses multiple departments, CBOE needed a comprehensive solution to manage GRC tasks.
While we researched several options, including software specifically designed for GRC, we ultimately decided to create a customized solution, building in various levels of automated controls. This project was a collaborative effort between multiple CBOE departments working with a third-party consulting firm. A customized approach made sense for CBOE, since it allowed us to leverage existing hardware and software infrastructure, while being able to use talent we developed for future GRC and workflow-related processes throughout the organization.
The CBOE IT team is adapting to the added tasks required by enhanced GRC protocols. New job descriptions, training and internal reorganizing have allowed us to incorporate the GRC workload within our daily disciplines. Increased expectations accompanying regulation requirements, IT audits, compliance and enterprise risk management will continue to drive the IT landscape. My feeling is that this is just the tip of the iceberg.