MiFID II - Managed Services Strike Back
To provide a robust time service, you need multiple independent and verified time sources.
So, we have arrived at the third act. Sticking with my cinematic obsession, this is where our story is supposed to be satisfyingly resolved.Where the bad guys are vanquished, the monster is slain and we blow up the Death Star.
However, first we need a plan; we need to know the whereabouts of that exhaust port or how to disable the shield.
In my previous blogs, I mentioned some of the challenges in setting up a time service suitable for the requirements of MiFID II.Now I’d like to suggest ways in which they can be overcome. Some of this could be filed under “easier said than done” but trust me, it can and has been done.
To provide a robust time service, you need multiple independent and verified time sources.A mixture of GPS, combined with existing and trusted time sources, is a good start.You need multiple sources so you can compare them against each other for verification.Think of them as wise old Jedi to whom you will be asking the same question to make sure the answer is consistent and reliable. This allows you to decide which is best, as well as helps you to spot if any individual Jedi (time service) is behaving badly. This could be because he’s simply confused, or maybe he’s gone over to the dark side…
Back in the real world, this means you will need some kind of central system that has an holistic understanding of each time source.This system needs to have an appreciation of the network topologies, latency and drift characteristics and an understanding of your GPS behaviour.These factors can and will impact the time reported by your time services. The higher your clock frequency, the greater the impact will be.
However, with all of this in place, you can generate a time service that is reliable and accurate enough to satisfy the regulators and give you the framework to drive your accuracy up into higher frequencies.
Of course, after you’ve created and deployed your time service, you need to be able to provide evidence of your clock synchronisation across all your in-scope devices.But, you don’t know when, or even if, you’ll be audited or required to provide evidence that you are compliant.Therefore, you need to store records and/or reports.Regulators are notoriously edgy about “taking your word for it”.
You also need to know how your time synchronisation is performing. There are several scenarios where it can fail and you need to know when this happens and be able to ensure that you are back to full compliance as soon as possible.
Ok, Good.Then let’s synchronise watches!
Peter Williams (FIA)
Senior Technical Director
Tel: +44 (0)203 328 7544
Hi again, so, in modern Hollywood tradition here is the post credit sting…
There is, of course, an easier way.You could have this done for you as a managed service.Let’s face it, you want compliance, not a new system to build, maintain, monitor and manage.