# Company News

Tuesday, 22nd August 2023

Governance - Data & information security

Sustainability Report 2022 Governance - Data & information security

Governance - Data & information security

Sustainability Report 2022


Data & information security

Having a robust information and data security management system is fundamental for all companies. This is especially critical for MFEX, considering our reliance on time-sensitive financial information to deliver the best experience for our clients.

We recognize that effective governance is critical to ensuring secure information and data security practices. Our organisation has implemented a governance framework that includes the following elements :

Risk Management:

We conduct regular risk assessments to identify and assess potential security risks to our information and data assets. Based on the results of these assessments, we implement appropriate controls and mitigation measures to reduce the likelihood and impact of security incidents.

Compliance and Legal Requirements:

We comply with applicable laws, regulations, and industry standards related to information and data security. Our information security team actively monitors changes in regulatory requirements and ensures that our security measures are aligned with these requirements. The following regulation has been accommodated:

  • EBA Guidelines on ICT and Security Risk Management

  • SWIFT Customer Security Control Framework

  • CSSF 20/750 Requirements regarding information and communication technology (ICT) and security risk management

  • CSSF 22/806 Outsourcing arrangements

  • MAS Guidelines on Technology Risk Management

  • MAS Notice on Cyber Hygiene

Reporting and Accountability:

Information and data security is overseen by the Chief Security Officer (CSO), located at our headquarters in Stockholm. We have local information security officers based in Luxembourg, France, and Sweden. CSO reports to Chief Technical Officer (CTO), Chief Risk Officer (CRO), other MFEX entities and stakeholders, the status of our security measures, incidents, and compliance with policies and procedures. CRO reports directly to the Board of Directors (BoD).

Continuous Improvement:

We are committed to continuously improving our information and data security practices. We regularly review and update our security measures based on feedback, lessons learned from security incidents, and changes in technology and industry best practices.

Policies and Procedures:

We have established comprehensive policies and procedures that outline our information and data security requirements, standards, and best practices. These policies and procedures are regularly reviewed and updated to reflect changes in our business environment and the evolving threat landscape. We follow the guidelines of the National Institute of Standards and Technology (NIST) Cybersecurity Framework, which consists of five key functions: Identify, Protect, Detect, Respond and Recover. Any complaints or incidents related to customer privacy can be reported through our whistleblowing function or directly to our Data Protection Officer (DPO). We are proud to report that in 2022, MFEX did not receive any substantiated complaints regarding breaches of customer privacy, and we did not experience any confirmed breaches or losses of customer data.

Read full sustainability report

Latest News


Marketplace - ESG in our product offering

16th Aug 2023


Private capital and the looming retail opportunity

17th Jul 2023

Goji logo

Euroclear completes acquisition of Goji

16th Jul 2023


MFEX Senior Management Changes

11th May 2023

Want to talk to a member of our team?