# Company News

Monday, 18th July 2022

Information & Data Security Compliance

MFEX must be a trusted partner when it comes to data and information security. Working with these issues in a structured way and constantly looking at ways to improve, is therefore key to the organization.

Information & Data Security Compliance

At MFEX by Euroclear, upholding data and information security is seen as fundamental for being able to operate in a safe and successful way, as well as being a trusted and preferred business partner. As an actor in the financial industry, we rely on time-sensitive financial information and pricing in order to operate, and avoiding disruptions to our digital system is therefore key to our success. Failing to adhere to any data regulations or being subject of external cyber threats such as ransomware attacks, are therefore seen as critical risks within MFEX.

MFEX comply with all national legislations in the countries in which we operate, as well as with the EU General Data Protection Regulation (GDPR). In order to ensure compliance, we follow industry best practices such as the NIST Cyber Security Framework, ISO/IEC 27002 as well as the SWIFT Customer Security Control Framework. EBA Guidelines on ICT and security risk management and MAS Technology Risk Management Guidelines. MFEX have a GDPR Policy in place and any complaints or incidents can be reported through our whistleblowing function or directly to the Data Protection Officer. During 2021, MFEX have not identified any substantiated complaints concerning breaches of customer privacy.

Data and information security at MFEX is governed through the Chief Security Officer (CSO), who is located at the Headquarter in Stockholm and oversees the company-wide work with security. The CSO reports to the Chief Technical Officer (CTO) but is also in close dialogue with the Chief Risk Officer (CRO), who reports directly to the Board of Directors (BoD). The daily security operations are carried out through information security officers in Luxembourg, as well as through the Security Operations Center that detects and responds to incidents.

MFEX applies a 5-step approach for working with Information security incidents:

Identify : Asset Management, Business Environment, Governance, Risk Assessment, Risk Management Strategy

Protect : Awareness Control, Awareness & Training, Data Security, Information Protection, Processes & Procedures, Protective Technology

Detect : Anomalies & Events, Communications, Analysis, Mitigation, Improvement

Respond : Awareness Control, Awareness & Training, Data Security, Information Protection, Processes & Procedures, Protective Technology

Recover: Recovery Planning, Improvements, Communications

National Institute of Standards and Technology (NIST) Cybersecurity Framework

Since the cyber security landscape constantly evolve, we continuously oversee our routines and practices to ensure that we evolve and can detect and prevent any new types of threats. One way that we assess the success of our management approach is simply by measuring the number of confirmed breaches or losses of customer data. During the past year, a process has been initiated to improve the security awareness among employees, to prevent potential data breaches due to human errors. The goal is to launch security awareness training that are customized towards the employees’ existing knowledge.

Learn more

Latest News

SUSTAINABILITY REPORT 2022 - GOVERNANCE

Governance - Data & information security

22nd Aug 2023

SUSTAINABILITY REPORT 2022 - MARKETPLACE

Marketplace - ESG in our product offering

16th Aug 2023

PRIVATE CAPITAL AND THE LOOMINGRETAIL OPPORTUNITY

Private capital and the looming retail opportunity

17th Jul 2023

Goji logo

Euroclear completes acquisition of Goji

16th Jul 2023

Want to talk to a member of our team?