MFEX Mutual Funds Exchange - Logo

# Company News

Monday, 18th July 2022

Information & Data Security Compliance

MFEX must be a trusted partner when it comes to data and information security. Working with these issues in a structured way and constantly looking at ways to improve, is therefore key to the organization.

Information & Data Security Compliance

At MFEX by Euroclear, upholding data and information security is seen as fundamental for being able to operate in a safe and successful way, as well as being a trusted and preferred business partner. As an actor in the financial industry, we rely on time-sensitive financial information and pricing in order to operate, and avoiding disruptions to our digital system is therefore key to our success. Failing to adhere to any data regulations or being subject of external cyber threats such as ransomware attacks, are therefore seen as critical risks within MFEX.

MFEX comply with all national legislations in the countries in which we operate, as well as with the EU General Data Protection Regulation (GDPR). In order to ensure compliance, we follow industry best practices such as the NIST Cyber Security Framework, ISO/IEC 27002 as well as the SWIFT Customer Security Control Framework. EBA Guidelines on ICT and security risk management and MAS Technology Risk Management Guidelines. MFEX have a GDPR Policy in place and any complaints or incidents can be reported through our whistleblowing function or directly to the Data Protection Officer. During 2021, MFEX have not identified any substantiated complaints concerning breaches of customer privacy.

Data and information security at MFEX is governed through the Chief Security Officer (CSO), who is located at the Headquarter in Stockholm and oversees the company-wide work with security. The CSO reports to the Chief Technical Officer (CTO) but is also in close dialogue with the Chief Risk Officer (CRO), who reports directly to the Board of Directors (BoD). The daily security operations are carried out through information security officers in Luxembourg, as well as through the Security Operations Center that detects and responds to incidents.

MFEX applies a 5-step approach for working with Information security incidents:

Identify : Asset Management, Business Environment, Governance, Risk Assessment, Risk Management Strategy

Protect : Awareness Control, Awareness & Training, Data Security, Information Protection, Processes & Procedures, Protective Technology

Detect : Anomalies & Events, Communications, Analysis, Mitigation, Improvement

Respond : Awareness Control, Awareness & Training, Data Security, Information Protection, Processes & Procedures, Protective Technology

Recover: Recovery Planning, Improvements, Communications

National Institute of Standards and Technology (NIST) Cybersecurity Framework

Since the cyber security landscape constantly evolve, we continuously oversee our routines and practices to ensure that we evolve and can detect and prevent any new types of threats. One way that we assess the success of our management approach is simply by measuring the number of confirmed breaches or losses of customer data. During the past year, a process has been initiated to improve the security awareness among employees, to prevent potential data breaches due to human errors. The goal is to launch security awareness training that are customized towards the employees’ existing knowledge.

Learn more

Latest News

Newsroom Comparing funds on ESG aspects with EET

Comparing funds on ESG aspects with EET

27th Nov 2022

Newsroom - We Just Turned ONE!

We Just Turned ONE!

8th Nov 2022

newsroom dublin office opening 2022

MFEXbyEuroclear to expand in Ireland

3rd Oct 2022

DEFINING AN ESG STRATEGY

Defining an ESG Strategy

11th Jul 2022

Want to talk to a member of our team?

Your Cookies Settings

May we use cookies to improve your experience on our site?

We take your privacy very seriously. For further details regarding how we use cookies, please see our cookie notice, and for further information on how we process personal data, please see our privacy notice.