Thales banner

Data Security Compliance with ASIC Market Integrity Rules in Australia

Thales helps organizations address Information Security Requirements for the market participants.

ASIC Market Integrity Rules (Securities Markets and Futures Markets) 2017

Test

ASIC introduced the ASIC Market Integrity Rules (Securities Markets and Futures Markets) Amendment Instrument 2022/74 which amends the ASIC Market Integrity Rules (Securities Markets and Futures Markets) 2017. The amendments can be found in Report 719: Response to submissions on CP 314 Market integrity rules for technological and operational resilience.

The Technological and operational resilience rules commence on 10th March 2023 which set minimum expectations and controls to mitigate technological risks and help to safeguard the integrity and resilience of Australia’s markets.

With extensive experience helping organizations comply with compliance mandates, Thales helps organizations comply with ASIC Market Integrity Rules by addressing Information Security Requirements.

  • Regulation
  • Compliance

Regulation Overview

The Technological and operational resilience rules of ASIC Market Integrity Rules (Securities Markets and Futures Markets) Amendment Instrument 2022/74 commence on 10th March 2023, it sets minimum expectations and controls to mitigate technological risks and help to safeguard the integrity and resilience of Australia’s markets. The Rules also:

  • introduce additional obligations on market participants and operators in relation to technological and operational resilience
  • reinforce the broader regulatory focus on deterring inadequate systems and operational governance and controls create
  • greater alignment with international standards and other domestic standards
  • add to existing requirements on entities in respect of information security and operational resilience, such as APRA’s Prudential Standard CPS 234: Information Security.

Who needs to comply with ASIC Market Integrity Rules?

  • Securities markets: ASX, Chi-X, NSXA, SSX and their participants
  • Futures markets: ASX 24, FEX and their participants

Thales helps market participants to address the Information Security Requirements of ASIC Integrity Rules amendment.

  • Thales OneWelcome identity & access management solutions limit the access of internal and external users based on their roles and context with strong authentication (MFA), granular access policies and fine-grained authorization policies.
  • SafeNet IDPrime smart cards can be leveraged for implementing physical access to sensitive facilities. These smart cards can also augment Passwordless authentication initiatives relying on PKI and FIDO technology.
  • SafeNet Trusted Access allows organizations to respond and mitigate risks by providing an immediate, up to date audit trail of all access events to all systems, which automatically streams logs to external SIEM systems.
  • CipherTrust Data Discovery and Classification efficiently identifies structured as well as unstructured sensitive data, it provides built-in templates that enable rapid identification of regulated data, highlight security risks, and help you uncover compliance gaps.
  • CipherTrust Data Security Platform enforces very granular, least-privileged-user access management policies, enabling protection of data from unauthorized access by privileged users or attackers.
  • CipherTrust Transparent Encryption solution protects data with file and volume level data-at-rest encryption, access controls, and data access audit logging without re-engineering applications, databases, or infrastructure. MFA for CipherTrust Transparent Encryption prompts system administrators and privileged users to demonstrate additional factors beyond a password before gaining access to sensitive data, to minimize the chance of a rogue user getting through.
  • CipherTrust Transparent Encryption Ransomware Protection (CTE-RWP) continuously monitors processes for abnormal I/O activity and alerts or blocks malicious activity before ransomware can take complete hold of your endpoints and servers. It monitors active processes to detect ransomware – identifying activities such as excessive data access, exfiltration, unauthorized encryption, or malicious impersonation of a user, and alerts/blocks when such an activity is detected.

Recommended Resources

Address Information Security Requirements of ASIC

Address Information Security Requirements of ASIC Market Integrity Rules in Australia - Compliance Brief

ASIC introduced the ASIC Market Integrity Rules (Securities Markets and Futures Markets) Amendment Instrument 2022/74 which amends the ASIC Market Integrity Rules (Securities Markets and Futures Markets) 2017. The background on the amendments can be found in Report 719:...

Comply with the APRA Prudential Standard CPS234 in Australia

Comply with the APRA Prudential Standard CPS234 in Australia - Compliance Brief

The purpose of Prudential Practice Guidelines (PPG) is to provide guidance to Boards, senior management, risk management and information security specialists (both management and operational) of APRA-regulated entities with respect to the implementation of Prudential Standard...

Get Ready for PCI DSS 4.0 with Thales Data Protection

Get Ready for PCI DSS 4.0 with Thales Data Protection - White Paper

Criminals continue to target consumers’ payment data, and IT security defenses need to keep pace. According to the 2024 Thales Data Threat Report, nearly two-thirds of financial services respondents (64%) report seeing an increase in attacks, versus 49% survey-wide. Notably,...

Get Ready for PCI DSS 4.0 with Thales  SafeNet Trusted Access

Get Ready for PCI DSS 4.0 with Thales OneWelcome Identity Platform - Solution Brief

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard that provides a baseline of technical and operational requirements designated to protect payment data and reduce credit card fraud.

Data Security Compliance and Regulations - eBook

Data Security Compliance and Regulations - eBook

This ebook shows how Thales data security solutions enable you to meet global compliance and data privacy requirements including - GDPR, Schrems II, PCI-DSS and data breach notification laws.

Other key data protection and security regulations

GDPR

Regulation
Active Now

Perhaps the most comprehensive data privacy standard to date, GDPR affects any organization that processes the personal data of EU citizens - regardless of where the organization is headquartered.

PCI DSS

Mandate
Active Now

Any organization that plays a role in processing credit and debit card payments must comply with the strict PCI DSS compliance requirements for the processing, storage and transmission of account data.

Data Breach Notification Laws

Regulation
Active Now

Data breach notification requirements following loss of personal information have been enacted by nations around the globe. They vary by jurisdiction but almost universally include a “safe harbor” clause.