Data Security Compliance with ASIC Market Integrity Rules in Australia

Regulation Overview

The Technological and operational resilience rules of ASIC Market Integrity Rules (Securities Markets and Futures Markets) Amendment Instrument 2022/74 commence on 10th March 2023, it sets minimum expectations and controls to mitigate technological risks and help to safeguard the integrity and resilience of Australia’s markets. The Rules also:

• introduce additional obligations on market participants and operators in relation to technological and operational resilience
• reinforce the broader regulatory focus on deterring inadequate systems and operational governance and controls create
• greater alignment with international standards and other domestic standards
• add to existing requirements on entities in respect of information security and operational resilience, such as APRA’s Prudential Standard CPS 234: Information Security.

Who needs to comply with ASIC Market Integrity Rules?

• Securities markets: ASX, Chi-X, NSXA, SSX and their participants
• Futures markets: ASX 24, FEX and their participants

Thales helps market participants to address the Information Security Requirements of ASIC Integrity Rules amendment.

• Thales OneWelcome identity & access management solutions limit the access of internal and external users based on their roles and context with strong authentication (MFA), granular access policies and fine-grained authorisation policies.
• SafeNet IDPrime smart cards can be leveraged for implementing physical access to sensitive facilities. These smart cards can also augment Passwordless authentication initiatives relying on PKI and FIDO technology.
• SafeNet Trusted Access allows organisations to respond and mitigate risks by providing an immediate, up to date audit trail of all access events to all systems, which automatically streams logs to external SIEM systems.
• CipherTrust Data Discovery and Classification efficiently identifies structured as well as unstructured sensitive data, it provides built-in templates that enable rapid identification of regulated data, highlight security risks, and help you uncover compliance gaps.
• CipherTrust Data Security Platform enforces very granular, least-privileged-user access management policies, enabling protection of data from unauthorised access by privileged users or attackers.
• CipherTrust Transparent Encryption solution protects data with file and volume level data-at-rest encryption, access controls, and data access audit logging without re-engineering applications, databases, or infrastructure. MFA for CipherTrust Transparent Encryption prompts system administrators and privileged users to demonstrate additional factors beyond a password before gaining access to sensitive data, to minimise the chance of a rogue user getting through.
• CipherTrust Transparent Encryption Ransomware Protection (CTE-RWP) continuously monitors processes for abnormal I/O activity and alerts or blocks malicious activity before ransomware can take complete hold of your endpoints and servers. It monitors active processes to detect ransomware – identifying activities such as excessive data access, exfiltration, unauthorised encryption, or malicious impersonation of a user, and alerts/blocks when such an activity is detected.