When I speak to my clients about risk, they think about market risk, counterparty risk and credit risk. But these days, we also need to think about operational risk—and specifically, technology risk. In talking about technology risk, I’d like to break it down into three categories: resiliency, timeliness and scalability.


Though it would be nice, software and hardware do not run perfectly all the time. So, resiliency is based on two considerations: the percentage of uptime that you need, and your ability to realize failover—that is, the capability to switch to a redundant or backup server.

With my clients, I often conduct due diligence to actually determine the business’ resiliency profile: their uptime profile, how to measure it, and how to react to and measure failover.


Timeliness is also based on two considerations: your latency profile and your synchronization profile. Latency simply refers to the amount of time it takes data to travel from one point to another. In practical terms, this is the time required to execute a transaction, access market data or provide transaction services.

On the other hand, synchronization refers to knowing which points in the enterprise need to be synchronized for a complete view—for example, of your positions or of the market, especially when there are disparate systems. In my experience, this can be a real challenge for our clients.


Scalability refers to the volume of data and messages that course through your enterprise, and must be based near-term and long-term projections. On one hand, it’s a straightforward exercise to determine if your infrastructure can keep up with the number of transactions that you currently process. However, when projecting for scalability, future functionality must be considered. I often speak to clients who have an existing platform, but don’t know if anticipated new functionality will cause a spike in volume that can be supported by their existing architecture, or will force a move to another platform entirely.

So when I refer to technology risk, this is what I’m referring to: resiliency, timeliness and scalability. How does your firm address these risks?