For the first time in a generation, access to offices has been severely restricted. And, although the idea of remaining connected whilst remote is far from being a novel concept, the reality for businesses across sectors and industries, is that most are poorly equipped to ensure business continuity in a crisis such as this.
The simple fact that we can’t be together in a single office space highlights the challenges for connectivity teams managing multiple projects, with often fragmented processes, documentation, and lines of responsibility.
[bctt tweet=”‘FIX teams are often skeleton-staff with borrowed resources, running on processes largely in people’s heads. Responsibility for their APIs is typically a fraction of multiple people’s role and things fall through the cracks as a result.’ @fixspec”]
The unique nature of the current situation, however, is that the timescale is far from being predictable. Unlike traditional crisis management plans, we aren’t faced with a fire or flood lasting a few hours of days, but a global lockdown spanning weeks and likely months.
How does this unknown affect the way we work today, and how can we create continuity plans that mitigate the risks in the future?
FIX connectivity is already fragmented.
FIX connectivity teams are often skeleton staffed with resources (people and software) borrowed from elsewhere, and running on processes that are largely in people’s heads. From an organisational perspective, overall responsibility for APIs is often a fraction of multiple people’s role, meaning things tend to fall through the cracks as a result.
Working remotely will, therefore, amplify the problem and shine a 1,000-watt bulb on an existing pain point.
What was initially a fragmented team internally, is now spread even thinner and often without the documentation, processes, tooling and – crucially – ownership required to work remotely.
Whether it’s the result of poorly documented APIs, processes, or customer information, or simply a lack of resource, addressing existing issues and pain points is the first step to creating continuity of service, even before creating a plan for a crisis such as this.
Don’t fear the internet.
In the early days of social distancing, there were fears that ISPs would simply not be able to cope with the level of demand now that people were “working” remotely, be that Zoom calls, VPNs or Netflix…
The reality, however, is that the Internet really hasn’t skipped a beat.
In financial trading, however, point-to-point connectivity and cross-connects will continue to rule supreme. They are already in place, offer secure, low-latency trading, and offer the level of performance guaranteed to handle millisecond transactions day in, day out.
This doesn’t mean, however, that the internet should be feared or has no place in financial services.
As this crisis has highlighted, the internet is far more resilient than we once thought and, although marginally slower, enables workers across the financial services industry to remain connected. We know that internet security (when done correctly) is not a significant issue either, as end-to-end encrypted services such as WhatsApp and retail banking portals clearly demonstrate.
Could this, therefore, be an opportunity for firms to move non-latency-specific connectivity away from expensive private infrastructure, and onto the internet? If the internet can be relied upon, there’s no reason why any onboarding, UAT, and even post-trade processing can take place on more flexible, cost-effective infrastructure.
Consider cloud-based tooling.
Whether you are an accountant or an HR manager, cloud-based software has very much become the status quo in offices across the country. SaaS has exploded, enabling companies of all sizes to offer flexible working arrangements, reduce the reliance on internal or external IT resource, and inadvertently create continuity should a crisis occur.
For trading firms considering any type of software, one early consideration is always security. Since the topic is typically voiced by colleagues who aren’t trained in data security categorisation, they often err on the side of caution – if it’s inside our system and nobody can access it from the outside, then we have no security or privacy concerns, right?
We don’t want to suggest that internal IT systems can’t be accessed by remote workers, as simple VPN or remote desktop software can achieve that. Instead, we suggest that enterprise software creates extra “hoops” for remote employees to jump through, and extra layers of IT that internal staff need to build, maintain and test. So does this cost justify the benefits?
In the case of FIX customer onboarding, a sensible data security classification should quite quickly conclude that SaaS software has a very low-risk profile; it doesn’t contain any production data, there should be no technical access to the production environment, and there would be no data that could be used by a malicious actor to subsequently connect to production systems. Add in best-practise security design and controls, and the case for on-premise software looks very shaky indeed — it adds cost without the corresponding benefits.
From an accessibility point of view, cloud-based tools offer global, concurrent access to multiple users, from any location. Built from the ground up to be accessed remotely, and not retrofitted to work in a crisis.
Coordinating multiple teams will be infinitely more achievable with centralised, scalable, and secure cloud-based tooling that can minimise downtime, reduce internal IT resource, and keep business-critical functions functioning whilst working remotely.
Create a people-first continuity plan.
As the memory of scrambling to maintain continuity of service fades, firms will inevitably begin to look within to see what went wrong, what could be improved, and how to maintain crucial continuity of service.
The current pandemic is already a longer ‘crisis’ than any firm would have forecast for, so, if the crisis continues for longer than expected or happens again, what do we need to identify, assess, and change to avoid a similar scenario? And if your previous plan did have back-up office space, for example, do those plans now need to be updated to cover the situation where social distancing renders that back-up office unusable?
People are the biggest difference to any existing crisis plan. Creating a people-first continuity plan is key to minimising risk, providing continuity of service, and maintaining a fragmented work pool.
In the context of connectivity, what would this look like?
Identify key business functions.
Which people and teams are fundamental for “keeping the lights on” and continuing customer connectivity projects.
Define roles and responsibilities.
Create clear definitions for who is responsible for what will highlight existing gaps, and create clarity for teams when they need it most.
Identify dependencies between teams and functions.
How do teams remain connected, access the required tooling, and enable customer connectivity projects to continue?
Identify potential downtime for each critical function.
If social distancing and travel bans are put in place, what downtime will there be before teams are expected to operate “as usual”.
Simulate the plan.
Crisis simulation testing is the only way to ensure the plans and systems put in place are sufficient before they have to be used in anger.