Nasdaq Clearing AB is receiving a remark and must pay an administrative fine of SEK 25 million. Nasdaq Stockholm AB is receiving a remark and must pay an administrative fine of SEK 30 million.
Finansinspektionen (FI) has investigated how well Nasdaq Clearing AB and Nasdaq Stockholm AB have complied with certain fundamental requirements that are placed on a central counterparty and stock exchange, respectively.
Central counterparties (such as Nasdaq Clearing) have a systemically important function in the financial system and the requirements placed on them are therefore very high. Even regulated markets (such as Nasdaq Stockholm) play an important role in the financial system. Both companies have demonstrated deficiencies of such a degree that FI has made the assessment that there are grounds on which to intervene against them. Nasdaq Clearing is therefore being issued a remark and an administrative fine of SEK 25 million and Nasdaq Stockholm a remark and administrative fine of SEK 30 million.
Due to a central counterparty's critical importance for derivatives trading, Finansinspektionen judges Nasdaq Clearing's breaches to be more serious. This is because deficiencies at a central counterparty may have serious side-effects for other companies in the financial system. This is reflected in that the administrative fine for Nasdaq Clearing is higher in relation to its net sales.
Nasdaq Clearing holds authorisation to provide clearing services as a central counterparty in accordance with the provisions set out in Regulation (EU) No 648/2012 of the European Parliament and of the Council on OTC derivatives, central counterparties and trade repositories (EMIR). FI has investigated how well Nasdaq Clearing has complied with certain fundamental requirements that are placed on a central counterparty in accordance with these provisions.
Nasdaq Stockholm AB is a stock exchange with authorisation to operate a regulated market in accordance with the Securities Market Act. FI has investigated how well Nasdaq Stockholm has complied with certain fundamental requirements that are placed on a stock exchange in accordance with the regulations set out in this Act.
The investigation focused on how the companies manage cyber risks. The function for information security at both of the companies is outsourced to the Group's parent company, Nasdaq, Inc., and the companies' independence was therefore reviewed during the investigation.
FI finds that neither Nasdaq Clearing nor Nasdaq Stockholm have acquired the information required to assess the quality of the delivered services and place sufficient requirements on the service provider.
FI's investigation also shows that Nasdaq Clearing and Nasdaq Stockholm have not had a sufficient basis in their risk management to make the decisions that were made and that they have not taken local conditions into consideration. FI has also identified that the companies' continuity guidelines and emergency plans were prepared without considering a scenario that manages the risk of cyber attacks.