Operational Resilience and Cybersecurity
The U.S. capital markets are vital to economic growth — connecting investors with the capital that fuels innovation, job creation, and prosperity. Given their importance, it is essential that these markets remain secure, resilient, and reliable in all conditions.
Through SIFMA, the industry works collectively to strengthen operational resilience, protect market infrastructure, and ensure continuity of service for clients and investors during times of disruption.
Key Focus Areas
Business Continuity and Crisis Management
SIFMA leads industry-wide efforts to ensure firms can operate through significant emergencies using backup systems, recovery facilities, and redundant communications networks.
- Industry-Wide Business Continuity Test: Each year, SIFMA coordinates a large-scale Industry-Wide Business Continuity Test to evaluate firms’ ability to operate under stress. Supported by all major exchanges, utilities, and market participants, the test includes transactions across equities, options, futures, fixed income, settlement, payments, Treasury auctions, and market data. The exercise runs in coordination with the Futures Industry Association (FIA) and, in alternate years, with the Investment Industry Regulatory Organization of Canada (IIROC).
- Emergency Crisis Management Command Center: During an industry-wide incident, SIFMA convenes market participants, coordinates with the U.S. Department of the Treasury, Department of Homeland Security, New York City Office of Emergency Management, and other agencies, and issues market close recommendations. Market response committees for the fixed income and equity markets ensure decisions are objective, transparent, and consistent with regulators’ expectations for resiliency and continuity.
Cybersecurity
Cybersecurity remains one of the highest priorities for the financial services industry. Protecting client information and ensuring the secure, reliable execution of transactions are central to maintaining market integrity and public trust.
SIFMA works with members to advance a risk-based, harmonized approach to cybersecurity policy that promotes efficiency, coordination, and information sharing. Key priorities include:
- Regulatory harmonization to align cybersecurity expectations and reduce duplicative requirements.
- Public-private partnerships to enhance threat intelligence and data sharing.
- Incident response exercises to strengthen preparedness, detection, and recovery protocols.
- Best practices development for insider threat management, third-party risk oversight, and secure data storage and recovery.
Cybersecurity Frameworks and Exercises
- Cybersecurity Framework Alignment: The industry supports the NIST Cybersecurity Framework as a foundation for global, risk-based standards. The Cyber Risk Institute’s Financial Services Cybersecurity Profile serves as a benchmark for compliance and supervisory alignment across the sector.
- Quantum Dawn Exercises: SIFMA’s Quantum Dawn series of exercises bring together financial institutions, market utilities, and government partners to simulate systemic cyber incidents and improve coordination, communication, and response capabilities. These exercises are among the most comprehensive cybersecurity readiness programs in the financial sector.
Global and Cross-Sector Collaboration
SIFMA collaborates with the Global Financial Markets Association (GFMA) and other international organizations to advance consistent operational resilience standards across jurisdictions.
A key example is the Framework for the Regulatory Use of Penetration Testing in the Financial Services Industry, developed with global partners to promote consistent expectations and continuous improvement in cyber defense.
The Bottom Line
Operational resilience is foundational to the stability and integrity of U.S. capital markets. SIFMA and its members are united in their commitment to protecting clients, maintaining market continuity, and fortifying the systems that underpin our economy — in good times and through any crisis.
