SIFMA’s priority, on behalf of our members and the clients they serve, is to support the continued resiliency of our capital markets and to help the industry remain vigilant against cyber threats.

The pandemic has highlighted the importance of technology at the forefront of to the financial services industry and brought about changes many would have once considered unthinkable – transforming how firms, advisors, clients, managers and employees work. It has allowed the industry to continue to innovate how it communicates and has provided clients with new ways to consume information. Technology continues to help the industry advance its business practices and improve client services. However, as firms deploy new technologies, they remain focused on making sure markets remain resilient and client information is protected. Today, business continuity planning, cybersecurity and operational resilience remain among the top agenda items in board rooms across the industry.

SIFMA leads projects to help members secure their businesses against cyber and other threats and plays a key role in planning for how the financial industry would respond to any future disruptions, promoting a safer and more resilient marketplace.



Cyberattacks didn’t stop during the pandemic. Rather, they increased. From WannaCry to SolarWinds, attacks have gotten bolder and their threat has grown higher. However, industry-wide efforts over the last decade have also evolved and grown to build effective cyber defenses.

Cybersecurity is a top priority. The financial industry works tirelessly to secure customer assets and information, and the efficient, reliable execution of transactions within markets. On behalf of the financial industry, SIFMA’s seeks to:

  • Promote enhanced regulatory harmonization to encourage a more effective allocation of cyber resources;
  • Promote a robust industry-government partnership grounded in information sharing;
  • Design exercises and industry tests to improve protocols for incident preparedness, response and recovery; and
  • Use the lessons learned to refine industry best practices, including for managing insider threats, third party risk; penetration testing and data security, including secure data storage and recovery.

Select Cybersecurity Workstreams

Cross-Sector Coordination to Enhance Response & Recovery

Since 2011, SIFMA has conducted a series of biennial industry-wide Quantum Dawn cybersecurity exercises. The exercises enable financial institutions and the sector as a whole to practice and improve coordination with key industry and government partners – synchronizing response and recovery playbooks across financial firms, SIFMA and U.S. Treasury – in order to maintain financial markets operations in the event of a large-scale cyber-attack. Since 2019, the scope of the exercises has expanded to include perspectives from international regulators and sector organizations in the UK, Europe, Canada, and Asia.

In November 2021, SIFMA held the sixth exercise in the series, Quantum Dawn VI. The focus of this exercise was ransomware recovery plans, exploring how the industry would respond to a globally targeted ransomware attack impacting multiple financial institutions and regulatory authorities around the globe, resulting in the loss of sensitive information and the disruption of key services. It also provided participants with best practices and guidance on how to respond and recover from a ransomware attack with expert perspectives from bringing in legal, law enforcement, cyber insurance and other experts. The next exercise in the series will be held in Fall 2023.

Industry-Led Data Protection Collaboration

The SolarWinds and Microsoft incidents highlighted the need for greater collaboration between industry, regulators, and government agencies to ensure transparency and timely disclosure of data breaches in the private and public sector. The goal is to improve the protection of sensitive financial and regulatory data held by industry participants or the government. In light of concerns raised by financial firms, the Financial Services Sector Coordinating Council (FSSCC) Working Group is focused on this issue working across sectors to develop joint solutions.

Best Practices for Insider Threats

For the last decade, SIFMA has hosted quarterly Insider Threat Forums to share information among industry participants on the best practices in identifying and protecting against insider threats. As threats evolve, so have the industry’s response capabilities, through advancements in the use of anomaly detection and big data techniques. SIFMA also works with members to understand issues shaping the development of insider threat programs such as, privacy issues including restrictions on employee surveillance, the use of automated decision making tools, and legal and practical barriers to performing employee background check

Partners in Penetration Testing

Since 2017, SIFMA has been leading a global effort to work with financial firms and regulators around the world on a collaborative approach to penetration testing a firm’s cybersecurity defenses and to identify vulnerabilities. SIFMA has published, guidance on principles and best practices for financial firms and regulators to follow, which ultimately led to the development the globally harmonized threat-led penetration testing environment that exists today.

Business Continuity Planning

SIFMA and its member firms are dedicated to preparing for the risk of potential disruptions to at both the firm and broader market levels. SIFMA plays a key role in coordinating the industry’s response to incidents that can interrupt business and market functions and works to support firm-level BCP planning as well. Financial services is a critical infrastructure sector as identified by the U.S. Department of Homeland Security.

Industry-Wide Business Continuity Test

The industry-wide business continuity test is a critical exercise that highlights our industry’s ability to operate through a significant emergency using backup sites, recovery facilities and backup communications capabilities across the industry. The test is supported by all major exchanges, markets and industry utilities. It involves test transactions for commercial paper, equities, options, futures, fixed income, settlement, payments, Treasury auctions and market data. SIFMA also facilitates a coordinated Reg SCI testing program which is completed in parallel with the SIFMA industry test. The test occurs on the same day as futures market testing coordinated by the Futures Industry Association (FIA), and on alternate years with Canadian market participant test through the Investment Industry Regulatory Organization of Canada (IIROC).

The industry successfully completed the 2021 test on October 23; the 2022 test will be held on October 15, 2022.

Emergency Crisis Management Command Center

In the event of an industry-wide incident, SIFMA convenes market participants; issues market close recommendations; and coordinates with market infrastructure providers, regulators and emergency personnel including the U.S. Treasury, New York City Office of Emergency Management, law enforcement and more.

SIFMA organizes market response committees for the fixed income and equity markets to deliver an industry perspective in the event of disruptions to market infrastructure which may make unscheduled market closes or changes to settlement convention necessary. The committees have developed principles and objective decision-making processes that recognize the significant improvements the industry has made with respect to business continuity and the expectations of regulators. These principles also reflect expectations for strong resiliency plans of critical financial market infrastructure and financial institutions. For fixed income, the committee has developed procedures to determine if it necessary for SIFMA recommend an unscheduled close in U.S. fixed income markets.

Shortened Settlement Cycles

Enhancing our securities settlement process is critical to the continued resiliency of our markets and market operations.

U.S. equity market trades currently settle two business days after the trade is executed (T+2). Following on our successful work to move the industry from T+3 to T+2, SIFMA, the Investment Company Institute (ICI), and The Depository Trust & Clearing Corporation (DTCC) are collaborating on efforts to accelerate the U.S. securities settlement cycle from T+2 to T+1, a process which should be completed in the first half of 2024.
SIFMA Outlook - The History of Settlement Cycles

Why this massive undertaking? T+1 settlement cycle will mitigate settlement risk well beyond what was achieved under T+2. In addition, a move to T+1 will increase settlement efficiencies and improve the use of capital, especially in periods of high volatility, for instance as seen during the particularly volatile periods in March 2021.

Moving forward on both the integrated settlement model and moving to a T+1 settlement cycle will be a substantial undertaking requiring broad industry actions. In 2021, the organizations conducted an analysis and outlined key steps to shorten the cycle to T+1, identifying priority issues that must be addressed and conducting the necessary due diligence and resolution of these critical issues. Now, we are executing on a plan to undertake developing the plan outlining the necessary steps and timeframes to move the industry to T+1. We will work closely with the U.S. Securities and Exchange Commission to adopt necessary changes including an amendment to the Settlement Cycle Rule (Rule 15c6-1(a)) under the Securities Exchange Act of 1934.