Global Foreign Exchange Code of Conduct

Operational Risk

Market participants should implement appropriate processes to identify and manage operational risks arising from human error, inadequate or failed systems or processes, and external events.

Market participants should consider operational risks stemming from the global cross-border environment, such as time zone differences or disparities in industry regulations. Operational risks may include human error, misconduct, system failures, or unforeseen external circumstances.

Market participants should adopt robust security measures to address vulnerabilities in trading areas and infrastructure to operational disruptions, terrorism, or sabotage. Where appropriate, access to trading functions by non-trading personnel and external visitors should be restricted, with processes in place for time limits, security reviews, and management approvals.

Market participants should develop business continuity plans (BCPs) tailored to the nature, scale, and complexity of their FX operations. These plans must be deployable swiftly and effectively in the event of a major disaster, loss of access to critical trading platforms, settlement services, or other market disruptions.

BCPs may include, but are not limited to, the following elements:

• Emergency plans to ensure FX business continuity, including data storage and usage protocols, and procedures for handling unavailable FX fixings.

• Regular review, updates, and testing of contingency plans, including drills to familiarize executives and staff with emergency arrangements. This should include periodic assessments of potential scenarios that may trigger such plans.

• Disaster recovery plans identifying necessary system and procedural backups. All critical automated processes should have documented manual or automated fallbacks.

• Identification of external dependencies, including understanding the BCPs of settlement system operators and other critical service providers, and integrating them with the participant’s own continuity plans.

• Emergency contact details for internal and external dependencies, ensuring secure communication channels.

• Backup sites at non-primary locations, capable of accommodating key staff, systems, and operations, with regular maintenance and testing.
  
  

Technical Risk

Market participants should implement processes to mitigate potential adverse outcomes from the use of or reliance on technological systems (hardware and software).

Market participants should establish procedures to clearly assign ownership of each system they depend on, with any changes requiring internal policy approval. All systems must undergo thorough testing before deployment, with full audit trails retained for review. This applies to the development, testing, deployment, and updates of trading systems and algorithms. Participants should also be aware of broader risks, such as cybersecurity threats, that may impact their FX market activities.

Market participants operating electronic trading platforms should monitor intraday platform performance (e.g., resource utilization) and conduct regular capacity testing to ensure systems can process transactions accurately, timely, and robustly.

Participants in electronic trading should adopt appropriate controls to minimize risks of erroneous quotes or market disruptions, and mitigate adverse outcomes such as off-market quotes/trades, human errors, unintended trading due to technical failures, flawed trading logic, or extreme market conditions.

Market participants must not intentionally generate quotes exceeding recipients’ technical capabilities or inconsistent with advertised terms, or act on such quotes. Excessive message rates nearing or exceeding platform limits should be controlled (e.g., via throttling or circuit breakers).
Any platform defects or functionalities threatening ongoing operations must be escalated promptly.

Third-party integration into electronic quote generation and execution processes does not absolve any party of its obligations. Market participants acting as aggregators or multi-bank platforms that distribute or act on electronic quotes must comply with all relevant principles.