|Download this article in .PDF format
This file type includes high-resolution graphics and schematics when applicable.
Paul Skoog, Senior Product Marketing Manager, Microsemi Corp.
Increasingly strict industry mandates for highly accurate and traceable network time are today’s norm in order to confirm when transactions occur and provide order audit trails. In the European Union, for example, the European Securities and Markets Authority (ESMA) adopted its Markets in Financial Instruments Directive 2 (MiFID 2). Effective as of January 2018, MiFID 2 requires synchronization of high-frequency trading systems to within 100 μs of UTC with 1-μs precision granularity.
Similarly in the United States, the U.S. Securities and Exchange Commission (SEC) is tightening requirements related to clock accuracy, granularity, and maximum clock drift in financial trading systems. For example, for manual orders, the SEC requires stock transactions to be date- and time-stamped to an accuracy of one second or better, traceable to coordinated universal time (UTC) from the National Institute of Standards and Technology (NIST).
For any other “business clocks” used in the system to record date and time of reportable events as required by industry regulations, both the FINRA Reg. Notice 14-21 and SEC Rule 613 tighten trading clock accuracy and granularity. The latter SEC mandate even goes as far as specifying maximum clock drift. Identifying trade time-stamp discontinuities, often related to illegal trading activities, is one of the main underlying goals with directives such as the SEC Consolidated Audit Trail requirements and real-time auditing by SEC systems.
Such regulations pose tremendous synchronization challenges to the securities firms subject to compliance. This article will examine the system technology necessary to synchronize trading clocks in compliance with financial industry requirements, leveraging the latest atomic-clock capabilities and software used to monitor time on the network system, maintain an audit trail of synchronization accuracy across systems, and provide alerts if any clocks are outside predefined accuracy limits.
An Accurate Time Source Is Imperative
Fundamentally, network time is only as accurate as its time source. As noted above, the types of financial applications and operations will dictate time-accuracy parameters. For most network operations, such as log file updates or online security, accuracy must be in the 1- to 10-ms range. This requirement tightens for most financial business transactions, with typical accuracy to the microsecond level and below.
Financial organizations generally obtain UTC either from GPS satellites, over the internet from a third-party service, or from a government time service such as provided by NIST itself. However, UTC by way of GPS remains the most reliable way to achieve the stringent time accuracy needed for compliance with financial industry requirements.
Using time from GPS satellites requires a GPS-referenced time server providing time to the local network, which is then distributed to the network clients. The better time servers are often within a few nanoseconds to UTC. Institutions relying on internet-based time sources may use Network Time Protocol (NTP) for clock synchronization on client machines with network time server clocks. However, it’s worth noting that “free” NTP servers are also among the most common distributed denial-of-service (DDoS) targets on the internet. Factoring in possible accuracy and reliability issues, this latter alternative is clearly not an option for entities that must comply with the regulatory mandates.
Timekeeping Architecture Matters for Reliability and Compliance
The reliability of your timekeeping architecture is a critical factor in maintaining compliance with the regulatory requirements. Audit trails hinge on log file accuracy, along with proof of time-synchronization accuracy across systems.
Using GPS as a source for UTC involves taking the signal off the air for distribution to network clients—workstations, PCs, controllers, servers, etc.—that need accurate time for time-stamping and event synchronization. However, accurate and reliable network time-synchronization software is something relatively few clients possess natively. In order to meet the financial mandates, organizations need a way to reliably distribute time from the GPS receivers to network clients. This requires a time-distribution network, ideally comprised of time servers and time clients, to acquire and distribute time from the GPS receiver in response to client time requests.
On the client side, clocks maintaining the time on computers are infamous for drifting. Often based on a low-cost oscillator or battery-based quartz crystal clock, computer clock drift can easily range from seconds to even minutes per day depending on oscillator type. Price and performance, in this case, are highly correlated. However, using NTP or Precision Time Protocol (PTP) time-synchronization protocols in conjunction with a GPS-based receiver can easily remedy this problem.
While GPS as a time source is highly accurate, GPS-referenced time systems are still vulnerable to signal disruptions, whether malicious or accidental. The best defense against the loss of GPS is a high-quality oscillator, such as an atomic clock, installed in your network time server. In the event that the GPS reference is temporarily disrupted, a network must be able to maintain accurate time, or holdover, to ensure the integrity of its network operations.
Fortunately, using a modern network time server with hardware-based time-stamping and an affordable rubidium atomic clock for holdover will safeguard against this vulnerability to disruptions, as they maintain the required time accuracy and granularity. The atomic clock enables the system to keep accurate time for an extended period if GPS is unavailable, reducing likelihood of exceeding the client drift limit before the IT team has a chance to address the problem. Software also makes it possible to monitor the time on network systems, maintain an audit trail of synchronization accuracy across systems, and provide alerts if any clocks stray from predefined accuracy limits.
Network architecture—based on the right combination of GPS receiver and network time server, atomic clock, and software—is key to delivering accurate time to the financial network. This enables the requisite accuracy and drift performance to keep financial institutions well within the mandates of governing securities bodies.
Security Concerns Remain Paramount
As with all network systems, security and accessibility will always be priorities for any financial institution. The accuracy of a timekeeping architecture may be irrelevant if the network’s time can be vulnerable to attack or it exposes other parts of the network to infiltration.
However, several security features implemented in modern NTP servers can stem such vulnerabilities. Fundamentals include access control lists and secure management access, for example, to safeguard against unauthorized server use or entry as network attack vector. More notable advanced features defending against DDoS attacks leverage fully hardware-based time-stamping and CPU-bandwidth limiting.
The table outlines security features that can be included in the latest NTP servers.
Choosing the Right Path Forward
Exceeding financial regulatory requirements is possible with the right combination of network time server, atomic clock and software for hardware-based time stamping, GPS holdover, and drift performance. However, there will be no “one size fits all” solution for financial networks. What is clear is that network time accuracy must be a conscious priority for financial institutions, where their choices of network timekeeping architecture and auditable time-synchronization infrastructure can have long-term impact. Making the right choices now will help future-proof networks as the regulatory time requirements become increasingly strict.