[OR] [LSEG] [E3] [CBS] [1] [ST] Perform Scenario Testing

CBS-1 Exchange Trading Services

Scenario testing is a core element of operational resilience because it enables organisations to validate whether critical business services can continue operating within established impact tolerances during disruptive events.

Rather than relying solely on documentation or assumptions, scenario testing assesses the resilience of end-to-end business services by evaluating the organisation’s ability to prevent, adapt, respond, recover, and learn from severe but plausible events.

According to the BCM Institute Operational Resilience guidance, testing should focus on realistic disruption scenarios involving people, processes, technology, facilities, cyber risks, and third-party dependencies.

For a market infrastructure organisation such as London Stock Exchange Group (LSEG), exchange trading services represent highly time-sensitive and systemically important services where disruption can affect market integrity, participants, regulators, and broader financial stability.

LSEG’s operational resilience framework emphasises important business services (IBS), impact tolerance testing, business continuity, ICT resilience, and cyber risk integration.

The organisation maps dependencies across critical services and continuously tests resilience capabilities to maintain market confidence and regulatory compliance.

The following scenario testing recommendations for CBS-1 Exchange Trading Services therefore integrate operational disruptions with cyber and ICT risks and include evidence indicators demonstrating proactive risk management.

Table P6: Perform Scenario Testing for CBS-1

Sub-CBS Code	Sub-CBS	Recommended Scenario Test Themes (including Cyber & ICT Risk Integration)	Impact / Effect	Evidence of Proactive Risk Management Action
1.1	Market Participant Onboarding and Membership Management	Simulate an onboarding platform outage during peak applicant processing caused by an identity system failure or a ransomware attack on onboarding workflow systems	Delayed market participant access; onboarding backlog; reduced service delivery	Periodic onboarding recovery exercises; tested alternate processing procedures; cyber tabletop records; onboarding SLA metrics
1.2	Customer Identification and Regulatory Validation	KYC platform corruption, sanctions database outage, or API compromise affecting regulatory validation	Regulatory breaches and onboarding delays	Evidence of failover validation systems, cyber monitoring dashboards, and alternate compliance verification process testing
1.3	Trading Account Setup and Access Provisioning	Privilege escalation attack or IAM platform outage, preventing account creation and entitlement updates	Users unable to access markets; trading delays	Identity Access Management resilience testing; privileged access reviews; recovery test results
1.4	Trading Platform Connectivity and Session Establishment	Network DDoS attack and telecommunications failure affecting FIX gateways and session connectivity	Market participants are unable to connect or establish trading sessions	DDoS testing reports; alternate communication routing tests; network failover evidence
1.5	Instrument and Product Configuration Management	Erroneous product configuration deployment due to change management failure or compromised administrator credentials	Incorrect instruments become available for trading	Configuration rollback testing; segregation-of-duty reviews; change testing evidence
1.6	Market Data Feed Distribution and Synchronisation	Market data feed corruption, cloud outage, or latency attack affecting synchronisation services	Participants receive inaccurate or delayed market data	Feed redundancy testing; latency monitoring reports; cyber monitoring alerts
1.7	Order Entry and Capture Processing	Trading application degradation during high-volume activity, combined with malicious transaction flooding	Order capture delays and participant disruption	Stress-testing evidence; peak-load exercise reports; DDoS protection validation
1.8	Pre-Trade Risk and Control Validation	Risk engine outage due to malware or database corruption	Trades bypass controls or valid orders are rejected	Risk control failover testing; manual override procedures; risk reconciliation evidence
1.9	Order Routing and Matching Engine Processing	Core matching engine node failure or low-latency attack impacting routing algorithms	Trade execution delays; systemic market impact	Active-active architecture testing; resilience simulation outcomes; performance threshold monitoring
1.10	Trade Execution Processing	Transaction processing failure due to infrastructure outage or software defect	Failed or duplicated trades; market confidence reduction	Disaster recovery execution tests; transaction reconciliation reports
1.11	Trading Session and Market State Management	Unexpected corruption of market-state administration systems, causing false market open/close events	Trading disruption and market integrity concerns	Market-state failover exercises; emergency governance procedures
1.12	Market Surveillance and Trade Monitoring	Cyber compromise of surveillance analytics or delayed trade alert processing	Fraud or market abuse detection failures	Surveillance failover evidence; cybersecurity alert testing; incident exercises
1.13	Exception Handling and Trade Intervention Management	Scenario where operator consoles become unavailable due to a cyberattack	Delayed intervention and unresolved exceptions	Manual fallback procedures; intervention tabletop exercises
1.14	Circuit Breaker and Volatility Control Administration	Failure of circuit breaker logic during market volatility, combined with infrastructure instability	Excessive market movements and disorderly trading	Market volatility exercises; configuration integrity validation; control testing records
1.15	Clearing and Settlement Integration Processing	Clearing network disruption or third-party post-trade provider outage	Settlement delays and liquidity impacts	Third-party resilience exercises; integrated DR testing with clearing partners
1.16	Regulatory Reporting and Compliance Monitoring	Regulatory reporting platform outage during the reporting deadline period	Regulatory non-compliance and reporting delays	Recovery evidence; alternate reporting process testing
1.17	Reference Data and Master Data Administration	Reference data corruption from unauthorised changes or cyber intrusion	Incorrect instrument and trading information propagated downstream	Data integrity validation testing; audit log reviews
1.18	Cybersecurity Monitoring and Trading Infrastructure Protection	SOC visibility failure during an active attack affecting the exchange infrastructure	Undetected attacks and prolonged recovery times	Threat-led penetration testing; SOC incident response exercises; detection KPI evidence
1.19	Business Continuity and Exchange Recovery Operations	Complete primary trading site outage requiring data centre recovery and exchange service restoration	Potential market suspension and significant financial disruption	Documented recovery time achievement; site failover exercise reports; recovery lessons learned
1.20	Trading Analytics and Operational Performance Reporting	The analytics platform failure during a market stress event is affecting operational reporting	Reduced management visibility and delayed decision-making	Monitoring dashboard recovery exercises; reporting continuity testing

LSEG maintains a broad operational resilience capability involving ICT risk management, cyber resilience, business continuity, and third-party oversight.

Regulatory frameworks such as DORA also require digital operational resilience testing and ICT risk scenario validation. Recent market infrastructure disruptions demonstrate why testing of exchange and trading environments remains essential.

Scenario testing for CBS-1 Exchange Trading Services should not be viewed merely as a compliance exercise but as a mechanism for validating the resilience of LSEG’s end-to-end market infrastructure ecosystem.

Exchange services rely upon tightly interconnected trading platforms, market data systems, risk engines, surveillance tools, cyber capabilities, and third-party providers.

The recommended testing scenarios intentionally combine operational failures with cyber and ICT risk events because modern disruptions increasingly emerge through complex, interconnected failure patterns rather than isolated incidents.

Continuous execution of these scenarios, coupled with lessons learned and remediation tracking, enables LSEG to demonstrate evidence-based resilience, validate impact tolerances, and strengthen confidence among regulators, market participants, and stakeholders.

This approach supports LSEG’s objective of ensuring that critical trading services continue operating within acceptable levels even during severe but plausible disruptions.

LSEG Thin Banner

eBook 3: Starting Your OR Implementation
CBS-1 Exchange Trading Services
CBS-1 DP	CBS-1 MD	CBS-1 MPR	CBS-1 ITo	CBS-1 SbPS	CBS-1 ST

Gain Competency: For organisations looking to accelerate their journey, BCM Institute’s training and certification programs, including the OR-5000 Operational Resilience Expert Implementer course, provide in-depth insights and practical toolkits for effectively embedding this model.

More Information About OR-5000 [OR-5] or OR-300 [OR-3]

To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.