Nasdaq Stockholm and its derivatives clearing operation have been hit with a Skr55 million fine by Swedish regulatory authorities for serious deficiencies in the management of cyber risks.
An investigation conducted by Finansinspektionen (FI) found both parties to be lax in their oversight of information security services provided by US parent company Nasdaq.
In a statement, the regulatory body says: "FI finds that neither Nasdaq Clearing nor Nasdaq Stockholm have acquired the information required to assess the quality of the delivered services and place sufficient requirements on the service provider."
Risk management at both operations failed to clarify the adequacy of the services provided nor take local conditions into consideration.
"FI has also identified that the companies’ continuity guidelines and emergency plans were prepared without considering a scenario that manages the risk of cyber attacks," states the watchdog. "Both companies have demonstrated deficiencies of such a degree that FI has made the assessment that there are grounds on which to intervene against them."
Nasdaq Stockholm was slapped with a Skr30 million penalty, while Nasdaq Clearing was hit with a Skr25 fine - a significantly higher figure when tied to net sales reflecting its systemic importance in the smooth operation of the market.