ISO/TR 7340:2023

TECHNICAL ISO/TR
REPORT 7340
First edition
2023-01
Reference data distribution in
financial services
Distribution de données de référence dans les services financiers
Reference number
© ISO 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Principles . 2
4.1 General . 2
4.2 Compatibility . 2
4.3 Data accuracy . 2
4.4 High availability . 2
4.5 Extensibility . 2
4.6 Security . 3
4.7 Maintainability . 3
5 Related technology . 3
5.1 Fintech . 3
5.2 WebSocket . 3
5.3 AJAX . 3
5.4 RMI . 4
5.5 Blockchain . 4
5.6 P2P . 4
6 Business model . 4
7 Logical model . 5
7.1 Logical model . 5
7.2 Distribution process . 6
7.3 Domains and topics . 6
7.4 Publisher module . 7
7.5 Subscription module . . . 7
8 Physical model . . 7
8.1 Broker-based . 7
8.2 Non-broker . 8
8.2.1 Multicast . 8
8.2.2 P2P . 8
8.3 Interactions . 8
8.3.1 General . 8
8.3.2 Publisher view . 8
8.3.3 Subscriber view . 8
8.3.4 Smart contract . 8
8.3.5 Accuracy . 8
9 Data payload syntax . 9
9.1 General . 9
9.2 Syntax and structures. 9
9.3 Data types . 9
10 Authority .10
10.1 Access control . 10
10.2 Privacy protection . 10
11 Security .10
11.1 Data security . 10
11.2 Transport security . 10
11.3 Application security . . 11
iii
12 QoS control .11
12.1 General . 11
12.2 Latency . 12
12.3 Consistency . 12
12.4 Deadline .12
12.5 Reliability .12
13 Use cases .12
13.1 Broker-based .12
13.2 Non-broker .13
Bibliography .15
iv
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 68, Financial services, Subcommittee SC 9,
Information exchange for financial services.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
v
Introduction
0.1 Opening comments
With the increasing correlation between financial products, a lot of reference data (trading product,
trading institution, trader information) are shared and reused in financial services. There is an urgent
and significant worldwide demand for guidance and standardization of reference data distribution in
financial services. Moreover, many industries expect efficient data distribution to ensure consistency,
integrity, relevance and accuracy.
This document covers distribution modes (distributed and centralized), task scheduling, privacy
protection, security and other issues. Data consistency and security are fundamental concerns
for distributors, receivers, the ordered execution of the distribution tasks and independent
distribution tasks of different receiver systems. Efficient distribution can achieve the goal of real-
time synchronization of reference data, ensure that all organizations receive the most accurate data
information in time and prevent system operation problems caused by information asymmetry.
This document's potential applications are independent of specific business scenarios and irrelevant to
data type and data format specifications.
This document is intended to provide:
— reference information for distributors;
— new products and services for developers;
— benefits for receivers using reference data.
The purpose of this document is to simplify the data processing procedure, as well as improve the data
distribution reliability and data sharing capabilities. Specifically, it will include two distribution modes:
centralized distribution mode and distributed distribution mode. The former is traditional and the
latter is emerging. Therefore, this document will be conducive to promoting new solutions for reference
data distribution scenarios, such as distributed ledger technology. These benefits would be realized
between certain service participants and within them.
0.2 How to approach this document
This document aims to provide a comprehensive insight into the development of reference data
interfaces (RDIs) to realize efficient reference data distribution in financial services. In this sense,
some aspects of the document are more mature than others. For example, the text is prescriptive where
there is room to be so; where areas are less mature, commentary on good practice is provided and the
considerations set out.
Broadly speaking, the document adopts the following logic:
— terms and definitions: all terms in the document;
— design principles: the principles and considerations for the design of the RDI;
— related technology: considerations and commentaries on different technologies;
— business model: the transmission process of public reference data and financial data standards;
— logical model: analysis of the logical structure of business data;
— physical model: overview and commentaries on the broker-based model and the non-broker-based
model;
— interactions: considerations of the interactions between publishers and subscribers;
— QoS control: control of the network resource application in the transmission of reference data.
vi
TECHNICAL REPORT ISO/TR 7340:2023(E)
Reference data distribution in financial services
1 Scope
This document discusses the modes, related mainstream technologies, logical models, physical
implementation models, data management (data storage and data security) and service quality control
used in the reference data distribution in financial services.
This document applies to the reference data distribution and transmission processes in financial
services.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
reference data
shareable and reusable basic information in financial service scenarios
Note 1 to entry: A large amount of shareable and reusable basic information exists in financial service scenarios,
such as legal entity identification codes (LEI), bank identification codes (BIC), bond issuers, buyers and sellers.
3.2
distributed ledger
data store through a network of distributed nodes
Note 1 to entry: Distributed ledger is a way of recording data that does not need to be stored or confirmed by any
centralized entity.
Note 2 to entry: Distributed ledger is the most critical blockchain technology used in the capital market, an
asset database that can be shared among multiple sites, different geographic locations or networks composed of
multiple institutions.
3.3
financial technology
technology innovation of traditional financial products and services
Note 1 to entry: Financial technology uses various technological means to innovate the products and services
provided in the traditional financial industry to improve efficiency and reduce operating costs.
3.4
full-duplex communication protocol
network protocol based on TCP
Note 1 to entry: Full-duplex communication protocol realizes full-duplex communication between the client and
the server, which allows the server to send information to the client actively.
3.5
remote method invocation
Java interface class library
Note 1 to entry: Remote method invocation enables objects on the client-side virtual machine to call objects on
the server-side Java virtual machine as if they were local objects.
3.6
® 1)
FIX protocol
Financial Information eXchange protocol
open electronic communications protocol designed to standardise and streamline electronic
communications in the financial services industry, supporting multiple formats and types of
communications between financial entities, including trade allocations, order submissions, order
changes, executions reporting and advertisements
3.7
IMIX protocol
Inter-bank Market Information eXchange Protocol
financial industry standard based on the FIX protocol and widely used in the inter-bank market
3.8
RDI
reference data interface
set of well-defined methods, functions, protocols, routines or commands used for reference data
4 Principles
4.1 General
This clause covers the design principles that are considered up front when developing an RDI in
financial services.
4.2 Compatibility
The RDI refers to some industry standards and is based on open architecture.
4.3 Data accuracy
Data accuracy is considered up front when developing the RDI to ensure that the data source can be
monitored, the data can be transmitted in real time in batches and the data loss can be recovered.
4.4 High availability
High availability is considered to ensure no error accumulation and low data distribution latency to
enable real-time communication.
4.5 Extensibility
Where possible, the RDI ecosystem is designed to be as extensible as possible to adapt to future use
cases or scenarios. For example, software keeps an upgrade interface and upgrade space. In addition,
the software entities (e.g. modules, classes, functions) are open for extension but closed for modification
based on the open-closed principle. ®
1) FIX is the trademark of FIX Protocol Limited. This information is given for the convenience of users of this
document and does not constitute an endorsement by ISO of the product named. Equivalent products may be used
if they can be shown to lead to the same results.
4.6 Security
The RDI ensures the security of user information and the information involved in the operation process.
Furthermore, it repairs and handles various security vulnerabilities in a timely manner.
4.7 Maintainability
Maintainability includes code comprehensibility, testability, modifiability and system portability.
5 Related technology
5.1 Fintech
Financial technology (fintech) is a business model formed by the integration of finance and technology,
specifically including digital payment, online lending, digital currency, equity crowdfunding and
intelligent investment advisory. It mainly utilizes innovative technologies such as the internet, big data,
cloud computing, blockchain and artificial intelligence to significantly affect the financial markets,
financial institutions and the way financial services are provided.
5.2 WebSocket
The WebSocket protocol is a full-duplex communication protocol based on TCP. It implements full-
duplex communication between the client and the server, allowing the server to send information to the
client actively.
Most web applications implement long polling through frequent asynchronous JavaScript and
XML (AJAX) requests, which is inefficient and wasteful of resources (because it requires constant
connections, or the HTTP connection is always open). WebSocket abandons the traditional HTTP
request/response mechanism and realizes a more flexible and accessible bilateral communication. The
client browser first initiates an HTTP request to the server to establish a WebSocket connection. This
request is different from the usual HTTP request as it contains some extra header information. One
piece of additional header information called “Upgrade: WebSocket” indicates that this is an application
for a protocol upgrade. The server side parses this additional header information and then generates
a response message back to the client side. Finally, the connection is established and both parties
transfer information freely through the channel until either the client or the server side actively closes
the connection.
5.3 AJAX
Ajax (Asynchronous JavaScript and XML) is an integration of several technologies, including:
— dynamic display and interaction by DOM;
— data exchange and processing by XML and XSLT;
— asynchronous data reading by XML HTTP request;
— finally binding and processing data with JavaScript.
The principal of Ajax is an intermediate layer between the client and the server. Not all user requests
are submitted to the server; the Ajax engine submits the request only when it is determined that new
data needs to be read from the server. Through appropriate Ajax applications, some of the previous
work of the server is transferred to the client. As a result, it can facilitate the processing on the client
side and reduce the burden on the server and bandwidth.
5.4 RMI
RMI (Remote Method Invocation) is a core Java API class library that allows programs running on a
Java virtual machine to access the objects running on different virtual machines (even if the different
virtual machines are running on different physical hosts). RMI passes parameters to remote methods
and returns results from remote methods calls.
5.5 Blockchain
Blockchain refers to a database distributed across locations (a distributed database) that acts as
a digital ledger to record and manage transactions. Copies of the ledger are held by multiple parties
themselves, data are added through negotiation by all parties and there is no need to have a third-
...