About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

Murex Completes SOC 1 and SOC 2 Type 2 Attestations for its SaaS Platform, MXSaaS

Subscribe to our newsletter

Murex has completed SOC 1 Type 2 and SOC 2 Type 2 attestations for its software-as-a-service (SaaS) platform, MXSaaS, covering the period from July to December 2024. The examinations, carried out by KPMG, were finalized with no exceptions noted, building on the SOC 2 Type 1 attestation obtained in July 2024.

These independent assessments are part of increasingly critical standards in the financial sector for managing and safeguarding data. SOC 1 focuses on controls relevant to financial reporting, while SOC 2 Type 2 examines broader aspects, including security, availability, confidentiality, processing integrity, and privacy, over a sustained period — offering a more comprehensive view than the one-time assessment under SOC 2 Type 1.

Commenting on the development, Jonathan Coyle, Murex Global SaaS Director, said: “In today’s digital landscape, ensuring the security and integrity of our clients’ data is paramount. At Murex, security, compliance and trust are at the core of everything we do. As a leading SaaS provider in the finance industry, we understand the critical importance of safeguarding data, ensuring operational integrity, and adhering to the highest industry standards.”

For financial institutions increasingly relying on SaaS models to manage complex trading and risk systems, meeting recognized compliance frameworks like SOC is becoming a baseline expectation. Gauthier Lulka, Murex Deputy Chief Information Security Officer, added, “This progression of our independent, third-party probing of MXSaaS demonstrates our focus on the security of our clients and our software-as-a-service platform. We are proud of this latest step in our security journey.”

MXSaaS is used by global banks and financial institutions, and the attestations provide additional assurance as regulatory expectations on operational resilience and data security tighten. “MXSaaS serves clients of all sizes and across sectors, including major global financial institutions, to provide them with a peace-of-mind experience, as Murex experts fully manage the run and evolution of their MX.3 instance end-to-end, leveraging the power of the cloud,” Coyle said. “As regulatory and compliance frameworks in finance markets grow in complexity, it is crucial that we maintain and keep evolving the security of our platform and services to adhere to the highest standards in data protection and operational integrity. Our SOC 1 and SOC 2 Type 2 achievement underscores the confidence being built around MXSaaS.”

The company says it will continue investing in proactive risk management and operational resilience to support clients navigating a complex and evolving financial and regulatory  landscape.

Murex’s MX.3 platform is a comprehensive, cross-asset solution designed to streamline trading, treasury, risk, and post-trade operations for financial institutions. It supports a wide array of asset classes and functions, automating and controlling the entire value chain. This integration facilitates collaboration across departments, breaking down silos between front office, finance, risk, and operations, thereby enhancing operational efficiency and accuracy.

To ensure regulatory compliance, MX.3 maintains long-term partnerships with market utilities, industry associations, and its customer base, easing adherence to evolving market standards. The platform supports compliance with various regulations, including clearing, collateral management, trade reporting, and risk management requirements. This commitment to regulatory readiness helps financial institutions manage the complexities of the evolving regulatory landscape effectively.

Commenting for RegTech Insight on the challenge of staying ahead of and managing regulatory change, Mickael De Oliveira Neves, Market and Regulatory Intelligence Manager at Murex notes, “Murex approaches regulatory changes at product and global levels. Product managers closely monitor regulatory developments in focus areas across jurisdictions, analyse requirements and integrate necessary adaptations into product roadmaps. At the global level, a regulatory intelligence team tracks trends, centralizes insights and ensures cross-domain coordination; senior management and the corporate compliance team contribute when relevant. With offices in 19 countries and strong local expertise, we proactively anticipate regulatory changes and support clients throughout their compliance journey. Our extensive regulatory knowledge and diverse client base enable us to provide tailored guidance and help clients effectively navigate complex regulatory landscapes.”

Subscribe to our newsletter

Related content

WEBINAR

Recorded Webinar: High-Performance Networks & Low-Latency Connectivity for Trading

With financial markets becoming more complex and interconnected in today’s electronic trading environment, trading firms, exchanges, and infrastructure providers need to continually push the boundaries of network performance to stay ahead. Ultra-low latency, seamless connectivity, and resilient infrastructure are no longer just advantages – to stay competitive, they’re necessities. This webinar, part of the A-Team...

BLOG

FCA Derivatives Trading Obligation: Why GRC Teams Should Watch Article 28a Closely

The FCA’s latest announcement on the UK derivatives trading obligation (DTO) landed quietly on July 17, but its impact is more than a short web statement. By invoking its brand-new power of direction under Article 28a of onshored MiFIR, the regulator has replaced the post Brexit Temporary Transitional Power (TTP) transitional regime with a standing...

EVENT

AI in Data Management Summit New York City

Now in its 15th year the Data Management Summit NYC brings together the North American data management community to explore how data strategy is evolving to drive business outcomes and speed to market in changing times.

GUIDE

The DORA Implementation Playbook: A Practitioner’s Guide to Demonstrating Resilience Beyond the Deadline

The Digital Operational Resilience Act (DORA) has fundamentally reshaped the European Union’s financial regulatory landscape, with its full application beginning on January 17, 2025. This regulation goes beyond traditional risk management, explicitly acknowledging that digital incidents can threaten the stability of the entire financial system. As the deadline has passed, the focus is now shifting...