Operational Resilience at Bloomberg

A high standard of reliability

With more than four decades of experience in delivering data and technology solutions to financial entities and professionals across the globe, Bloomberg is known for setting a high standard of reliability and operational excellence in the industry. We also have a strong track record in developing innovative solutions that help our customers face evolving market dynamics and new regulatory requirements, and reduce operational risks.

Business continuity

Bloomberg continually demonstrates itself to be a prepared and resilient partner for customers worldwide, evident in the enduring trust the firm has earned from over 350,000 individual Bloomberg Terminal users and the thousands of firms that use its enterprise-level data and solutions.

Specific operational resilience measures include the maintenance of a comprehensive Business Continuity Program to ensure a timely response to, and effective recovery from unanticipated business disruptions that may affect facilities, infrastructure or personnel. The objectives of the program include maintaining the ability to serve clients and the resiliency of business operations and infrastructure through viable recovery strategies, providing for timely and complete resumption of operations following a disruption, and ensuring compliance with other policies and relevant regulations.

Disaster recovery

Bloomberg Disaster Recovery services (DRS) let you quickly and practically resume operations in a disaster, no matter where employees are located.

When natural, geo-political and unexpected events disrupt normal business operations, Bloomberg’s DRS provides temporary remote access to fixed-location subscriptions to the Bloomberg Terminal service, including trade and post-trade capabilities.

Digital Operational Resilience Act (DORA)

The EU Digital Operational Resilience Act (DORA) sets out a regulatory framework designed to ensure the operational resilience of the financial industry in Europe. The new rules are set to become effective from 17 January 2025 and will require EU financial entities, as well as the information and communication technology (ICT) third-party providers that serve them, to comply with enhanced operational risk management requirements.

Bloomberg’s approach to DORA

At Bloomberg, we understand that remaining competitive in a fast-changing environment requires financial entities to constantly evaluate their use of Information and Communication Technology (ICT) services, especially when such services support critical and important functions.

Bloomberg supports the overarching objectives of DORA to enhance and maintain operational resilience of the financial markets across the EU. We also recognize the benefits it will bring by helping to further strengthen relationships of trust between ICT providers and financial entities.

Bloomberg offers a DORA-compliant contract addendum covering its ICT services to EU financial entity customers, supporting the compliance needs of clients and other stakeholders under DORA.

Simplified contracting process

Bloomberg has developed a checklist, based on the contracting requirements of DORA, to help EU financial entity customers comply with their ICT procurement requirements. Designed to offer clarity and transparency on how Bloomberg’s ICT licenses fit into financial entities’ overall DORA compliance program, the checklist simplifies the contracting process.

Risk assessments

DORA requires financial entities to perform risk assessments on ICT service providers and to maintain a register of information regarding contractual arrangements on the use of ICT services from third-party providers. Bloomberg provides documentation on internal security practices and business continuity, as well as service levels and descriptions, and third-party assessments – such as system and organization controls (SOC3 and SOC2) reports – in accord with globally accepted standards and trust services criteria.

Access procedures

DORA will require financial entities to manage ICT third-party risk in light of the principle of proportionality and calls for contracts on the use of ICT supporting critical or important functions to include provisions on rights of access, inspection and audit. Bloomberg will facilitate compliance using standardized documentation and access procedures, including the right for financial entities to appoint appropriate third parties to exercise access rights, all consistent with the driving principles of DORA to ensure financial entities’ ability to operate safely, reliably and resiliently.

Data center locations

DORA will require financial entities using ICT to support their critical or important functions to document the location of data processing and storage by such ICT. Bloomberg maintains multiple data centers dedicated solely to Bloomberg’s products, services and operations. Bloomberg data centers are located in the northeastern United States. Full fire-suppression is built into the data centers. All alternate facility locations for IT data centers are on separate power and telecommunication grids from the primary location.

Subcontracting arrangements

Bloomberg does not permit third parties to resell its ICT services and does not subcontract the provision of its ICT services. Certain Bloomberg enterprise data delivery ICT services are available via third-party cloud environments designated by Bloomberg. Bloomberg will require these cloud providers to adhere to the same DORA operational resilience obligations as those agreed between Bloomberg and its financial entity clients. Moreover, third party vendors – whether or not subcontractors in scope for DORA – are subject to Bloomberg’s vendor management lifecycle framework, managed by the firm’s global vendor risk management team.

Contingency plans and exit strategies

DORA requires financial entities procuring ICT to ensure access, recovery and return of data in the event of the insolvency, resolution or discontinuation of the business operations of their ICT providers, or in the event of the termination of their ICT contracts. Customers of Bloomberg ICT services have access to their data via the standard features of such services, and Bloomberg does not have the right to terminate ICT service contracts in the event of insolvency. Furthermore, contracts for Bloomberg ICT services renew automatically. Bloomberg’s ICT contracts require it to give advance notice of any non-renewal to reduce the risk of disruption.