Operational Resilience at Bloomberg

A high standard of reliability

With more than four decades of experience in delivering data and technology solutions to financial entities and professionals across the globe, Bloomberg is known for setting a high standard of reliability and operational excellence. We also have a strong track record of developing innovative solutions that help our customers face evolving market dynamics and new regulatory requirements and reduce operational risks.

Business continuity

Bloomberg continually demonstrates itself to be a prepared and resilient partner for customers worldwide, evident in the enduring trust the firm has earned from over 350,000 individual Bloomberg Terminal users and the thousands of institutions that use its enterprise-level data and solutions.

Specific operational resilience measures include the maintenance of a business continuity program to ensure a timely response to, and effective recovery from, unanticipated disruptions. The objectives of the program include maintaining the resiliency of business operations and infrastructure through viable recovery strategies, providing for timely and complete resumption of operations following a disruption, and ensuring compliance with other policies and relevant regulations.

Disaster recovery

Bloomberg’s Disaster Recovery Service (DRS) lets you quickly and practically resume operations in a disaster, no matter where employees are located.

When natural, geopolitical, and other unexpected events disrupt normal business operations, Bloomberg’s DRS provides temporary remote access to fixed-location subscriptions to the Bloomberg Terminal service, including trade and post-trade capabilities.

Digital Operational Resilience Act (DORA)

The European Union’s (EU) Digital Operational Resilience Act (DORA) sets out a regulatory framework designed to ensure the operational resilience of the financial industry in the EU. DORA requires EU financial entities to comply with enhanced operational risk management requirements.

Bloomberg’s approach to DORA

Bloomberg supports the overarching objectives of DORA to enhance and maintain operational resilience of the financial markets across the EU. We also recognize the benefits it will bring by helping to further strengthen relationships of trust between ICT providers and financial entities.

Bloomberg has been designated a “critical third-party provider” (CTPP) of ICT services under DORA. Bloomberg will continue to actively coordinate with the European Supervisory Authorities (ESAs) and maintain high standards of operational resilience, in line with relevant regulatory requirements.

Additionally, Bloomberg offers its EU financial entity customers a DORA-compliant contract addendum covering its ICT services, supporting the compliance needs of customers under DORA.

Simplified contracting process

Bloomberg has developed a checklist, based on the contracting requirements of DORA, to help EU financial entity customers comply with their ICT procurement requirements. Designed to offer clarity and transparency on how Bloomberg’s ICT licenses fit into financial entities’ overall DORA compliance program, the checklist simplifies the contracting process.

Risk assessments

DORA requires EU financial entities to perform risk assessments on ICT service providers and maintain a register of information regarding contractual arrangements on the use of ICT services from third-party providers. Bloomberg provides documentation on internal security practices and business continuity, service levels and descriptions, and third-party assessments – such as system and organization controls (SOC3 and SOC2) reports – in accordance with globally accepted standards and trust services criteria.

Access procedures

DORA requires EU financial entities to manage ICT third-party risk in light of the principle of proportionality and calls for contracts on the use of ICT services supporting critical or important functions to include provisions on rights of access, inspection, and audit. Bloomberg facilitates compliance using standardized documentation and access procedures, including the right for financial entities to appoint appropriate third parties to exercise access rights, all consistent with the driving principles of DORA to ensure financial entities’ ability to operate safely, reliably, and resiliently.

Data center locations

DORA requires EU financial entities using ICT services to support their critical or important functions to document the location of data processing and storage by such ICT services. Bloomberg maintains multiple data centers dedicated solely to Bloomberg’s products, services, and operations. Bloomberg data centers are located in the northeastern United States. Full fire-suppression is built into the data centers. All alternate facility locations for IT data centers are on separate power and telecommunication grids from the primary location.

Subcontracting arrangements

Bloomberg does not permit third parties to resell its ICT services and does not subcontract the provision of its ICT services. Certain Bloomberg enterprise data delivery ICT services are available via third-party cloud environments designated by Bloomberg. Third-party vendors – whether or not subcontractors that are in scope for DORA – are subject to Bloomberg’s vendor management lifecycle framework, managed by the firm’s global vendor risk management team.

Contingency plans and exit strategies

DORA requires EU financial entities procuring ICT services to ensure access, recovery, and return of data in the event of the insolvency, resolution, or discontinuation of the business operations of their ICT providers, or in the event of the termination of their ICT contracts. Customers of Bloomberg ICT services have access to their data via the standard features of such services, and Bloomberg does not have the right to terminate ICT service contracts in the event of insolvency. Furthermore, contracts for Bloomberg ICT services renew automatically. Bloomberg’s ICT contracts require it to give advance notice of any non-renewal to reduce the risk of disruption.

Critical Third-Party Provider (CTPP) Designation

As a designated CTPP, Bloomberg will be subject to direct oversight by its Lead Overseer under DORA. As Bloomberg continues to cooperate with its overseers, our focus remains on stability, resilience, and regulatory compliance.