On Apr. 15, 2025, DTCC issued notice regarding deadline to apply secure file transfer protocol (SFTP) encryption standards no later than May 31, 2025 to avoid fines.
Participants that have not complied with the SFTP encryption requirements by May 31, 2025 will be in violation of DTCC Rule 2, section 11, and will be subject to $5,000 fine.
To avoid fines and service interruptions, it is imperative that participants complete testing by May 1, 2025 and implement required encryption standards by May 31, 2025
To ensure successful completion of SFTP encryption reconfiguration testing, DTC has 2 weekend test windows on Apr. 19 and Apr. 26, 2025, from 8:00am to 11:00am ET.
All non-compliant encryptions in Mainframe will be removed to facilitate testing.
DTCC issued notices re connectivity security requirements and standards, secure connections to government and mortgage backed securities, and other participants.
FICC, NSCC and DTCC Secure Connections
Members with non-compliant connections must take actions to avoid connectivity disruption, and must review, plan, and implement changes to ensure compliance.
Must also conduct configurations of TLS (Transport Layer Security) certificate and cipher specs, and the Network Data Mover (NDM) must have Secure+ installed.
Also use listed key exchange algorithms, ciphers, MACs, client side, accepted by DTCC.
Unencrypted FTP will not be supported and must be converted to SFTP connectivity method set up and connect with DTCC’s Client Connectivity Services to migrate.
Effectiveness
Compliance to DTCC security standards is mandatory by Dec. 31, 2024.
Sep. 2024 FIC, NSCC Secure Connections
On Sep. 30, 2024, DTCC issued notice re FICC GSD, MBSD, NSCC secure connections.
DTCC will begin disconnection of non-compliant connections starting with FTP, SFTP.
Unencrypted FTP will not be supported and must be converted to SFTP or alternative.
Migration to compliant protocol can take up to 3 months due to new configurations.
Client-side change only, which means that DTCC servers will be upgraded to accept only the secure encryption key exchange algorithms, ciphers, MACs listed in notice.
Members asked to review connections and contact connectivity team by Oct. 18, 2024.
Apr. 2025 DTCC Compliance Deadline
On Apr. 15, 2025, DTCC issued notice regarding deadline to apply secure file transfer protocol (SFTP) encryption standards no later than May 31, 2025 to avoid fines.
Participants that have not complied with the SFTP encryption requirements by May 31, 2025 will be in violation of DTCC Rule 2, section 11, and will be subject to $5,000 fine.
To avoid fines and service interruptions, it is imperative that participants complete testing by May 1, 2025 and implement required encryption standards by May 31, 2025
To ensure successful completion of SFTP encryption reconfiguration testing, DTC has 2 weekend test windows on Apr. 19 and Apr. 26, 2025, from 8:00am to 11:00am ET.
All non-compliant encryptions in Mainframe will be removed to facilitate testing.
Regulators
DTCC DR; FICC; NSCC
Entity Types
B/D; Depo; Exch
Reference
Nt MBS1437-25, GOV1947-25, B#21887-25, Nt a9583, 4/15/2025; Nt a9499, GOV1789-24, MBS1372-24, 9/30/2024; RN GOV1683-24, RN MBS1326-24, RN19981-24, RN a9419, 4/19/2024; Citation: DTCC Rule 2;
