Murex has completed SOC 1 Type 2 and SOC 2 Type 2 attestations for its software-as-a-service (SaaS) platform, MXSaaS, covering the period from July to December 2024. The examinations, carried out by KPMG, were finalized with no exceptions noted, building on the SOC 2 Type 1 attestation obtained in July 2024.
These independent assessments are part of increasingly critical standards in the financial sector for managing and safeguarding data. SOC 1 focuses on controls relevant to financial reporting, while SOC 2 Type 2 examines broader aspects, including security, availability, confidentiality, processing integrity, and privacy, over a sustained period — offering a more comprehensive view than the one-time assessment under SOC 2 Type 1.
Commenting on the development, Jonathan Coyle, Murex Global SaaS Director, said: “In today’s digital landscape, ensuring the security and integrity of our clients’ data is paramount. At Murex, security, compliance and trust are at the core of everything we do. As a leading SaaS provider in the finance industry, we understand the critical importance of safeguarding data, ensuring operational integrity, and adhering to the highest industry standards.”
For financial institutions increasingly relying on SaaS models to manage complex trading and risk systems, meeting recognized compliance frameworks like SOC is becoming a baseline expectation. Gauthier Lulka, Murex Deputy Chief Information Security Officer, added, “This progression of our independent, third-party probing of MXSaaS demonstrates our focus on the security of our clients and our software-as-a-service platform. We are proud of this latest step in our security journey.”
MXSaaS is used by global banks and financial institutions, and the attestations provide additional assurance as regulatory expectations on operational resilience and data security tighten. “MXSaaS serves clients of all sizes and across sectors, including major global financial institutions, to provide them with a peace-of-mind experience, as Murex experts fully manage the run and evolution of their MX.3 instance end-to-end, leveraging the power of the cloud,” Coyle said. “As regulatory and compliance frameworks in finance markets grow in complexity, it is crucial that we maintain and keep evolving the security of our platform and services to adhere to the highest standards in data protection and operational integrity. Our SOC 1 and SOC 2 Type 2 achievement underscores the confidence being built around MXSaaS.”
The company says it will continue investing in proactive risk management and operational resilience to support clients navigating a complex and evolving financial and regulatory landscape.
Murex’s MX.3 platform is a comprehensive, cross-asset solution designed to streamline trading, treasury, risk, and post-trade operations for financial institutions. It supports a wide array of asset classes and functions, automating and controlling the entire value chain. This integration facilitates collaboration across departments, breaking down silos between front office, finance, risk, and operations, thereby enhancing operational efficiency and accuracy.
To ensure regulatory compliance, MX.3 maintains long-term partnerships with market utilities, industry associations, and its customer base, easing adherence to evolving market standards. The platform supports compliance with various regulations, including clearing, collateral management, trade reporting, and risk management requirements. This commitment to regulatory readiness helps financial institutions manage the complexities of the evolving regulatory landscape effectively.
Commenting for RegTech Insight on the challenge of staying ahead of and managing regulatory change, Mickael De Oliveira Neves, Market and Regulatory Intelligence Manager at Murex notes, “Murex approaches regulatory changes at product and global levels. Product managers closely monitor regulatory developments in focus areas across jurisdictions, analyse requirements and integrate necessary adaptations into product roadmaps. At the global level, a regulatory intelligence team tracks trends, centralizes insights and ensures cross-domain coordination; senior management and the corporate compliance team contribute when relevant. With offices in 19 countries and strong local expertise, we proactively anticipate regulatory changes and support clients throughout their compliance journey. Our extensive regulatory knowledge and diverse client base enable us to provide tailored guidance and help clients effectively navigate complex regulatory landscapes.”
Subscribe to our newsletter