Enabling Higher Trust in FDC3

Find out more about Symphony

Open industry standards are essential for driving collaboration and innovation in the context of financial technology. By lessening the need to constantly “reinvent the wheel,” these standards, along with open source, help to accelerate technology development and adoption. The Financial Desktop Connectivity and Collaboration Consortium, or FDC3, is part of this general movement towards openness and interoperability in the financial technology space.

FDC3 was founded on the idea of making it easier for applications written by different parties to talk to one another. A trader typically needs to work between multiple displays, copying and pasting any relevant information from one application to another. Implementing FDC3 allows context to be shared automatically between these applications—saving time and reducing manual errors, with common use cases ranging from pre-trade through post-trade.

As a member of FINOS, the leading Linux Foundation forum for open source innovation, Symphony has been instrumental in helping develop FDC3 and promoting its use among our constituency of global capital markets institutions. Symphony has worked to standardize DIP integration APIs that allow our customers to choose any Desktop Integration Platform provider to support their use of FDC3. Recently, I had the opportunity to present identity and security solutions that enable new transactional use cases with FDC3 at the 2024 Open Source in Finance Forum in New York. I believe that these latest developments can lead to even greater adoption of FDC3 by financial services firms.

Data interoperability within and between organizations

The FDC3 open standard supports intra-firm data exchange for organizations that lack the time or resources to build custom integrations for each set of applications. FDC3 provides an even greater benefit for exchanges between firms, as it is the only standardized way of making inter-firm interoperability possible.

FDC3 also helps legacy technology integrate with modern applications more easily on a user interface level. Instead of having to rewrite an entire legacy program, you can write a few connectors following FDC3 specifications to allow the program to interact with other applications. For example, you may have a legacy charting application with large amounts of specific business logic that you don’t want to rewrite: by adding a few endpoints, the application can receive an FDC3 request to display certain currency pairs or securities. Or, you could provide the application with an FDC3 button so that it can broadcast a request to place an order for a certain currency pair.

Applying FDC3 to high-trust use cases

Following our “Identity over FDC3” prototype at the FINOS Hackathon in May 2023, Symphony was chosen to lead the identity and security stream within FDC3. We worked with experts from FINOS, desktop providers, and architects from multiple major financial institutions.

FDC3’s previously limited security features had meant that the standard was primarily used for no-trust use cases such as “view news” or “set the context to a certain country.” Deeper transactional integrations, such as between a buy side and a sell side, require stronger guarantees around identity and security. A solution would need to answer the questions of how to trust incoming information, and how to control who receives outgoing information. The buy side expects full confidentiality when requesting information in order to prevent exposure of trading activity, and the sell side obviously wants to prevent the leakage of sensitive transactions.

Our group developed a two-part solution consisting of signed contexts and encrypted channels. For the build out, Wellington Management would act as the buy side, while Morgan Stanley represented the sell side. Each would have a pair of asymmetric keys, and make the public key available. When sending a query for information on a product, the Wellington application signs the context with their private key. When receiving this query, Morgan Stanley can verify the identity of the sender against Wellington’s public key. In order to reply, the Morgan Stanley application sets up an encrypted channel, generating a symmetric channel key and wrapping it with Wellington’s public key before sending it out. In this way, only Wellington can decrypt the information sent back in this channel. Other applications, and even the desktop agent itself, do not have access to the channel key required to decrypt.

This solution is vendor agnostic by design—one of our requirements being to avoid desktop agent impact, since most people already have their desktop agents deployed. Signatures can be used without breaking existing implementations; they are just an optional field at the end of any context. The encrypted channels only require new intents (key exchange) and contexts (encrypted wrapper), and neither require desktop agent upgrades.

Once this is done, applications no longer need to trust the desktop agent or any other applications running on the desktop agent. We predict that all these changes will make it easier for firms to adopt FDC3. Application developers can control what information they share with which counterparties. Users can reduce tedious rekeying of information. Organizations can cut on costs associated with fragmented systems.

Openness and security

When it comes to openness and security, Symphony has always been a pioneer. These core values are integral to Symphony’s platforms. Symphony’s Messaging platform is built with completely end-to-end encrypted communications, where two firms can talk to each other in a zero-trust framework, while also enforcing strict identity authentication and authorization. At the same time, it is built around the idea of an open, global directory for financial services. Over the years, our open-source interface has allowed for more integrations between desktop applications and our FDC3-compatible Messaging platform.

We view openness and security as both an ethos and a set of technological solutions. So we’re ideally positioned to bring identity and security solutions to FDC3. Many of the lessons we’ve learned over the last 10 years building our technologies have been applied to FDC3 solutions.

Adopting the FDC3 standard

Standards like FDC3 are crucial to our industry’s ability to innovate because they make bringing new technologies together more cost effective and efficient. Over time, firms have realized that it is in everyone’s interest to standardize on these basic technology requirements and free up their own teams to work on true business value-drivers.

For firms considering FDC3, I recommend assigning a team to collect what people inside your firm want to do with FDC3, so that you can define a common dictionary of contexts. For FDC3 to begin to pay off, two applications need to have the same way of describing the same piece of data. The benefits thereafter are even greater. And of course it helps to reach out to a technology provider that is an active member of FINOS and involved with FDC3. As a founding member of FINOS, Symphony is ideally placed to help companies take that next step towards FDC3 implementation.

And finally, an ask! Firms should also contribute their own contexts and experiences. By contributing back to FINOS, you’re ensuring that third parties working in the same space are going to be compatible with what you’re doing, and that’s going to drive long-term interoperability and efficiency gains for everyone.

Future of FDC3

There are new possibilities for FDC3 to come. FDC3 for web browsers, for one, allows interoperability between webapps, without the need for local installation. In future this technology could also allow interoperability between devices—for example, taking the context of an instrument search on your phone and applying it to your FDC3 session when you are back at your desk.

Videos not loading? Check that you’ve accepted cookies or watch all on Vimeo directly here

Secure Inter-App Communication with FDC3

Yannick Malins (Symphony), Usha P. Chintalapati (Wellington Management), and Kiran Shahane (Morgan Stanley) demonstrate how FDC3-enable applications can trust and verify communications between buy side and sell side through signed contexts and encrypted channels.

Find out more about Symphony

Related resources