Document TIB-FRM-EX-1.0
Issued 16 April 2026
Module of TIB-FRM-1.0
Verification Module — Exchanges & Trading Venues
Twenty-four binding criteria for verification engagements with regulated and digital-asset trading venues, multilateral trading facilities, and similar matching infrastructure.
© 2026 Stratinova LTD. All rights reserved.
About this module
This module (the EX Module) extends the universal TIB Integrity Standards with criteria specific to exchanges and trading venues, including digital-asset spot and derivatives venues, multilateral trading facilities, and similar matching infrastructure. It covers governance of matching infrastructure, order-book mechanics, surveillance, listing decisions, outage resilience, and (where applicable) custody integration.
The module adds twenty-four binding criteria (EX-1 through EX-24). It is informed by IOSCO Principles 32-38 (secondary markets), the WFE Best Practice principles for market integrity, and the CPMI-IOSCO Principles for Financial Market Infrastructures (PFMI) where structurally relevant.
Verification Module — Exchanges & Trading Venues
Twenty-four binding criteria with rationale, requirement, evidence rubric, illustrative cases, and cross-references.
Scope
This Module applies whenever the engagement covers a Firm operating an exchange, a multilateral trading facility, an organised trading facility, or a similar venue providing matching infrastructure to multiple participants in financial or digital-asset instruments.
Joint application
Where the venue takes custody of participant assets, the Custodians Module (TIB-FRM-CU) is invoked jointly. Where the venue also operates broker-style services for some participants, TIB-FRM-BR may be invoked jointly.
Out of scope
TIB does not assess regulatory licensing in any jurisdiction. Performance under exceptional load (DDoS, market-stress events beyond historical norms) is reviewed for governance — not benchmarked against absolute resilience standards.
Definitions
- Matching Engine — the core software that pairs buy and sell orders.
- Order Book — the live record of orders awaiting execution.
- Last Look — a practice (more common in FX markets) whereby an LP may reject an order within a brief window after request.
- Surveillance — systems and processes for detecting market abuse.
- Spoofing, Layering, Wash Trading — categories of market manipulation.
- PFMI — Principles for Financial Market Infrastructures (CPMI-IOSCO 2012).
Theme map
| Theme | Criteria | Universal pillar | Section |
|---|---|---|---|
| Matching engine governance | EX-1, EX-2, EX-3 | TIB-IS.3 Execution | § 4 |
| Order book transparency | EX-4, EX-5, EX-6 | TIB-IS.3 / TIB-IS.6 | § 5 |
| Last look and rejection | EX-7, EX-8 | TIB-IS.3 Execution | § 6 |
| Listing and delisting | EX-9, EX-10, EX-11 | TIB-IS.1 / TIB-IS.6 | § 7 |
| Market abuse surveillance | EX-12, EX-13, EX-14, EX-15 | TIB-IS.5 Risk | § 8 |
| Participant access controls | EX-16, EX-17 | TIB-IS.5 Risk | § 9 |
| Outage and recovery | EX-18, EX-19, EX-20 | TIB-IS.5 Risk | § 10 |
| Custody (where applicable) | EX-21, EX-22, EX-23, EX-24 | TIB-IS.2 Capital | § 11 |
Matching engine governance
Matching algorithm disclosure
The matching algorithm is the most consequential design choice of a venue. Public disclosure converts choice from a hidden lever into a contestable feature.
The matching algorithm (price-time, pro-rata, hybrid), tick-size regime, and order types accepted are publicly documented. Material changes are pre-notified.
Engine change control
Production changes to a matching engine are high-risk; segregation-of-duties and tested rollback are baseline expectations.
Production changes follow a documented change-control process: design review, test coverage, segregation-of-duties on deployment, rollback plan.
Self-trading and self-listing controls
Where the venue or its affiliates trade on the venue, conflicts arise. Where the venue lists its own token or affiliated tokens, the conflict is acute.
Self-trading by the venue / affiliates is governed by documented controls (information barriers, trading restrictions). Self-listing or affiliate-listing is governed by an independent listing review.
Order book transparency
Market data transparency
Pre- and post-trade transparency is the foundation of orderly markets. Where private order types interact with the lit book, the interaction must be documented.
Pre-trade depth and post-trade prints are published on a defined cadence. Where private order types (iceberg, hidden) operate, their interaction with the lit book is documented.
Time-in-force and self-trade prevention
Time-in-force semantics and self-trade-prevention logic must operate as documented; behavioural test from a participant connection demonstrates conformance.
Time-in-force and self-trade-prevention logic operate as documented and are testable from a participant connection.
Fee schedule transparency
Fee schedules — including maker / taker rebates and tiering — affect order-book outcomes. Transparency is a baseline.
Trading-fee schedule (including tier criteria) is publicly documented. Material changes pre-notified.
Last look and rejection
Last look disclosure
Last look is acceptable when used to manage credit and price-staleness; it is unacceptable when used asymmetrically.
Where the venue or its LPs operate last look, use, hold time, and asymmetric rejection ratio are disclosed. Last look used for risk-free price improvement is prohibited.
Cancel and modify behaviour
Cancel and modify semantics, especially under stress, must operate as documented and not advantage selected participants.
Cancel / modify processing time and queue behaviour are documented; behavioural test demonstrates conformance.
Listing and delisting
Listing committee and criteria
Listing decisions affect participant outcomes (especially in digital-asset venues). Documented criteria and a committee with managed conflicts is the integrity baseline.
Listing decisions are taken by a committee operating under documented criteria. Conflicts of interest of committee members are recorded and managed.
Listing-fee transparency
Pay-to-list practices, where they exist, must be disclosed; the appearance of pay-to-list compromises listing-decision integrity.
Listing fees (where charged) are publicly published. The decision to list is independent of fee-payment status.
Delisting governance
Delisting events affect participants holding the instrument. The process must include notice and orderly wind-down.
Delisting events follow a documented process with prior notice to participants and a defined wind-down for open positions.
Market abuse surveillance
Surveillance taxonomy
A documented surveillance taxonomy ensures that recognised abuse patterns are systematically tested for, not opportunistically detected.
The surveillance taxonomy covers market manipulation, layering / spoofing, wash trading, marking the close, and cross-venue manipulation. Coverage is mapped to instruments and venues.
Alert handling and SLA
Alerts must be triaged and investigated within defined timelines; persistent unaddressed alerts indicate surveillance breakdown.
Surveillance alerts are triaged within a defined SLA; investigations recorded; outcomes (no action / warning / restriction / removal) tracked.
Cross-venue manipulation detection
Manipulation patterns increasingly span multiple venues; detection requires either internal cross-venue capability or participation in industry-information-sharing frameworks.
Cross-venue manipulation patterns are detected via internal logic or via participation in industry-information-sharing arrangements.
Surveillance independence
Surveillance findings must not be subordinated to commercial interest in retaining participant flow.
Surveillance function operates with reporting independence from commercial leadership; material findings are not subject to commercial veto.
Participant access controls
Onboarding criteria
Participants are onboarded under documented criteria appropriate to venue category; sanctions and AML obligations are met.
Participants onboarded under documented criteria appropriate to venue category (institutional / retail / professional). Sanctions and AML/KYC obligations met.
Co-location and direct-market-access fairness
Where co-location and DMA are offered, the access terms must be fair and the latency profile published to inform participant choice.
Co-location and DMA offerings are available on documented, non-discriminatory terms; latency profile published.
Outage and recovery
Incident-response plan
Outages are inevitable; the integrity test is whether the response is rehearsed.
An incident-response plan covers partial and full outages: priority-of-restoration, participant communication cadence, post-outage trade-handling (cancellation / busting / preservation), and post-incident report.
Status-page operation
Real-time status page is the primary participant communication channel during incidents.
A status page operates independently of the primary platform infrastructure; updates during incidents follow documented cadence.
Trade-busting and cancellation policy
Post-trade busting and cancellation can affect participant outcomes materially; consistent rule-based application is required.
Trade-busting and cancellation policy specifies grounds, decision authority, communication protocol, and post-decision review.
Custody (where applicable)
Custody segregation (where applicable)
For venues taking custody of participant assets, segregation is the primary safeguarding control; this echoes universal pillar TIB-IS.2.
Segregation arrangements, hot/cold-wallet ratios (where relevant), insurance coverage, and reconciliation cadence are documented.
Withdrawal performance
For digital-asset venues, withdrawal performance is the empirical test of custody integrity from the participant perspective.
Withdrawal performance (request-to-disbursement) is monitored and disclosable on request.
Proof-of-reserves regime
Where proof-of-reserves attestations are published, the methodology and limitations must be transparent.
Where the venue publishes proof-of-reserves attestations, methodology, frequency, and limitations are disclosed.
Insurance and bug-bounty
Insurance and bug-bounty programmes signal mature security posture; their absence in venues taking custody is a material gap.
Insurance arrangements and bug-bounty programmes (where operated) are disclosed at the level of generality permitted.
Public Report sections
- Venue category — spot / derivative / hybrid; asset class(es) traded;
- Matching algorithm declaration;
- Surveillance coverage map — high-level coverage matrix;
- Custody arrangement — where venue takes custody.
Evidence pathway
| Evidence | Source | Frequency |
|---|---|---|
| Matching engine documentation | Engineering / product | Current state |
| Behaviour test from TIB connection | Test connection on production matching engine | One full test cycle |
| Listing committee minutes | Listing committee secretariat | Trailing 12 months |
| Surveillance alert sample | Surveillance system | Trailing 90 days, redacted |
| Custody reconciliation | Operations / treasury | 30-day sample |
| Incident-response evidence | SRE / operations | Recent post-mortems if applicable |
Limitations
- TIB does not assess regulatory compliance in any jurisdiction;
- Behaviour testing on production environment under controlled conditions; performance under exceptional load not within scope;
- Surveillance evaluation reviews framework and outcomes, not the discretion exercised in individual cases.
Module changelog
| Version | Effective | Approved by | Notes |
|---|---|---|---|
| TIB-FRM-EX-1.0 | 16 April 2026 | TIB Standards Committee | Initial publication. 24 binding criteria across 8 themes. |
Normative annex.
| Universal pillar | Module criteria contributing |
|---|---|
| TIB-IS.1 Governance | EX-3, EX-9, EX-15 |
| TIB-IS.2 Capital & Safeguarding | EX-21, EX-24 |
| TIB-IS.3 Order Handling & Execution | EX-1, EX-2, EX-4, EX-5, EX-7, EX-8 |
| TIB-IS.4 Payout Integrity | EX-22 |
| TIB-IS.5 Risk & Compliance | EX-12, EX-13, EX-14, EX-16, EX-18, EX-19 |
| TIB-IS.6 Disclosure & Conduct | EX-6, EX-10, EX-11, EX-17, EX-20, EX-23 |
Informative annex.
| Document code | TIB-FRM-EX-1.0 |
| Issuing authority | TIB Standards Committee |
| Effective date | 16 April 2026 |
Issuing entity
Stratinova LTD
Cyprus HE475207