Your browser is unsupported

Please visit this URL to review a list of supported browsers.

ESG at ICE

Managing Risk & Ensuring Business Continuity

Our Board of Directors is responsible for overseeing ICE's risk management process, which includes management of general operational risks, as well as particular risks facing our various businesses. With the assistance of our Audit and Risk Committees and our Subsidiary Boards, the Board oversees that our assets are properly safeguarded, that appropriate financial and other controls are maintained, and that our business is conducted prudently and in compliance with applicable laws, regulations and our corporate governance guidelines.

We have an Enterprise Risk Management team, led by the Chief Corporate Risk Officer. The team includes regional Chief Risk Officers that oversee each business unit: clearing houses, exchanges, trade repositories and the data and benchmark services.

We employ a three-lines model to enterprise risk management, a concept endorsed by the Institute of Internal Auditors. This framework helps ensure strong redundancies and preparation.

  • The first line is comprised of management and is responsible for the day-to-day operation of the business and the associated risks
  • The second line serves an oversight and challenge function from a risk perspective and includes our Enterprise Risk Management, Legal & Compliance, Financial Controls, Human Resources and Information Security Assurance teams
  • Internal Audit is the third line and serves to provide an independent check and additional assurances that risks are anticipated and mitigated

Cybersecurity and data protection


ICE ensures both the physical and digital security of our markets, clearing houses, data and mortgage software through industry-leading security technology and processes. Our Information Security Department consists of diverse and skilled teams that work to protect confidential data and systems from unauthorized access, misuse, disclosure, destruction, modification or disruption.

We employ the activities, processes and strategies to help evaluate, manage and address these risks, which are described in our 10-K.

System Resiliency, Business Continuity Planning, Disaster Recovery


ICE maintains a robust technology infrastructure and business continuity strategy designed to ensure the reliability and security of our critical market operations.

Operational resilience framework

Our comprehensive approach to operational resilience encompasses:

  • Structured incident management processes
  • Fault-tolerant and concurrently maintainable infrastructure designs
  • Regular validation of operational readiness
  • Board-level technology governance oversight

Infrastructure and technology

We implement redundancy strategies across:

  • Critical operational systems
  • Network and technological infrastructure
  • Data management, data protection and recovery platforms

Organizational preparedness

Our resilience strategy is supported by:

  • Mandatory enterprise-wide business continuity training
  • Proven incident response capabilities
  • Mature disaster recovery and business continuity processes

By maintaining a dynamic and comprehensive approach to operational continuity, we mitigate potential disruptions and preserve the integrity of our critical services.