Thursday, December 4, 2014

FACTSHEET: Improving Systems Compliance and Integrity (REG SCI)

FACT SHEET



Improving Systems Compliance and Integrity

SEC Open Meeting
March 7, 2013

Background

Today’s securities markets rely extensively on technology more than ever before. As with any industry, the consequences can be significant when technology goes awry.
The high-speed automated trading that occurs both on national securities exchanges and alternative trading systems has heightened the potential for a technological problem to broadly impact the market.
Following the Flash Crash in May 2010, the SEC approved a series of measures to help limit the impact of such technological errors. For instance, the SEC approved rules to halt trading when a stock price falls too far, too fast as well as rules to provide certainty in advance of when an erroneous trade would be broken and rules to eliminate stub quotes.
Additionally, the SEC approved a rule known as the market access rule, which requires brokers and dealers with market access to put in place risk management controls and supervisory procedures designed to manage the financial, regulatory, and other risks posed to the markets by a malfunctioning of their technological systems.

Automation Review Policy

There are no mandatory rules governing the automated systems of self-regulatory organizations, such as national securities exchanges, clearing agencies, FINRA, and the MSRB. Instead, for the past two decades, they have followed a voluntary set of principles articulated in the SEC’s Automation Review Policy and participated in what is known as the ARP Inspection Program.
Recent technological issues in the securities markets including those that arose during the initial public offerings of Facebook and BATS Global Markets as well as the Knight Capital trading incident have shown that investors can be put at risk when technology fails, and confidence in the markets can falter.
The SEC convened a roundtable in October 2012 to discuss how market participants could prevent or at least mitigate systems issues, and how the response to such issues could be improved. The market closures following Superstorm Sandy also highlight the importance of having a robust market technology infrastructure. These events and discussions have helped shape the development of the rulemaking being proposed today.

Proposed Rule — Regulation SCI

The set of rules proposed by the Commission — called Regulation Systems Compliance and Integrity (Regulation SCI) — would formalize and make mandatory many of the provisions of the SEC’s Automation Review Policy that have developed during the last two decades. The proposed rule applies the policy and proposes additional measures to entities at the heart of U.S. securities market infrastructure in order to protect that infrastructure.
Regulation SCI would seek to ensure:
  • Core technology of national securities exchanges, significant alternative trading systems, clearing agencies, and plan processors meet certain standards.
     
  • These entities conduct business continuity testing with their members or participants.
     
  • These entities provide certain notifications regarding systems disruptions and other types of systems issues.
Regulation SCI is intended to reduce the chance of technology problems occurring in the first place and ensure that key entities are well-positioned to take appropriate corrective action if problems do occur.

Proposed Scope

The proposed rule would apply to “SCI entities,” a term that would include:
  • Self-regulatory organizations (the registered national securities exchanges, registered clearing agencies, FINRA, and MSRB).
     
  • Alternative trading systems that exceed specified volume thresholds (SCI ATSs).
     
  • Disseminators of market data under certain National Market Systems plans (“plan processors”).
     
  • Certain clearing agencies exempt from SEC registration.
It would apply primarily to the systems of SCI entities that are core to the functioning of the securities markets, such as those that directly support trading, clearance and settlement, order routing, market data, regulation, or surveillance.

Proposed Provisions

Under the proposed rule, each SCI entity would be required among other things to:
  • Establish policies and procedures relating to the capacity, integrity, resiliency and security of its technology systems.
     
  • Establish policies and procedures to ensure its systems operate in the manner intended, including in compliance with relevant federal securities laws and rules.
     
  • Take timely corrective action in response to systems disruptions, systems compliance issues and systems intrusions.
     
  • Notify and provide the SEC with detailed information when such systems issues occur as well as when there are material changes in its systems. Written notices would be filed electronically on new Form SCI.
     
  • Inform its members or participants about certain systems problems and provide information about the systems and market participants affected by the problem and the progress of corrective action.
     
  • Conduct an annual review of its compliance with Regulation SCI, and submit a report of the annual review to its senior management and the SEC.
     
  • Designate certain individuals or firms to participate in the testing of its business continuity and disaster recovery plans at least once annually, and coordinate such testing with other entities on an industry- or sector-wide basis.
     
  • Provide SEC staff with access to its systems to assess compliance with Regulation SCI.

What’s Next

A 60-day public comment period will follow Reg SCI’s publication in the Federal Register.

SEC rule takes aim at trading system glitches

The Securities and Exchange Commission approved new rules Wednesday to make sure that the systems that Wall Street trades run on are robust and vigilant enough to stand up to cyberattacks and technological glitches.

Regulation Systems, Compliance, and Integrity (or Regulation SCI) will create a framework for overseeing the complex systems that operate on Wall Street — and, increasingly, clash with each other, get hacked or fail.

"In today's markets, a single rogue algorithm can trigger a cascading series of errant trades, destroying billions of dollars of market value in the blink of an eye," says SEC Commissioner Luis Aguilar.

The most dramatic example was the Flash Crash on May 6, 2010, when the Dow Jones industrial average plunged 1,000 points, or nearly 9%, in minutes — only to recover nearly as quickly.
The new rules require periodic stress tests of system capacity, as well as requirements that companies report and address problems and malfunctions to the SEC immediately.

Previous systems rules on Wall Street were largely voluntary, and the original version was simply conceived as a codification of voluntary review. SEC staff worked with public comments to streamline the regulations and reduce the burden on the companies involved. "These companies have an enlightened self-interest in getting things right," said Commissioner Daniel Gallagher.

"As I have emphasized time and again, the critical infrastructure of the American securities markets must be built on the best, most robust technology feasible," SEC Chair Mary Jo White said in her opening statement. "Failures must be minimized and, when they occur, they must be remediated as quickly as possible and promptly reported to the commission."

"Much more can and needs to be done," Commissioner Kara Stein noted, objecting that some smaller trading platforms were exempted from the new rules, as well as to broker-dealers who operate proprietary platforms.

The commission passed the regulation, 5-0.

USA Today
11/19/2014
Link