Technological advancements have brought many benefits to our nation's equity markets, including the ability to collect and analyze vast amounts of data and quickly execute trades. With the equity markets now increasingly dependent on automated systems, the SEC is seeking to develop a regulatory framework to uphold the integrity and resiliency of the systems that run the U.S. securities markets.
Proposed Reg SCI - Who Does it Apply To?
Reg SCI would apply to certain key market participants, referred to in the proposal as "SCI entities." Under the proposal, the SCI entities would include:
- self-regulatory organizations (SROs);
- plan processors;
- clearing agencies; and
- alternative trading systems (ATSs) that exceed volume thresholds.
Proposed Reg SCI - What Would it Require?
If implemented as proposed, the identified SCI entities would be required to design, develop, test, maintain and surveil systems that are integral to their operations. The proposed rules would require SCI entities to "ensure their core technology meets certain standards, conduct business continuity testing, and provide certain notifications in the event of systems disruptions and other events."
The provisions of the proposed rule are intended to achieve the following:
- Capacity, Integrity, Resiliency, Availability, and Security: Establish, maintain, and enforce written policies and procedures relating to "the capacity, integrity, resiliency and security" of applicable systems.
- Systems Compliance: Establish, maintain, and enforce written policies and procedures to ensure that applicable systems operate in the manner intended, including being in compliance with relevant federal securities laws, rules, and regulations.
- Corrective Action: Allow for timely corrective action in response to glitches, compliance issues and systems intrusions.
- Commission Notification: Provide notification to the SEC with detailed information when systems issues occur, or when material systems changes are planned to be implemented.
- Dissemination of Information to Members or Participants: Promptly inform members or participants of with key information regarding systems issues that have occurred.
- SCI Review: Conduct annual reviews of its compliance with Regulation SCI, and submit a report to regulators.
- Business Continuity Testing and Planning: Test business continuity and disaster recovery plans, including backup systems, at least once annually, and coordinate the testing of such plans on an industry - or sector - wide basis with other SCI Entities.
- Access: Provide SEC staff with access to its systems to assess compliance.
The SEC will seek public comment until May 24, 2013, before next steps are taken in the rulemaking process.
In today's automated, technology driven market, systems issues are an unfortunate but inevitable reality. SIFMA believes that regulation is this area, including Regulation Systems Compliance and Integrity (Reg SCI), should focus not only on the prevention of systems issues, but also on containing and minimizing them if they should occur.