Technological advancements have brought many benefits to our nation's equity markets, including the ability to collect and analyze vast amounts of data and quickly execute trades. With the equity markets now increasingly dependent on automated systems, the SEC sought to develop a regulatory framework to uphold the integrity and resiliency of the systems that run the U.S. securities markets.
Reg SCI applies to certain key market participants, referred to as "SCI entities." Under the rule, the SCI entities would include:
- self-regulatory organizations (SROs);
- plan processors;
- clearing agencies; and
- alternative trading systems (ATSs) that exceed volume thresholds.
Reg SCI does not cover securities futures exchanges, the NFA or ATSs that exclusively trade municipal or corporate debt.
The identified SCI entities are required to design, develop, test, maintain and surveil systems that are integral to their operations. The rules require SCI entities to "ensure their core technology meets certain standards, conduct business continuity testing, and provide certain notifications in the event of systems disruptions and other events." The provisions of the rule impose obligations for the entities, their personnel and their technology systems. SCI entities must implement and enforce policies and procedures related to capacity, integrity, resiliency, availability and security of its SCI systems. These requirements cover software development, stress tests, collection of market data, system monitoring, cybersecurity, business continuity and disaster recovery planning, periodic reviews and plans to promptly remedy any deficiencies. Finally, SCI entities must establish procedures to identify and periodically review who they have designated as "SCI personnel" responsible for SCI systems.
Reg SCI became effective February 3, 2015. The compliance date is November 3, 2015, with some exceptions.
In today's automated, technology driven market, systems issues are an unfortunate but inevitable reality. SIFMA believes that regulation is this area, including Regulation Systems Compliance and Integrity (Reg SCI), should focus not only on the prevention of systems issues, but also on containing and minimizing them if they should occur.