By Laura Anthony, Esq.
The SEC adopted Regulation Systems Compliance and Integrity (Regulation SCI) on November 3, 2015 to improve regulatory standards and processes related to technology in the securities business including by financial services firms. Regulation SCI was originally proposed in March 2013. Security and standards related to technological processes, data storage and systems has been a top priority of the SEC over the last few years and continues to be so this year.
Technology has transformed the securities industry over the last years both in the area of regulatory oversight such as through algorithms to spot trading anomalies that could indicate manipulation and/or insider trading issues, and for market participants through enhanced speed, capacity, efficiency and sophistication of trading abilities. Enhanced technology carries the corresponding risk of failures, disruptions and of course hacking/intrusions. Moreover, as U.S. securities market systems are interconnected; an issue with one entity or system can have widespread consequences for all market participants.
Regulation SCI was proposed and adopted to require key market participants to have comprehensive written policies and procedures to ensure the security and resilience of their technological systems, to ensure systems operate in compliance with federal securities laws, to provide for review and testing of such systems and to provide for notices and reports to the SEC. Key market participants generally include national securities exchanges and associations, significant alternative trading systems (such as OTC Markets, which has confirmed is in compliance with the Regulation), clearing agencies, and plan processors.
Prior to enactment of Regulation SCI, there was no formal regulatory oversight of U.S. securities markets technological systems. Rather, oversight was historically through a voluntary Automation Review Policy (“ARP”). Under the ARP, the SEC created an ARP Inspection Program as well as policy statements and ongoing guidance. Compliance with ARP policies has been included in rules over the years, including Regulation ATS for high-volume automated trading systems. Although most major market participants, including SRO’s and national exchanges, participate in the ARP program, it remained voluntary and the SEC had no power to ensure compliance or enforce standards.
In recent years technology has outpaced the ARP program’s reach. Today the U.S. securities markets are almost entirely electronic and, as noted in the SEC rule release, “highly dependent on sophisticated trading and other technology, including complex and interconnected routing, market data, regulatory, surveillance and other systems.” The need for a codified regulatory system has been amplified by real-world issues such as, for example, the effects of hurricane Sandy on DTC and the markets in general; the multiple occasions of halting and delay of trading on exchanges due to systems issues; the highly publicized NYSE breakdown resulting in orders being booked at incorrect prices as well as multiple well-known breaches in security. In fact, the SEC rule release contains multiple pages of examples of breakdowns and issues with technology in the markets.
Overview of Regulation SCI
Regulation SCI consists of 7 rules (Rules 1000 through 1007) as follows: (i) Rule 1000 contains definitions, including defining an SCI entity; (ii) Rule 1001 contains the policies and procedures requirements for SCI entities for operational capability, the maintenance of fair and orderly markets and systems compliance; (iii) Rule 1002 contains the obligations of SCI entities when there is an SCI defined event, including corrective measures, SEC notification and public notification; (iv) Rule 1003 contains requirements related to material changes and SCI reviews; (v) Rule 1004 contains requirements related to business continuity and disaster testing; (vi) Rule 1005 contains recordkeeping requirements; (vii) Rule 1006 contains requirements related to electronic filings and submissions; and (viii) Rule 1007 contains requirements for service bureaus.
Regulation SCI broadly defines an SCI Entity as “an SCI self-regulatory organization, SCI alternative trading system, plan processor, or exempt clearing agency subject to ARP” and then contains drilled-down definitions within the broad categories. Regulation SCI is meant to encompass and include any entity that is significant in the operation and maintenance of fair and orderly markets.
SCI self-regulatory organizations include registered national securities associations (FINRA being the only one), all national securities exchanges, registered clearing agencies (DTC) and the Municipal Securities Rulemaking Board (MSRB). As a side note, there are currently 18 registered national securities exchanges including: (1) BATS Exchange, Inc. (“BATS”); (2) BATS Y-Exchange, Inc. (“BATS-Y”); (3) Boston Options Exchange LLC (“BOX”); (4) CBOE; (5) C2; (6) Chicago Stock Exchange, Inc. (“CHX”); (7) EDGA Exchange, Inc. (“EDGA”); (8) EDGX Exchange, Inc. (“EDGX”); (9) International Securities Exchange, LLC (“ISE”); (10) Miami International Securities Exchange, LLC (“MIAX”); (11) NASDAQ OMX BX, Inc. (“Nasdaq OMX BX”); (12) NASDAQ OMX PHLX LLC (“Nasdaq OMX Phlx”); (13) Nasdaq; (14) National Stock Exchange, Inc. (“NSX”); (15) NYSE; (16) NYSE MKT; (17) NYSE Arca; and (18) ISE Gemini, LLC (“ISE Gemini”).
Securities attorney Laura Anthony is the founding partner of Legal & Compliance, LLC, a corporate, securities and business transactions law firm. The firm’s experienced legal team provides ongoing corporate counsel to small and mid-size private companies, OTC and exchange traded issuers as well as private companies going public on the NASDAQ, NYSE MKT or over-the-counter market, such as the OTCQB and OTCQX. For nearly two decades Legal & Compliance, LLC has served clients providing fast, personalized, cutting-edge legal service. The firm’s reputation and relationships provide invaluable resources to clients including introductions to investment bankers, broker-dealers, institutional investors and other strategic alliances.
Note: Original appeared on Legal & Compliance, LLC on 12 April 2016. Click HERE