By Laura Anthony, Esq.
Rule 1002 contains the obligations with respect to SCI events, including corrective action, SEC notification and information dissemination. Under the Rule an SCI-delineated person must take the required action upon reasonably confirming that an SCI event has occurred. As such, the SEC requires an SCI entity to have written policies and procedures that “include the criteria for identifying responsible SCI personnel, the designation and documentation of responsible SCI personnel, and escalation procedures to quickly inform responsible SCI personnel of potential SCI events.” Such “responsible SCI personnel” means “for a particular SCI system or indirect SCI system impacted by an SCI event, such senior manager(s) of the SCI entity having responsibility for such system, and their designee(s).”
The Rule contains in-depth and detailed discussion of corrective actions, notification requirements and information dissemination requirements. In essence, the SEC must be immediately notified of all SCI events other than de minimis events, although even de minimis events contain recordkeeping requirements and must be included In SCI reports. Until the SCI event is resolved, the SCI entity must keep the SEC regularly updated as to the progress of the investigation and resolution of the event, and must file a report with the SEC once the event is resolved. Subject to certain exceptions, the SCI entity must disseminate information to its members and participants regarding all SCI events.
Rule 1003 contains requirements related to material system changes, and SCI reviews. In particular, Rule 1003 requires quarterly reports to the SEC describing completed, ongoing, and planned material systems changes to its SCI systems and security of indirect SCI systems. Rule 1003 also requires a minimum of an annual review of an SCI entity’s compliance with Regulation SCI.
Rule 1004 contains requirements related to business continuity and disaster recovery plan testing. As with notification requirements, an SCI entity must designate certain personnel to complete business continuity and disaster recovery plan testing. In particular, the SCI entity must designate those members or participants “that the SCI entity reasonably determines are, taken as a whole, the minimum necessary for the maintenance of fair and orderly markets in the event of the activation of such plans.” Such testing must be completed at least once every 12 months.
The recordkeeping and electronic filing requirements of Regulation SCI are laid out in Rules 1005 through 1007.
Click Here To Print- LC PDF Printout Regulation SCI
Note 1: Read Part I of this Article. Click HERE
Note 2: Read Part II of this Article. Click HERE
Note 3: Read Part III of this Article. Click HERE
Note 4: Original appeared on Legal & Compliance, LLC on 12 April 2016. Click HERE
Securities attorney Laura Anthony is the founding partner of Legal & Compliance, LLC, a corporate, securities and business transactions law firm. The firm’s experienced legal team provides ongoing corporate counsel to small and mid-size private companies, OTC and exchange traded issuers as well as private companies going public on the NASDAQ, NYSE MKT or over-the-counter market, such as the OTCQB and OTCQX. For nearly two decades Legal & Compliance, LLC has served clients providing fast, personalized, cutting-edge legal service. The firm’s reputation and relationships provide invaluable resources to clients including introductions to investment bankers, broker-dealers, institutional investors and other strategic alliances.