On March 7, 2013, the SEC proposed Regulation SCI (“Reg SCI”), which would replace existing voluntary standards applicable to securities exchanges, clearing agencies and certain other market participants with enforceable rules intended to better insulate trading markets from vulnerabilities posed by technology issues. Reg SCI addresses systems, compliance and integrity. The SEC believes the rule will protect investors and promote fair and orderly trading markets by assuring that all computer, network, electronic, technical, automated, or similar systems that impact trading markets (i) operate as intended, (ii) comply with all securities laws and regulations, and (iii) have adequate capacity, integrity, resiliency, availability, and security. The proposed rule targets those systems, whether in production, development, or testing, that directly support trading, clearance and settlement, order routing, market data, regulation, or surveillance. The rule would formalize, build upon, and make mandatory many provisions of the SEC’s voluntary Automation Review Policy (ARP), which have developed since ARP’s was first published in 1989.
As currently drafted, the proposal applies only to SCI Entities, defined specifically as: self-regulatory organizations (SROs), certain large volume alternative trading systems (i.e., dark pools and electronic communications networks, defined in the proposal as “ATSs”), plan processors, and exempt clearing agencies (of which there is presently only one). SCI Entity SROs include all national securities exchanges registered under the Securities Exchange Act of 1934, as amended, registered securities associations, registered clearing agencies, and the Municipal Securities Rulemaking Board (MSRB). Most SROs have already been voluntarily following the ARP guidelines, with many also participating in the SEC’s ARP Inspection Program. ATSs, however, were not covered by ARP. ATSs would become SCI Entities if they: (i) have NMS stock dollar volume comparable to SROs covered by proposed Regulation SCI or (ii) trade non-NMS stocks, municipal securities, and corporate debt securities and play a significant role in the market for such securities. SCI Entity “plan processors” would include any SRO or securities information processor acting as an exclusive processor in connection with the development, implementation and/or operation of any facility contemplated by an effective national market system (NMS) plan. The Commission is seeking comment on whether to extend the proposal’s reach to other entities.
Under the proposal, every SCI Entity would be required to:
- Carefully design, develop, test, maintain, and surveil those systems that are integral to its operations.
- Establish written supervisory procedures (WSPs) and make, keep and preserve records of compliance with Reg SCI, to be provided to the SEC upon request.
- Disseminate information regarding systems disruptions, system intrusions, and other events (“SCI Events”) to its members and participants, including the systems affected and a summary of each event.
- Inform its members or participants about SCI Events and provide information about the systems and market participants affected by the problem and the progress of corrective action.
- Take timely corrective action in response to SCI Events.
- Notify and provide the SEC with detailed information when SCI Events occur and of any material systems changes. Written notices would be filed electronically on new Form SCI.
- Conduct an annual review of its compliance with Reg SCI, and submit a report of the annual review to its senior management and the SEC.
- Provide SEC staff with access to its systems to assess compliance with Reg SCI.
While not specifically defined or covered under the proposed rule, “members and participants” of the SCI Entities would also be impacted. SCI Entities will need to designate members or participants it believes are necessary to the successful activation of their business continuity plans, and the SCI Entity must provide the SEC with its standards for selecting the designated members or participants. Those designated members or participants will be required to participate in scheduled functional and performance testing of the operation of such plans, once every twelve (12) months, coordinated on an industry or sector-wide basis with other SCI Entities.
The proposal comes in the wake of a technology issues roundtable convened by the SEC in October 2012. The SEC cites, among other factors, “recent technological issues in the securities markets including those that arose during the initial public offerings of Facebook and BATS Global Markets”, “the Knight Capital trading incident”, and “market closures following Superstorm Sandy” as reasons for the proposed rulemaking. The SEC believes technology failures affect confidence in the trading markets and put investors at risk.
While the SEC seeks commentary on how broadly to apply Reg SCI, it makes clear that the rules, as presently drafted, do not cover non-ATS broker-dealers, including clearing broker-dealers. In limiting Reg SCI, the SEC noted that Rule 15c3-5, which requires brokers or dealers with market access to implement risk management controls and supervisory procedures to limit risk, already seeks to address certain risks posed to the markets by broker-dealer systems.
The Commission notes in the proposal release that all broker-dealers are members of one or more SRO SCI Entities (such as FINRA and/or a national securities exchange), while participants on ATSs may include non-broker-dealer market participants. Even if Reg SCI does not cover these entities, by putting the restrictions on SROs and ATSs, the SROs and ATSs may, in turn, require their members and participants to adhere to the same or similar rules. The SEC’s sixty (60) day period seeking commentary on Reg SCI will expire on May 6, 2013.
Full text of the proposed rule can be found at http://www.sec.gov/rules/proposed/2013/34-69077.pdf