SEC Adopts Regulation SCI (with Delta Strategy Group Summary)
The SEC voted to adopt new rules designed to strengthen the technology infrastructure of the U.S. securities markets.
The rules, which comprise Regulation Systems Compliance and Integrity ("Regulation SCI"), impose requirements on certain key market participants and are intended to reduce the occurrence of systems issues and improve resiliency when systems problems occur.
Under Regulation SCI, SROs and certain alternative trading systems ("ATSs"), plan processors and exempt clearing agencies will be required to have comprehensive policies and procedures in place for their technological systems. The rules also provide a framework for these entities to, among other things, (i) take appropriate corrective action when systems issues occur, (ii) provide notifications and reports to the SEC regarding systems problems and systems changes, (iii) inform members and participants about systems issues, (iv) conduct business continuity testing and (v) conduct annual reviews of their automated systems.
The new rules will become effective 60 days after their publication, which is expected shortly, in the Federal Register. Entities that are subject to Regulation SCI generally must comply with the requirements within nine months after the effective date. An ATS that meets the volume thresholds in the rules for the first time will be provided with an additional six months in which to comply, starting from the time at which the ATS first meets the applicable thresholds. Additionally, entities will have 21 months from the effective date in which to comply with the industry or sector-wide coordinated testing requirement.
SEC Chair White called Regulation SCI "a major step forward in what is . . . a continuous process of enhancing the technological infrastructure of our markets." She highlighted four particular aspects of the rules:
- the rules are broader than the voluntary program they replace – since they cover exchanges, clearing agencies, FINRA, the MSRB, securities information processors and certain ATSs – and treat platforms differently that trade exclusively corporate and municipal debt securities because fixed income markets rely less on automation and electronic trading and exhibit considerably less liquidity;
- the rules require comprehensive programs for technology to ensure that market systems have the necessary "levels of capacity, integrity, resiliency, availability, and security" to maintain operational capability and promote fair and orderly markets;
- the rules demand action if a systems incident occurs, requiring a covered entity to take "prompt corrective action" and notify the SEC, as well as their members and participants; and
- the rules enhance responsibility and accountability by requiring market participants to report quarterly to the SEC about systems changes, as well as undertake an annual review of compliance with Regulation SCI, to be performed by "objective personnel," that is required to be reviewed by senior management and filed with the SEC.
Commissioners Luis Aguilar and Kara Stein both voiced support of the rules, but agreed that more work must be done, since the rules "fail to provide even basic protections for certain aspects of our capital markets' technological infrastructure." In particular, Commissioner Aguilar noted that Regulation SCI will not apply to entities that present "very serious risks," such as those that run proprietary trade algorithms.
Click here to view a summary of the meeting and final rules by Delta Strategy Group.
See: Text of Regulation SCI Final Rules; SEC Press Release; SEC Staff Guidance on Current SCI Industry Standards. See also: Chair White's Opening Statement; Commissioner Piwowar's Statement of Support; Commissioner Gallagher's Statement of Support; Commissioner Aguilar's Statement; Commissioner Stein's Statement; SIFMA's Statement of Support.