Washington, D.C., March 7, 2013 — The Securities and Exchange Commission today unanimously proposed new rules to require certain key market participants to have comprehensive policies and procedures in place surrounding their technological systems.
The SEC’s proposal called Regulation SCI would replace the current voluntary compliance program with enforceable rules designed to better insulate the markets from vulnerabilities posed by systems technology issues.
Self-regulatory organizations, certain alternative trading systems, plan processors, and certain exempt clearing agencies would be required to carefully design, develop, test, maintain, and surveil systems that are integral to their operations. The proposed rules would require them to ensure their core technology meets certain standards, conduct business continuity testing, and provide certain notifications in the event of systems disruptions and other events.
"While it’s not possible to prevent every technological error that market participants may commit, we must ensure that our regulations are designed to minimize their impact on our markets and ultimately investors," said SEC Chairman Elisse B. Walter. "Reg SCI would provide more explicit technology and control standards to help ensure that our markets remain resilient against technological vulnerabilities."
The SEC will seek public comment on Reg SCI for 60 days following its publication in the Federal Register.
FACT SHEET
Improving Systems Compliance and Integrity
SEC Open Meeting
March 7, 2013
March 7, 2013
Background
Today’s securities markets rely extensively on technology more than ever before. As with any industry, the consequences can be significant when technology goes awry.
The high-speed automated trading that occurs both on national securities exchanges and alternative trading systems has heightened the potential for a technological problem to broadly impact the market.
Following the Flash Crash in May 2010, the SEC approved a series of measures to help limit the impact of such technological errors. For instance, the SEC approved rules to halt trading when a stock price falls too far, too fast as well as rules to provide certainty in advance of when an erroneous trade would be broken and rules to eliminate stub quotes.
Additionally, the SEC approved a rule known as the market access rule, which requires brokers and dealers with market access to put in place risk management controls and supervisory procedures designed to manage the financial, regulatory, and other risks posed to the markets by a malfunctioning of their technological systems.
Automation Review Policy
There are no mandatory rules governing the automated systems of self-regulatory organizations, such as national securities exchanges, clearing agencies, FINRA, and the MSRB. Instead, for the past two decades, they have followed a voluntary set of principles articulated in the SEC’s Automation Review Policy and participated in what is known as the ARP Inspection Program.
Recent technological issues in the securities markets including those that arose during the initial public offerings of Facebook and BATS Global Markets as well as the Knight Capital trading incident have shown that investors can be put at risk when technology fails, and confidence in the markets can falter.
The SEC convened a roundtable in October 2012 to discuss how market participants could prevent or at least mitigate systems issues, and how the response to such issues could be improved. The market closures following Superstorm Sandy also highlight the importance of having a robust market technology infrastructure. These events and discussions have helped shape the development of the rulemaking being proposed today.
Proposed Rule — Regulation SCI
The set of rules proposed by the Commission — called Regulation Systems Compliance and Integrity (Regulation SCI) — would formalize and make mandatory many of the provisions of the SEC’s Automation Review Policy that have developed during the last two decades. The proposed rule applies the policy and proposes additional measures to entities at the heart of U.S. securities market infrastructure in order to protect that infrastructure.
Regulation SCI would seek to ensure:
These entities conduct business continuity testing with their members or participants.
These entities provide certain notifications regarding systems disruptions and other types of systems issues.
Regulation SCI is intended to reduce the chance of technology problems occurring in the first place and ensure that key entities are well-positioned to take appropriate corrective action if problems do occur.