New rules proposed by the U.S. Securities and Exchange Commission that would require market participants to have comprehensive policies and procedures in place surrounding their technological systems need more teeth in order to be effective, market participants and regulators say.
The rules—called Regulation Systems Compliance and Integrity (Regulation SCI)—are set to formalize and make mandatory many of the provisions of the SEC’s Automation Review Policy.
“Although this is a positive step in the right direction, I am concerned that rule proposal does not require that an external review of compliance with Regulation SCI be conducted on a periodic basis by an independent third party in order to reduce the risk of conflicts of interests,” said SEC commissioner Luis Aguilar in a statement. “Simply stated, an internal review may not be as robust and complete due to competing internal business pressures.”
Regulation SCI is seeking to ensure that core technology of national securities exchanges, significant alternative trading systems, clearing agencies and plan processors meet certain standards, that they conduct business continuity testing with their members or participants, and that they provide certain notifications regarding systems disruptions and other types of systems issues.
“While we hope that the result of the new regulation is a positive change, we firmly believe that there will always be a place for expert third parties to provide innovative, affordable solutions that both meet the regulatory requirements, but also contribute positively to the community of financial institutions engaged in the capital markets,” said Jay Hinton, global product manager at risk systems provider Mantara.
Aguilar said that the proposed rule needs to be changed to mandate compliance with a specific set of Commission-identified minimum standards to ensure that entities establish, maintain and enforce written policies and procedures reasonably designed to ensure that the entity’s systems provide adequate levels of capacity, integrity, resiliency, availability and security.
“While the rule proposal provides a set of model policies and procedure for entities to consider, it fails to require minimum standards for policies and procedures,” said Aguilar at the SEC. “As a result, the rule proposal may not provide enough assurance that the resulting policies and procedures will meet the goals of the rule.”
Noted Mantara’s Hinton: “We applaud the SEC on moving to increase the stability of market structure. There is clearly a need for all parties involved to increase the robustness of the underlying systems used by market participants, and to assuage investors' faith in the soundness of the system. That said, there will always be a need to monitor and control risk, which does not rely simply on testing or alert procedures.”
In recent years, the securities markets have undergone significant changes, and none has had more impact than the development of technology systems with ever-increasing speed and capacity. “Unfortunately, these systems can just as quickly become a destructive force with devastating consequences,” Aguilar said.
Rule SCI is part of a broader review of market structure changes envisioned by the SEC as a response to the May 2010 'flash crash', such as individual stock and market-wide circuit breakers, banning stub quotes, placing market maker obligations on high-frequency trading and subjecting dark pools and dark orders to a minimum price improvement mandate.