On November 19, 2014, the five commissioners of the U.S. Securities and Exchange Commission (SEC) unanimously voted to adopt Regulation SCI, which stands for Systems Compliance and Integrity, to govern the technology infrastructure of the U.S.’s securities exchanges and certain other trading platforms and market participants. The new rules, first proposed in March 2013, are designed to minimize disruptions to the U.S.’s markets and enhance the capability of exchanges and trading platforms to respond to, and remedy, breakdowns in their systems. The rules are the first updates in more than two decades to the technological standards governing exchange-based automated trading systems.
The adoption of Regulation SCI demonstrates the SEC’s commitment to requiring greater vigilance from the entities it regulates on cybersecurity and technological risks. Although Regulation SCI will apply to a relatively narrow category of entities whose systems pose the gravest risk to national trading, the SEC noted that the rules, or a subset of them, may be extended to additional market participants in the future. Also, the SEC’s Office of Compliance Inspections and Examinations issued a risk alert earlier this year similarly indicating that other SEC-regulated entities, such as registered broker-dealers and investment advisors, also need to address their controls over system integrity and risk. As one of the commissioners noted in approving Regulation SCI, “it is imperative that all market participants and registrants are vigilant about identifying and protecting against cybersecurity threats.” This announcement comes on the heels of a recent finding that financial services companies plan to bolster their cybersecurity budgets by about $2 billion over the next two years, according to a PricewaterhouseCoopers survey.
Click here to read the full alert.