In early March, the US Securities and Exchange Commission (SEC) proposed new Regulation Systems Compliance and Integrity (Regulation SCI) to require entities important to the functioning of the US securities markets “to carefully design, develop, test, maintain, and surveil systems integral to their operations”. At a minimum, Regulation SCI would apply to certain self-regulatory organisations, (including registered clearing agencies), alternative trading systems, plan processors and exempt clearing agencies subject to the SEC’s Automation Review Policy program (ARP).

Regulation SCI would supersede and replace ARP, which is a voluntary information technology review program created in response to the October 1987 market break and set forth in two policy statements issued in 1989 (ARP I) and 1991 (ARP II). In a nutshell, the SEC published ARP because it was concerned about the potential for systems failures to negatively impact public investors, broker-dealer risk exposure and market efficiency. However, ARP’s ability to enforce compliance by its voluntary participants has always been limited since it was established pursuant to SEC policy statements, rather than formal rulemaking. Moreover, after more than two decades, it is painfully clear that ARP has failed to keep up with faster and more technologically advanced markets.

SEC Commissioner Luis A. Aguilar noted how recent events have demonstrated how quickly technology systems can become a destructive force with devastating consequences. In particular, Commissioner Aguilar summarised the following system-related issues:

The Flash Crash of 6 May 2010. In just a few moments, nearly $1 trillion in market value evaporated before making a partial recovery.

Apr-Jun 2013 Issue

Berkeley Research Group