04:00 PM

SCI: A Whale of a Regulation

The SEC's Reg SCI weights in at a whopping 742 pages. Here is what you need to know about the oversized regulation.

Though I have all the mandatory mobile devices, including a tablet and an e-reader, I still find it easier to come to terms with regulations in hard copy. Somehow the act of marking up the document and scribbling notes in the margins helps me get through the thicket of terms and references.

So last Wednesday, as soon as it was issued, I dutifully downloaded the final version of the SEC's Regulation Systems Compliance and Integrity (Reg SCI) and fired up my old inkjet. Then I headed out to lunch. An hour or so later, I returned to find the laptop out of memory, the printer stalled mid-job, and the whole situation in a bit of a mini-meltdown.

As you have probably guessed, the problem was the length of Reg SCI. At 742 pages, it defies not only printing but also any kind of easy interpretation. For a frame of reference, Reg NMS was only 371 pages. Much of the document consists of background and a detailed response to the more than 60 comment letters received since the regulation was proposed in March 2013. But there is a lot to get through, no matter how you look at it. Here, I try to give an overview by posing some key questions, so at least you can decide if you need to delve into it further.

Does Reg SCI apply to me?
Not likely, unless you work for one of the 44 "SCI entities" listed in the regulation. These include 18 registered national securities exchanges, seven registered clearing agencies, and 14 alternative trading systems (ATS).

But there are a couple of caveats to this. The regulation applies to systems operated "by or on behalf of" these entities, and it states explicitly that covered systems operated by third parties fall under the regulation. Also, the SEC has left open the door to expanding the coverage of Reg SCI down the road to include additional categories of market participants, such as "non-ATS broker-dealers, security-based swap dealers, investment advisers, investment companies, transfer agents, and other key market participants."

What does it cover?
Reg SCI is a comprehensive update of the approach to overseeing the US securities markets' technology infrastructure. It requires SCI entities to establish written policies and procedures regarding systems capacity, integrity, resiliency, availability, and security adequate to maintain their operational capability. It also requires the entities to participate in scheduled testing of the operation of their business continuity and disaster recovery plans and to coordinate such testing with other SCI entities. It requires the entities to take corrective action with respect to SCI events, defined to include "systems disruptions, systems compliance issues, and systems intrusions," and to notify the SEC (and, in some cases, internal parties) of such events. Finally, Reg SCI requires the entities to conduct an annual review of their systems by objective, qualified personnel and to submit quarterly reports regarding completed, ongoing, and planned material changes to their SCI systems to the SEC.

When does it become effective?
The regulation will become effective 60 days after publication in the Federal Register. The compliance date then follows nine months after it becomes effective, except for alternative trading systems that are being brought in based on new thresholds. The industry- or sector-wide coordinated testing requirement also has different compliance periods.

Jennifer L. Costley, Ph.D. is a scientifically-trained technologist with broad multidisciplinary experience in enterprise architecture, software development, line management and infrastructure operations, primarily (although not exclusively) in capital markets. She is also a ... View Full Bio
More Commentary
A Wild Ride Comes to an End
Covering the financial services technology space for the past 15 years has been a thrilling ride with many ups as downs.
The End of an Era: Farewell to an Icon
After more than two decades of writing for Wall Street & Technology, I am leaving the media brand. It's time to reflect on our mutual history and the road ahead.
Beyond Bitcoin: Why Counterparty Has Won Support From Overstock's Chairman
The combined excitement over the currency and the Blockchain has kept the market capitalization above $4 billion for more than a year. This has attracted both imitators and innovators.
Asset Managers Set Sights on Defragmenting Back-Office Data
Defragmenting back-office data and technology will be a top focus for asset managers in 2015.
4 Mobile Security Predictions for 2015
As we look ahead, mobility is the perfect breeding ground for attacks in 2015.
Register for Wall Street & Technology Newsletters
Stressed Out by Compliance, Reputational Damage & Fines?
Stressed Out by Compliance, Reputational Damage & Fines?
Financial services executives are living in a "regulatory pressure cooker." Here's how executives are preparing for the new compliance requirements.