all clearing agencies that are exempt from registration; and certain large broker-dealers, in particular, those that exceed a total assets threshold or a transaction activity.
Proposed Rule (410 pages):
The Securities and Exchange Commission (“Commission” or “SEC”) is proposing amendments to Regulation Systems Compliance and Integrity (“Regulation SCI”) under the Securities Exchange Act of 1934 (“Exchange Act”). The proposed amendments would expand the definition of “SCI entity” to include a broader range of key market participants in the U.S. securities market infrastructure, and update certain provisions of Regulation SCI to take account of developments in the technology landscape of the markets since the adoption of Regulation SCI in 2014. The proposed expansion would add the following entities to the definition of “SCI entity”: registered security-based swap data repositories (“SBSDRs”); registered broker-dealers exceeding an asset or transaction activity threshold; and additional clearing agencies exempted from registration. The proposed updates would amend provisions of Regulation SCI relating to: (i) systems classification and lifecycle management; (ii) third party/vendor management; (iii) cybersecurity; (iv) the SCI review; (v) the role of current SCI industry standards; and (vi) recordkeeping and related matters. Further, the Commission is requesting comment on whether significant-volume ATSs and/or broker-dealers using electronic or automated systems for trading of corporate debt securities or municipal securities should be subject to Regulation SCI.
The Securities and Exchange Commission today proposed amendments to expand and update Regulation Systems Compliance and Integrity (SCI), the set of rules adopted in 2014 to help address technological vulnerabilities in the U.S. securities markets and improve Commission oversight of the core technology of key U.S. securities markets entities (SCI entities).
“I am pleased to support this proposal because, consistent with maintaining orderly markets, these amendments would help promote the capacity, integrity, resiliency, availability, and security of critical intermediaries,” said SEC Chair Gary Gensler. “Technology plays an expansive and expanding role supporting our market systems, and our markets would benefit if we updated Reg SCI to reflect those changes. I think it’s important also to broaden Reg SCI to include a number of key market participants and enhance the standards those market participants must meet. Taken together, these amendments would make key market participants more robust, resilient, and secure. That benefits our markets.”
Trading and technology have evolved since Regulation SCI’s adoption in 2014. The growth in electronic trading allows ever-increasing volumes of securities transactions in a broader range of asset classes at increasing speed by competing trading platforms, including those offered by broker-dealers that play multiple roles in the markets. New types of registered entities that are highly dependent on interconnected technology have entered the markets. The prevalence of remote workforces and increased outsourcing to third party providers continue to drive the markets’ and market participants’ reliance on new and evolving technology.
To reflect technological developments in the markets, the proposed amendments would expand the scope of SCI entities to include registered security-based swap data repositories; all clearing agencies that are exempt from registration; and certain large broker-dealers, in particular, those that exceed a total assets threshold or a transaction activity threshold in national market system stocks, exchange-listed options contracts, US Treasury securities, or Agency securities.
The proposed amendments would also strengthen the requirements Regulation SCI imposes on SCI entities, including by requiring that an SCI entity’s policies and procedures include the maintenance of a written inventory and classification of all SCI systems and a program for life cycle management; a program to prevent the unauthorized access to such systems and information therein; and a program to manage and oversee certain third-party providers, including cloud service providers, of covered systems.
The proposed amendments would also expand the types of SCI events experienced by an SCI entity that would trigger immediate notification to the Commission, update the rule’s annual SCI review and business continuity and disaster recovery testing requirements, and update certain of the regulation’s recordkeeping provisions.
The proposing release will be published in the Federal Register. The public comment period will remain open until 60 days after the date of publication of the proposing release in the Federal Register.
Statement on Amendments to Regulation SCI Chair Gary Gensler
Statement on Amendments to Regulation S-P, Cybersecurity Risk Management, and Amendments to Regulation SCI Commissioner Caroline A. Crenshaw