Regulation SCI: Final Rules Relating to the Technology Infrastructure of U.S. Securities Markets: New, Mandatory Regulatory Framework for the Technological Systems of Exchanges, Certain Alternative Trading Systems, Plan Processors and Exempt Clearing Agencies

Sullivan & Cromwell LLP - January 9, 2015

On November 19, 2014, the SEC adopted new rules to improve the technological infrastructure of securities markets. Regulation Systems Compliance and Integrity (“Regulation SCI”) will apply to a range of market participants, including certain self-regulatory organizations and alternative trading systems. The final rules create a comprehensive compliance framework that requires an entity subject to Regulation SCI (an “SCI entity”) to:

  • establish, maintain and enforce written policies and procedures reasonably designed to ensure that certain systems of the entity have levels of capacity, integrity, resiliency, availability and security adequate to maintain the SCI entity’s operational capability and promote the maintenance of fair and orderly markets;
  • establish, maintain and enforce written policies and procedures reasonably designed to achieve compliance with the Securities Exchange Act of 1934, the rules and regulations thereunder and the SCI entity’s rules and governing documents;
  • take appropriate corrective actions when responsible SCI personnel (as defined in Section II.D below) have a reasonable basis to conclude that an SCI event (as defined in Section II.C. below) has occurred; such corrective action would include, at a minimum, mitigating potential harm to investors and market integrity and devoting adequate resources to remedy the SCI event as soon as reasonably practicable;
  • notify the Securities and Exchange Commission within 24 hours of SCI events (other than the de minimis events which are subject to quarterly reporting), with follow-up notifications culminating in a final report upon resolution of the event;
  • disseminate information promptly to market members and participants upon any responsible SCI personnel having a reasonable basis to conclude that a systems disruption or systems compliance has occurred;
  • prepare quarterly and supplemental reports regarding material systems changes;
  • conduct a review of the SCI entity’s compliance with Regulation SCI not less than once each calendar year;
  • test business continuity and disaster recovery plans not less than once each calendar year;
  • comply with recordkeeping requirements; and
  • make electronic filings on the new Form SCI.
Regulation SCI will become effective on February 3, 2015, and the compliance date for most of its requirements will be nine months thereafter.