Changes created by the growth in electronic trading have prompted the SEC to propose amendments to Regulation Systems Compliance and Integrity (SCI). The set of rules was originally adopted in 2014 to oversee the core technology of key US securities market entities (SCI entities).
The SEC wants to expand the scope of SCI entities to include registered security-based swap data repositories; all clearing agencies that are exempt from registration; and certain large broker-dealers.
The amendments would also require SCI entities to maintain;
- a written inventory and classification of all SCI systems;
- a program for life cycle management;
- a program to prevent unauthorized access to any such systems;
- a program to manage and oversee certain third-party providers, including cloud service providers.
SEC chair Gary Gensler said: “Technology plays an expansive and expanding role supporting our market systems, and our markets would benefit if we updated Reg SCI to reflect those changes.”
“I think it’s important also to broaden Reg SCI to include a number of key market participants and enhance the standards those market participants must meet. Taken together, these amendments would make key market participants more robust, resilient, and secure. That benefits our markets.”
New types of entity
The press release announcing the proposals mentions the fact that “New types of registered entities that are highly dependent on interconnected technology have entered the markets” and says changes are needed because: “The prevalence of remote workforces and increased outsourcing to third party providers continue to drive the markets’ and market participants’ reliance on new and evolving technology.”
The proposals also suggest expanding the type of SCI events experienced by SCI entities that trigger immediate notification to the Commission, updating annual review and business recovery testing requirements and also updating recordkeeping provisions.