SEC Proposes Rules to Keep Markets Functioning

Battered by Hurricane Sandy, equity exchanges based in New York were forced to suspend trading for two days in October. Now regulators are requiring exchanges and providers of other services crtical to keeping markets functioning to take steps to prevent failures from human error, software glitches, or extreme weather and natural disasters.

Earlier this month, the Securities and Exchange Commission proposed Regulation SCI, which demands greater stability and resilience in exchange markets when problems arise. The proposed rule, (the acronym stands for “systems, compliance, and integrity”) requires exchanges and clearing houses to have policies and procedures in place to maintain and secure their technology, and it replaces a voluntary program for exchanges and self-regulatory organizations that dates back to 1989.

In addition to natural disasters like Superstorm Sandy, “flash crashes,” more common as automated trading gets faster and faster, have prompted the plans for new rules. In 2010, nearly $1 trillion in market value was lost due to irrational price swings blamed on computer glitches. In August 2012, Knight Capital Group suffered a $440 million trading loss from its own software failure. The buzz around Facebook's initial public offering made the opening bell chaos that accompanied it even more problematic for Nasdaq.

Shifting these voluntary measures to formalized rulemaking, Regulation SCI requires covered firms to establish and enforce policies and procedures designed to ensure that systems have adequate levels of capacity, integrity, resiliency, availability, and security. The rule will also require testing business continuity and disaster recovery plans on at least an annual basis and coordinating testing with other entities on an industry- or sector-wide basis.

All records related to Regulation SCI must be maintained and available to SEC examiners upon request. Notifications and reports will be made electronically, using a proposed Form SCI.

“By requiring that exchanges adopt compliance systems, the regulation will help ensure the proper functioning of the markets on a technical level,” says Thomas Gorman, a partner with the law firm Dorsey & Whitney. “This should help ensure that there are fewer difficulties with market operation from technical issues.”

Circuit Breakers

The proposed regulation will build upon other efforts the SEC already has underway, many focused on high-speed trading technology. On April 8, new rules go into effect with market-wide circuit breakers based on movements in the S&P 500, rather than the Dow Jones Industrial Average used currently. The SEC has also put new rules in place for a new limit-up/limit-down mechanism to pause trading when markets move too far, too fast.

Another initiative, the Market Information Data Analytics System, code-named MIDAS, is a powerful system that analyzes the details of orders posted on national exchanges, including all modifications, cancellations, and off-exchange executions. In a recent speech, SEC Chairman Elisse Walter said it will allow for an “unprecedented aggregation of trading information data,” allowing the Commission to better understand mini-flash crashes and detect illegal behaviors.  

Formalizing the push for best practices is a necessary, albeit long overdue effort, says Joseph Saluzzi, partner and co-founder of Themis Trading, an institutional agency brokerage firm. “Up until this point they've come to the gunfight with a knife, and it is has been a real small knife,” Saluzzi says of the SEC's oversight of exchanges. “With things like MIDAS, maybe the knife is a little bit bigger, but they still don't have guns.”

“By requiring that exchanges adopt compliance systems, the regulation will help ensure the proper functioning of the markets on a technical level.”

—Thomas Gorman,

Partner,

Dorsey & Whitney

The big weapon, he says, is getting a planned consolidated audit trail (CAT) operational. In July, the SEC approved a rule requiring national securities exchanges and SROs to establish a market-wide consolidated audit trail. Where MIDAS collects public data, CAT will capture, in real time, non-public data as well, not just trades and when they were executed, but also, for example, the identities of the parties to the trades.

The rule requires SROs to jointly submit a "National Market System" to create, implement and maintain a consolidated audit trail. Each national securities exchange and the Financial Industry Regulatory Authority (FINRA), as well as their respective members, will be required to provide detailed information to a central repository on each quote and order, and each reportable event, including origination, modification, cancellation, routing, and execution. The data will be tagged and linked in a way that allows regulators to follow an order through its entire life cycle.

Among the more than two dozen companies that have announced plans to submit a bid for the project are Google, IBM, NYSE Technologies, Nasdaq OMX Group, BATS Global Markets, SunGard Data Systems, Tradeworx, Thomson Reuters; Infosys, Grant Thornton, Sapient and FINRA itself.

“The risk-reward equation for electronic trading has evolved, and the industry is learning precisely how difficult these systems are to build,” says Joshua Walsky, CTO of Broadway Technology, a provider of financial trading solutions and consulting services for global banks and hedge funds. “With more parties participating in varied ways, the complexity has increased dramatically and the margin for error has plummeted.”

No Silver Bullet

Still, some say the new rules won't completely protect markets from hiccups or even complete breakdowns based on problems like weather or technology glitches. “Policies and guidelines [such as Regulation SCI] may set minimum standards, but you cannot regulate error-free software, nor can any single set of practices or policies guarantee error-free software for an entire industry,” Walsky says. “Ultimately firms will need to innovate their own understanding of system risk and mechanisms for managing it, and design their own internal policies and procedures.”

Insight into what some firms are doing emerged during a technology and trading roundtable the SEC held in September.

Two Sigma Securities, a market maker, suggested in submitted comments that regulators and broker-dealers need to work together on software development and management, including best practices for code review, deployment, and upgrades. Trading systems should be built with real-time monitoring and automated alerts to stop trading when pre-defined risk limits are violated, Executive Principal David Weisberger wrote. No single software bug should be capable of simultaneously affecting both the trading strategy and the monitoring software.

REG SCI FACT SHEET

The following is from a “fact sheet” issued by the Securities and Exchange Commission on the proposed Regulation SCI.

The set of rules proposed by the Commission—called Regulation Systems Compliance and Integrity (Regulation SCI)—would formalize and make mandatory many of the provisions of the SEC's Automation Review Policy that have developed during the last two decades. The proposed rule applies the policy and proposes additional measures to entities at the heart of U.S. securities market infrastructure in order to protect that infrastructure.

Regulation SCI would seek to ensure:

Core technology of national securities exchanges, significant alternative trading systems, clearing agencies, and plan processors meet certain standards.

These entities conduct business continuity testing with their members or participants.

These entities provide certain notifications regarding systems disruptions and other types of systems issues.

Regulation SCI is intended to reduce the chance of technology problems occurring in the first place and ensure that key entities are well-positioned to take appropriate corrective action if problems do occur.

Proposed Scope

The proposed rule would apply to “SCI entities,” a term that would include:

Self-regulatory organizations (the registered national securities exchanges, registered clearing agencies, FINRA, and MSRB).

Alternative trading systems that exceed specified volume thresholds (SCI ATSs).

Disseminators of market data under certain National Market Systems plans (“plan processors”).

Certain clearing agencies exempt from SEC registration.

It would apply primarily to the systems of SCI entities that are core to the functioning of the securities markets, such as those that directly support trading, clearance and settlement, order routing, market data, regulation, or surveillance.

Proposed Provisions

Under the proposed rule, each SCI entity would be required among other things to:

Establish policies and procedures relating to the capacity, integrity, resiliency and security of its technology systems.

Establish policies and procedures to ensure its systems operate in the manner intended, including in compliance with relevant federal securities laws and rules.

Take timely corrective action in response to systems disruptions, systems compliance issues and systems intrusions.

Notify and provide the SEC with detailed information when such systems issues occur as well as when there are material changes in its systems. Written notices would be filed electronically on new Form SCI.

Inform its members or participants about certain systems problems and provide information about the systems and market participants affected by the problem and the progress of corrective action.

Conduct an annual review of its compliance with Regulation SCI, and submit a report of the annual review to its senior management and the SEC.

Designate certain individuals or firms to participate in the testing of its business continuity and disaster recovery plans at least once annually, and coordinate such testing with other entities on an industry- or sector-wide basis.

Provide SEC staff with access to its systems to assess compliance with Regulation SCI.

Source: SEC.

“Too many firms ignore the dominant role of technology in our markets and relegate technologists to the ‘back office' within their firms with significant limitations on their decision-making authority,” Weisberger said. “As a result, many firms build systems piecemeal without designing operational risk mitigation into the fabric of their systems and processes. Since technology errors can threaten the integrity of the market as a whole, firms must consider technology risks as part of their core business jointly with input from compliance professionals and risk officers.”

Scott Goebel, senior vice president and general counsel for Fidelity Investments, detailed practices in place for his firm at the roundtable. Among them, multi-national “war rooms” to provide crisis management for incidents with trading systems.

As formalized compliance procedures are mandated, regulators must do a better job looking under the hood of the technology they oversee, says Cheyenne Morgan, an analyst with TABB Group. “How can you implement rules when you don't even know how the [technology] works? Participants will be much more open to regulation, and working with regulators, if they feel they are better educated about what they are doing,” she says.

A positive step in this direction, she says, is that the SEC and Federal Bureau of Investigation recently announced they will work cooperatively on efforts to investigate high-frequency trading by firms for evidence of market manipulation. Doing so, they intend their scrutiny to delve deep into the very code these algorithmic systems are built upon.

Increased scrutiny comes at a cost. Firms covered by Regulation SCI have pushed back against the expense and resource demands, Morgan says. “There is concern about the cost of implementing compliance procedures, and many firms are already outsourcing that because they are too small to undertake it internally,” she says.

To build confidence with investors, more transparency and greater responsibility among market participants is important, says Cromwell Coulson, CEO of OTC Markets Group, which operates an SEC-regulated alternative trading system. “However, we have concerns that the complexity of the new rules will overwhelm the cost-benefit to markets. We don't want to create another Sarbanes-Oxley,” he says.

While Saluzzi agrees that added compliance burdens may be difficult to bear for second- and third-tier exchanges that are “hanging on by a thread right now,” he thinks these hardships may have “a hidden benefit.”

“Maybe we'll start to see some consolidation," he says. “If some of them close up shop that will reduce the market fragmentation that shouldn't exist in the first place.”