It’s Time the Industry Focuses on Something Constructive: Reg SCI & Cybersecurity
By Joanna Fields, Principal, Aplomb Strategies
The Regulation Systems Compliance and Integrity implementation date of November 3, 2015 is fast approaching, yet there are a myriad of questions that remain unresolved for third-party broker-dealers. While market participants have engaged in a heated debate for the past year around the inherent complexities of the U.S. market structure arising out of Regulation National Market Structure, the industry has become stymied by an unfortunate fictional narrative around trading illegalities. The unfortunate consequence of all this uncertainty is that individual investors once again shied away from investing in U.S. equities.
The U.S. Securities and Exchange Commission has taken significant first steps in shifting the conversation into a productive dialogue by standing firmly behind U.S. capital markets, approving Reg SCI and focusing on cybersecurity requirements across the industry. However, the SEC cannot be responsible for boosting investor confidence on its own.
The reality is that today’s U.S. Markets are driven by highly complex technology systems. The networks connecting broker-dealer platforms, and market center matching engines have become so intertwined and entangled that it is virtually impossible to decouple them. Due to the intricate Gordian Knot of today’s technology, the effective implementation of SEC requirements needs all market participants to work together to ensure that unintended risks are not unwittingly introduced.
Let’s consider the impact of the rift on the industry that its failure to come together and focus on important projects will cause, and reflect on the requirements proscribed by Reg SCI with regards to routing, market data and clearing and settlement requirements for third-party broker-dealers. The compliance implementation for Reg SCI is November 3, and specific reporting guidelines for third-party broker-dealers remains unspecified. Keeping in mind that covered Reg SCI entities are not autonomous, distinct market centers, which rely heavily on the inter-connectivity of technology systems to meet existing regulatory requirements. Today, exchanges use third-party broker-dealers to route both option and stock orders to ensure compliance with Reg NMS and Distributive linkage trade through requirements. Option exchanges also utilize third party broker dealers for smart order routing and stock routing for options tied to stock orders. Third-party broker-dealers for some exchanges and Alternative Trading Systems (ATS) provide the market data feed handlers. In addition, third-party broker-dealers for ATS often provide interim clearing and settlement services before an execution clears at DTCC.
The inherent complexity of securing technology platforms and creating a robust set of cybersecurity protocols is not a challenge limited to the financial industry. Consider the following example: you receive an email from your boss, you respond to the email without checking the exact email address, whether it is a personal account and not a broker-dealer owned email address (or simply “.gov”). Your outlook email server clearly states that you have received an email from your boss, his or her name is clearly displayed in the “from” field, and you respond to a direct question or request. Yet, as recent news dictates, such a simple act can result in unintended consequences. Email is a technology platform that is not reserved for MIT graduates and quantitative algorithmic programmers. Most market participants understand and think they know how to use email correctly and securely. Yet, consider the amount of confidential customer information that is transferred back and forth across email servers without being encrypted. This should be kept in mind, with regards to the perspective challenges the SEC faces in designing requirements to build a resilient and secure capital market system.
The myriad of technology systems, interlocking connections and number of users of differing technology platforms has created the potential for a significant number of points of failure in today’s financial market system. The SEC needs the industry to focus on the realities of the markets, not fictional narratives.
Aplomb Strategies is a market structure consulting firm with regulatory financial technology development capabilities. The company is based in New York.