SEC Reaches Out on Reg SCI

Terry Flanagan

The U.S. Securities and Exchange Commission has opened registration for outreach programs to help firms comply with an SEC rule that aims to protect investors by strengthening the technology underpinning U.S. securities markets.

The Commission adopted Regulation Systems Compliance and Integrity, or Regulation SCI, in November 2014 and compliance with many of its requirements begins this fall. Those subject to Regulation SCI are required to have comprehensive policies and procedures for their technological systems, conduct business continuity testing, annually review their automated systems and take appropriate corrective action when system issues occur.

The SEC’s Office of Compliance Inspections and Examinations (OCIE) Technology Controls Program, in coordination with the SEC’s Division of Trading and Markets, is sponsoring the compliance outreach program. The program is targeted to Chief Information Officers, Chief Information Security Officers, and other senior personnel responsible for enhancing their firms’ systems compliance and integrity programs.

Outreach programs will be held on July 16 at the SEC’s New York Regional Office and on July 29 at the SEC’s Chicago Regional Office. The events will include panel discussions on the regulatory framework of Regulation SCI, compliance obligations, and the monitoring and examination processes.

“The compliance outreach program provides an opportunity for the SEC and regulated entities to discuss compliance issues associated with Regulation SCI,” said OCIE Acting Director Marc Wyatt in a statement. “We look forward to exchanging information and discussing ways to strengthen the technology infrastructure of the U.S. securities markets.”

Registration is designed for professionals at entities subject to Regulation SCI. If registrations exceed capacity, CEOs, Chief Compliance Officers, Chief Information Officers, Chief Information Security Officers and Chief Regulatory Officers from entities subject to Regulation SCI will be given priority on a first-registered basis.

On April 30, the SEC’s Division of Investment Management issued guidance for investment companies and advisers in addressing cybersecurity risks. The guidance urges firms to conduct a periodic assessment of the information that the firm collects, processes and/or stores, as well as internal and external cybersecurity threats to and vulnerabilities of the firm’s information and technology systems. The guidance recommends creating a strategy designed to prevent, detect, and respond to cybersecurity threats, and implementing the strategy through written policies and procedures.

Featured image by WPPilot. Licensed under CC BY 4.0 via Wikimedia Commons

Related articles

  1. Richard Turner of Insight Investment sees more automation and more transparency around cost and outcomes.

  2. The suite enables GAM to seamlessly manage market risk exposure and liquidity and investment risk.

  3. Asset manager anticipates an SEC decision on converting its fund to a spot bitcoin ETF by early July.

  4. Fidelity continues to hire thousands to support cryptocurrency.

  5. Tradeweb Draws Buy Side in Europe

    Net sales registered net outflows of €3bn, compared to €42bn in March 2022.