SEC Reaches Out on Reg SCI

Terry Flanagan

The U.S. Securities and Exchange Commission has opened registration for outreach programs to help firms comply with an SEC rule that aims to protect investors by strengthening the technology underpinning U.S. securities markets.

The Commission adopted Regulation Systems Compliance and Integrity, or Regulation SCI, in November 2014 and compliance with many of its requirements begins this fall. Those subject to Regulation SCI are required to have comprehensive policies and procedures for their technological systems, conduct business continuity testing, annually review their automated systems and take appropriate corrective action when system issues occur.

The SEC’s Office of Compliance Inspections and Examinations (OCIE) Technology Controls Program, in coordination with the SEC’s Division of Trading and Markets, is sponsoring the compliance outreach program. The program is targeted to Chief Information Officers, Chief Information Security Officers, and other senior personnel responsible for enhancing their firms’ systems compliance and integrity programs.

Outreach programs will be held on July 16 at the SEC’s New York Regional Office and on July 29 at the SEC’s Chicago Regional Office. The events will include panel discussions on the regulatory framework of Regulation SCI, compliance obligations, and the monitoring and examination processes.

“The compliance outreach program provides an opportunity for the SEC and regulated entities to discuss compliance issues associated with Regulation SCI,” said OCIE Acting Director Marc Wyatt in a statement. “We look forward to exchanging information and discussing ways to strengthen the technology infrastructure of the U.S. securities markets.”

Registration is designed for professionals at entities subject to Regulation SCI. If registrations exceed capacity, CEOs, Chief Compliance Officers, Chief Information Officers, Chief Information Security Officers and Chief Regulatory Officers from entities subject to Regulation SCI will be given priority on a first-registered basis.

On April 30, the SEC’s Division of Investment Management issued guidance for investment companies and advisers in addressing cybersecurity risks. The guidance urges firms to conduct a periodic assessment of the information that the firm collects, processes and/or stores, as well as internal and external cybersecurity threats to and vulnerabilities of the firm’s information and technology systems. The guidance recommends creating a strategy designed to prevent, detect, and respond to cybersecurity threats, and implementing the strategy through written policies and procedures.

Featured image by WPPilot. Licensed under CC BY 4.0 via Wikimedia Commons

Related articles

  1. Investors are seeking the tax efficiency, trading flexibility and cost benefits of ETFs.

  2. Low Bond Yields Force Pensions’ Hand

    US Department of Labor has allowed pension plan fiduciaries to consider ESG factors.

  3. Goldman Sachs Asset Management agreed to pay a $4m penalty.

  4. FINRA membership marks further momentum in WisdomTree Securities' digital strategy.

  5. The prior administration’s restrictions on retirement plans and ESG were removed.