In recent years, the securities markets have undergone significant changes, and none has had more impact than the development of technology systems with ever-increasing speed and capacity. These systems are so fast that, in a blink of an eye, millions of trades can take place and billions of dollars can be transferred from buyers to sellers.1 Unfortunately, these systems can just as quickly become a destructive force with devastating consequences.
Some of the better-known examples of recent system-related issues include:
These recent events highlight the need for the Commission to develop a secure, robust, and reliable regulatory framework to ensure that our capital markets develop and maintain systems with sufficient capacity, integrity, resiliency, availability, and security.
Today’s rule proposal, Regulation SCI (Systems Compliance and Integrity), is a step in the right direction. It is an important step forward from the purely voluntary program we have today as a result of the Commission’s 1989 policy statement, which states that SROs, on a voluntary basis, should establish comprehensive planning and assessment programs to determine systems capacity and vulnerability. At that time, the Commission noted the impact that systems problems and failures could have on public investors, broker-dealer risk exposure, and market efficiency.12 Clearly, the voluntary program has failed, as the above examples illustrate.
The proposed rule would move beyond the current voluntary program and requires entities to, among other things, (i) establish, maintain, and enforce written policies and procedures reasonably designed to ensure that its systems have adequate levels of capacity, integrity, resiliency, availability, and security to maintain the entity’s operational capability and promote the maintenance of fair and orderly markets; (ii) mandate participation in scheduled testing of the operation of the entity’s business continuity and disaster recovery plans, including backup systems, and coordinate such testing on an industry- or sector-wide basis with other entities; and (iii) make, keep, and preserve records relating to the matters covered by Regulation SCI, and provide them to Commission representatives upon request. The proposal also would require that entities submit all required written notifications and reports to the Commission electronically using new proposed Form SCI. These are all welcomed improvements.
However, although this is a positive step in the right direction, I am concerned that today’s rule proposal does not:
Moreover, I am concerned that today’s rule proposal would allow an explicit safe harbor for entities and their employees that establish and maintain policies and procedures that are reasonably designed to comply with Regulation SCI. Although it is not stated in today’s release, I have been told by senior staff that the Commission has never previously included an explicit safe harbor in a Commission rule requiring that regulated entities maintain policies and procedures designed to achieve a particular objective.
In my view, an unprecedented safe harbor in a rule that does not require clear, identifiable, and meaningful standards, and that does not require policies and procedures to be reviewed by an independent third party and certified by senior officers, will result in a rule proposal that falls short of its goal — which is to ensure that our capital markets develop and maintain appropriate systems.
The rule proposal asks a number of important questions that were incorporated at my request to solicit comments from the public. These questions were designed to generate information and assist the Commission in thinking through issues associated with the rule proposal. This is an important part of the Commission’s rulemaking process, which is based on a “notice and comment” procedure. I hope that the comments generated will help make this a better rule.
Despite my concerns, I am willing to support today’s rule proposal because Regulation SCI would apply to more entities than the Commission’s current ARP Inspection Program, and the proposed rule would place obligations on entities not currently included in the Commission’s ARP policy statements. The havoc caused by recent events highlight the need to have an updated and formalized regulatory framework for ensuring that the U.S. securities trading markets maintain systems with sufficient integrity, resiliency, and security. Although, I have concerns, I am hopeful they will be addressed at the adoption stage. By then, we should have a full five-member Commission.
Today’s rulemaking is a positive step in addressing the systems challenges posed by large, automated, complex, and fragmented trading centers. As the country’s capital markets regulator, the SEC must be at the forefront of proactively addressing changes in our capital market structure. The SEC should not merely respond to events that have occurred. Regulation SCI is one such proactive effort.
In closing, I want to thank the staff for its efforts. I look forward to the comments we will receive on this proposal.
Thank you.
1 See, Large Trader Reporting Rule, Securities and Exchange Commission Release No. 34-64976 (July 27, 2011); see, Consolidated Audit Trail Securities Exchange Commission Release No. 34-67457 (October 1, 2012); see, Concept Release on Equity Market Structure, Securities Exchange Commission Release No. 34-61358 (January 14, 2010), and Report of the Staffs of the CFTC and SEC to Joint Advisory Committee on Emerging Regulatory Issues (May 18, 2010).
2 See, “Findings Regarding the Market Events of May 6, 2010, Report of the Staffs of the CFTC and SEC to Joint Advisory Committee on Emerging Regulatory Issues.” On May 6, 2010, the prices of many U.S.-based equity products experienced an extraordinarily rapid decline and recovery. That afternoon, major equity indices in both the futures and securities markets, each already down over 4% from their prior-day close, suddenly plummeted a further 5-6% in a matter of minutes before rebounding almost as quickly. Many of the almost 8,000 individual equity securities and exchange traded funds (“ETFs”) traded that day suffered similar price declines and reversals within a short period of time, falling 5%, 10%, or even 15% before recovering most, if not all, of their losses. However, some equities experienced even more severe price moves, both up and down. Over 20,000 trades across more than 300 securities were executed at prices more than 60% away from their values just moments before. Moreover, many of these trades were executed at prices of a penny or less, or as high as $100,000, before prices of those securities returned to their “pre-crash” levels.
3 Id. By the end of the day, major futures and equities indices “recovered” to close at losses of about 3% from the prior day.
4 See, In the Matter of EDGX Exchange, Inc., EDGA Exchange, Inc., and Direct Edge ECN, LLC, Admin. Proc. File No. 3-14586, Exchange Act Release No. 65556 (October 13, 2011), available at http://www.sec.gov/litigation/admin/2011/34-65556.pdf (“Direct Edge Order”) (last visited March 6, 2013); see also, Commission News Release, 2011-208, “SEC Sanctions Direct Edge Electronic Exchanges and Orders Remedial Measures to Strengthen Systems and Controls” (October 13, 2011). EDGX, EDGA, and their affiliated routing broker, Direct Edge ECN LLC (dba DE Route), consented to an Order Instituting Administrative and Cease-and-Desist Proceedings Pursuant to Sections 19(h) and 21C of the Securities Exchange Act of 1934, Making Findings, and Imposing Remedial Sanctions and a Cease-and-Desist Order. Among other things, the Direct Edge Order states:
“National securities exchanges are obligated to ensure that their order quoting, routing, and execution systems, compliance infrastructures, and communications platforms are developed, maintained, and governed to avoid material failures, outages, and other significant contingencies that could pose material risk to the National Market System and to the public interest. While some system outages inevitably will occur and not every outage is a violation of the federal securities laws, such outages, particularly when combined with significant other deficiencies in an exchange’s systems, processes, and controls, can present risks that, left unremediated, could cause harm to investors and other market participants. A national securities exchange must invest appropriate resources necessary to ensure the strength and integrity of its systems, processes, and controls, to comply with its own Commission-approved rules, to provide for adequate backup and failover systems, to prevent or react appropriately to significant system outages and failures, and, ultimately, to ensure an adequate governance and oversight structure necessary for quality assurance, continuous improvement, and process measurement, monitoring, and control.”
Direct Edge Order at pp. 2-3.
5 Id.
6 Id.
7 “Knight Capital Group Provides Update Regarding August 1st Disruption to Routing In NYSE-listed Securities” (August 2, 2012), available at http://www.sec.gov/cgi-bin/goodbye.cgi?www.knight.com/investorRelations/pressReleases.asp?compid=105070&releaseID=1721599 (last visited March 6, 2013).
8 Id.
9 Securities and Exchange Commission Release No. 34-67507, File No. SR-NASDAQ-2012-090 (July 26, 2012).
A number of entities have stated that NASDAQ’s offer of settlement was insufficient. See, Comment Letters available at, http://www.sec.gov/comments/sr-nasdaq-2012-090/nasdaq2012090-5.pdf (last visited March 6, 2013) and http://www.sec.gov/comments/sr-nasdaq-2012-090/nasdaq2012090-7.pdf (last visited March 6, 2013).
11 This event cost customers $420,360. See also, BATS Jan. 9 Notification of System Issue” available at http://www.sec.gov/cgi-bin/goodbye.cgi?batstrading.com/alerts/ (last visited March 6, 2013).
12 Securities Exchange Act Release No. 27445, 54 FR 48703, (November 16, 1989).
13 Senate Committee On Banking, Housing and Urban Affairs, No. 107-205 accompanying S. 2673.