After several high-profile market disturbances, from the 2010 “flash crash” to the Knight Capital algorithmic meltdown in 2012, the SEC considered a new set of rules to tighten up system compliance and integrity. The rules, known collectively as “Reg SCI” became effective in February 2015. John Rapa, president and CEO of Tellefsen & Company and a 30-year veteran consultant to exchange market structure, walks us through the new rules and what they mean for exchanges, dark pools and market participants.
“It’s making mandatory what’s been voluntary up to now,” says Rapa. “Identification of mission-critical systems, testing processes, procedures, and testing results. If there is a disruption or a problem, there is a formal process and form you have to submit to the SEC.”
Rapa goes on to explain the new requirements for exchange and dark pool executives, including chief compliance officers and chief technology officers.
Another change mandated by Reg SCI is a requirement that exchanges file quarterly reports detailing “any significant changes to their environments.” This would include software updates, new products and product updates, to name a few.
Rapa points out that some things are still unclear. Will the rules stifle innovation? Will the SEC use the quarterly reports as an excuse to “peek under the covers,” so to speak? Are phone systems meant to be part of Reg SCI?
He is quick to point out that the rule is not, nor is it meant to be, one-size-fits-all. “If you take a dark pool, their infrastructure, processes and procedures are not the same as the New York Stock Exchange or NASDAQ,” he says.
While the new rules mean a new world for platforms, Rapa says “it is not a golden bullet.”
“There is no guarantee that there will be no systems disruptions or problems. Exchanges, clearing houses and ATSs are still going to have to exercise care in managing their environments, and testing and upgrading them, just as they have before.”