Purpose
– To explain the requirements of Regulation Systems Compliance and Integrity (“Regulation SCI”) and the new responsibilities of organizations defined as “SCI entities.”
Design/methodology/approach
– Explains the purpose of Regulation SCI, the responsibilities of SCI entities, systems covered by the rules (“SCI systems”), and specific obligations of SCI entities, including the establishment and periodic review of policies and procedures, compliance with the Exchange Act, designation of “responsible SCI personnel,” appropriate corrective action in response to “SCI events,” notification of systems changes, annual “SCI reviews,” business continuity and disaster recovery testing, and recordkeeping and filing. Discusses future implications for SCI Entities and other market participants.
Findings
– Regulation SCI launches a broad and extensive overlay of rules and guidance to address systems capacity and integrity issues that have increasingly affected the securities markets. The adoption of this regulation suggests that there will continue to be increased scrutiny by the SEC, FINRA and other regulators of the automated systems and related policies and procedures of all market participants.
Practical implications
– SCI entities will need to devote considerable attention and resources not just to prevent incidents where possible, but also to establish systems for ensuring thorough compliance and well-documented and reasonable follow-up actions where necessary. All market professionals – including broker-dealers, investment advisers, pension funds and investment companies – should study the new regulation and consider adopting appropriate policies and procedures to address operating as well as cyber security issues with respect to their own critical operating technology.
Originality/value
– Practical guidance from experienced financial services lawyers.
A Language and Repository for Cyber Security of Smart Grids
