Regulation SCI (Regulation Systems Compliance and Integrity)

Regulation Systems Compliance and Integrity (Regulation SCI) is a set of rules created by the United States Securities and Exchange Commission to monitor the security and capabilities of U.S. securities markets' technological infrastructure.

The SEC designed Regulation SCI in response to securities markets being increasingly dependent on technology and automated systems. Regulation SCI strives to reduce the number of market disturbances stemming from this reliance on technology, as well as speed up recovery when disturbances do occur. These disturbances, known as "SCI events" under the regulation, include systems disruptions, compliance issues and security intrusions.

Regulation SCI is mandatory for what the SEC refers to as "SCI entities." SCI entities include self-regulatory organizations, plan processors, clearing agencies and some alternative trading systems (ATSes).

Under the rule, SCI entities must design, implement, test and maintain IT policies and procedures for their systems' capacity, integrity, resiliency, availability and security. If an SCI event occurs, the SCI entity must immediately take corrective action as well as notify the SEC of the occurrence. SCI entities must also notify the SEC when they plan to make any changes to their IT systems.

To help ensure compliance, SCI entities must conduct annual reviews of their Regulation SCI processes and submit the report to the SEC. Regulation SCI also requires SCI entities to maintain IT compliance records to prove adherence to the rules.

Regulation SCI was passed February 2015. The regulation officially went into effect in early November 2015.

One pixel Regulation SCI: An Overview

Editor's Note: In October 2015, the SEC updated their Regulation SCI FAQ page, addressing two points. First, it addresses whether ATSes can have market regulation surveillance systems. Under Reg SCI's definition of SCI systems, ATSes that meet the volume threshold of the regulation are considered SCI entities. However, in the context of Reg SCI, the SEC said that market regulation systems refer only to those used to carry out self-regulatory responsibilities, which ATSes do not have. Thus, the SEC believes that it is unlikely an ATS would have systems that qualify as market regulation systems.

Secondly, the FAQ was updated to clarify which SCI systems that relate to the communication of "trading halts" are considered "critical SCI system." Firstly, the SEC defines trading halts as market-wide halts (e.g., regulatory halts), instead of trading halts on an individual market. Given this definition, critical SCI systems is defined by Regulation SCI as any SCI system that is operated by or on behalf of an SCI entity that directly supports functionality related to trading halts, and one that disseminates communications related to market-wide trading halts across markets.

This was last updated in July 2015

Continue Reading About Regulation SCI (Regulation Systems Compliance and Integrity)

Dig Deeper on Risk management and governance

Cloud Computing
Mobile Computing
Data Center
Sustainability and ESG