Regulation SCI Rules

LawCast with Laura Anthony, Esq.

Content provided by Attorney Laura Anthony. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Attorney Laura Anthony or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

6+ y ago 6:52

MP4•Episode home

Archived series ("Inactive feed" status)

When? This feed was archived on May 19, 2020 04:08 (4+ y ago). Last successful fetch was on April 17, 2020 21:18 (4+ y ago)

Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.

What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.

Regulation SCI Rules- The SEC adopted Regulation Systems Compliance and Integrity (Regulation SCI) on November 3, 2015 to improve regulatory standards and processes related to technology in the securities business including by financial services firms. In the last LawCast in this series I was reviewing the specific Regulation SCI rules. I will continue with that review in this LawCast.

Rule 1001 requires that SCI entities establish written policies and procedures designed to ensure that the entity complies with the Securities Exchange Act and the rules and regulations thereunder as well as the entity’s own governing documents. The Rule provides a non-exhaustive list of minimum elements that must be included in such compliance policies and procedures. These elements include: “(i) testing of all SCI systems and any changes to SCI systems prior to implementation; (ii) a system of internal controls over changes to SCI systems; (iii) a plan for assessments of the functionality of SCI systems designed to detect systems compliance issues, including by responsible SCI personnel and by personnel familiar with applicable provisions of the Act and the rules and regulations thereunder and the SCI entity’s rules and governing documents; and (iv) a plan of coordination and communication between regulatory and other personnel of the SCI entity, including by responsible SCI personnel, regarding SCI systems design, changes, testing, and controls designed to detect and prevent systems compliance issues.”

Rule 1002 contains the obligations with respect to SCI events, including corrective action, SEC notification and information dissemination. Under the Rule an SCI-delineated person must take the required action upon reasonably confirming that an SCI event has occurred. As such, the SEC requires an SCI entity to have written policies and procedures that “include the criteria for identifying responsible SCI personnel, the designation and documentation of responsible SCI personnel, and escalation procedures to quickly inform responsible SCI personnel of potential SCI events.” Such “responsible SCI personnel” means “for a particular SCI system or indirect SCI system impacted by an SCI event, such senior manager(s) of the SCI entity having responsibility for such system, and their designee(s).”

The Rule contains in-depth and detailed discussion of corrective actions, notification requirements and information dissemination requirements. In essence, the SEC must be immediately notified of all SCI events other than de minimis events, although even de minimis events contain recordkeeping requirements and must be included In SCI reports. Until the SCI event is resolved, the SCI entity must keep the SEC regularly updated as to the progress of the investigation and resolution of the event, and must file a report with the SEC once the event is resolved. Subject to certain exceptions, the SCI entity must disseminate information to its members and participants regarding all SCI events.

Rule 1003 contains requirements related to material system changes, and SCI reviews. In particular, Rule 1003 requires quarterly reports to the SEC describing completed, ongoing, and planned material systems changes to its SCI systems and security of indirect SCI systems. Rule 1003 also requires a minimum of an annual review of an SCI entity’s compliance with Regulation SCI.

Rule 1004 contains requirements related to business continuity and disaster recovery plan testing. As with notification requirements, an SCI entity must designate certain personnel to complete business continuity and disaster recovery plan testing. In particular, the SCI entity must designate those members or participants “that the SCI entity reasonably determines are, taken as a whole, the minimum necessary for the maintenance of fair and orderly markets in the event of the activation of such plans.” Such testing must be completed at least once every 12 months.

The recordkeeping and electronic filing requirements of Regulation SCI are laid out in Rules 1005 through 1007.

248 episodes

#Business News #Corporate Finance #Attorney Laura Anthony #News #Video