Reg SCI Does Not Go Far Enough

 

After a long wait, the SEC adopted a new rule yesterday known as Reg SCI.  Reg SCI which stands for Regulation Systems Compliance and Integrity states:

“Under Regulation SCI, self-regulatory organizations, certain alternative trading systems (ATSs), plan processors, and certain exempt clearing agencies will be required to have comprehensive policies and procedures in place for their technological systems.  The rules also provide a framework for these entities to, among other things, take appropriate corrective action when systems issues occur; provide notifications and reports to the SEC regarding systems problems and systems changes; inform members and participants about systems issues; conduct business continuity testing; and conduct annual reviews of their automated systems.”

Considering how reliant our market is now on technology, we think that most folks would agree that the testing and maintenance checks which Reg SCI calls for are a good idea for our nations stock exchanges.  But does this new rule go far enough?  Should large broker dealers have also been covered under the new rule?  SEC Commissioner Kara Stein sure thinks they should have been.  In a public statement released yesterday, Commissioner Stein noted the many organizations that Reg SCI will not cover:

“Regulation SCI will, among other things, require approximately 44 entities to establish written policies and procedures reasonably designed to ensure that their systems have the capacity, integrity, resiliency, availability, and security adequate to maintain their operational capability.

But this is not enough. Specifically, today’s rule leaves out over 4,400 broker-dealers, 32 alternative trading venues trading equities, and 43 alternative trading venues trading fixed income and other non-equity securities.

Put another way, around $14 trillion worth of equity trades are ignored by Regulation SCI. We should be doing more in this rule. I am disappointed in this missed opportunity because so many important trading centers are left out.

Further, the rule also ignores intraday proprietary trading firms that use sophisticated algorithms to interact at high speeds with the market.”

​It disappoints us also that large internalizing broker dealers, which interact with a significant amount of retail order flow, are not covered under Reg SCI.  This means that firms like Knight Capital, which wreaked  havoc on the market in August 2012 when their rogue algorithm lost the firm $440 million in 45 minutes, are not covered under the new rule.  In response, internalizers like Knight have argued that they are already regulated under the SEC Market Access Rule and that their role in the market is not as critical as exchanges since orders can be routed around them if their systems fail.

And it’s not just large brokers that pose a systemic risk.  Even rather obscure proprietary high frequency trading firms (which will not be covered under Reg SCI) can pose systemic risk.  Take a look at this story that Professor Donald Mackenzie told in his paper “Be Grateful For Drizzle”:

“In a New York coffeehouse, a former high-frequency trader told me matter of factly that one of his colleagues had once made the simplest of slip-ups in a program: what mathematicians call a ‘sign error’, interchanging a plus and a minus. When the program started to run it behaved rather like the Knight program, building bigger and bigger trading positions, in this case at an exponential rate: doubling them, then redoubling them, and so on. ‘It took him 52 seconds to realise what was happening, something was terribly wrong, and he pressed the red button,’ stopping the program. ‘By then we had lost $3 million.’ The trader’s manager calculated ‘that in another twenty seconds at the rate of the geometric progression,’ the trading firm would have been bankrupt, ‘and in another fifty or so seconds, our clearing broker’ – a major Wall Street investment bank – ‘would have been bankrupt, because of course if we’re bankrupt our clearing broker is responsible for our debts … it wouldn’t have been too many seconds after that the whole market would have gone.’‘”

Sure sounds like a lot of risk to us.  We think Commissioner Stein best summed up the lack of Reg SCI coverage with these questions:

Shouldn’t everyone with direct access to the trading centers have to implement basic policies and procedures to ensure that their computer systems are stable, secure, and contribute to resiliency in our market? Just as we license drivers and register and inspect vehicles for the safety and soundness on our nation’s roadways, shouldn’t there be minimum requirements or standards for anyone with direct electronic access to the equity markets?

This seems logical and prudent to us but unfortunately the industry lobbyists didn’t think so and have won this battle to minimize the new rule.