SlideShare a Scribd company logo

SEC Regulation SCI: Automation Review Compliance

Download as PPTX, PDF
John Rapa
John Rapa

Recently, the SEC adopted new rules to require certain key market participants to have comprehensive policies and procedures in place surrounding their technology (Regulation SCI). Exchanges, SROs, selected alternative trading systems (ATS), plan processors, and exempt clearing agencies are required to design, develop, test, maintain, and oversee their mission-critical systems. The rules require them to ensure that their core technology meets certain standards, conduct regular business continuity testing, and provide certain notifications in the event of systems disruptions, intrusions and other events. Meeting the demanding new requirements imposed upon firms by SEC Regulation SCI is a key issue for many market participants, especially in the areas of independent systems testing and certification. Tellefsen and Company, L.L.C. (Tellefsen) and Exactpro Systems, LLC (Exactpro) have today announced a marketing partnership in which both firms will collaborate to provide key industry constituents with market structure consulting, financial technology infrastructure testing and software quality assurance testing services.

Economy & Finance
1 of 22
SEC Regulation SCI Automation Review Compliance January 2015 Proprietary
SEC Regulation SCI - Systems Compliance and Integrity  On November 19, 2014 the SEC adopted new rules to require certain key market participants to have comprehensive policies and procedures in place surrounding their technology (Reg SCI).  Regulation SCI under the Securities Act of 1934 (“Systems Compliance and Integrity”) replaces the current voluntary ARP compliance program with rules whose violation of which may be the subject to enforcement actions.  SROs, selected alternative trading systems (ATS), plan processors, and exempt clearing agencies are required to design, develop, test, maintain, and oversee their mission-critical systems.  The rules require them to ensure that their core technology meets certain standards, conduct regular business continuity testing, and provide certain notifications in the event of systems disruptions, intrusions and other events. Tellefsen and Company, L.L.C. 2013-2015
Tellefsen and Company, L.L.C. 2013-2015  High-profile technical glitches in the securities markets including those that arose during the 2010 Flash Crash, the initial public offerings of Facebook and BATS Global Markets as well as the Knight Capital trading incident have illustrated that investors can be at risk when technology fails, and confidence in the markets can falter.  The market closures following Hurricane Sandy in 2012 also highlighted the importance of having a robust market technology infrastructure.  These events, subsequent discussions and commentary from a cross section of market participants have helped shape the development of the new rulemaking. Reg SCI (Cont’d) …
Tellefsen and Company, L.L.C. 2013-2015  The new regulations will present challenges to the Chief Technology Officer and especially the Chief Compliance Officer, who is responsible for the creation and enforcement of reasonable supervisory procedures related to the implementation and maintenance of applicable HW/SW/NW technologies and infrastructure.  While these responsibilities are far from a routine compliance skill set, Reg. SCI is a continuation of a trend by the SEC of placing increased responsibility on compliance with respect to policies and procedures for implementing and maintaining various types of technology.  For the past two decades, SROs have followed a voluntary set of principles articulated in the SEC’s Automation Review Policy and participated in what is known as the ARP Inspection Program.  Reg SCI now supersedes this (see final rulemaking in the Federal Register: https://www.federalregister.gov/articles/2014/12/05/2014-27767/regulation-systems-compliance- and-integrity) Reg SCI (Cont’d) …
Tellefsen and Company, L.L.C. 2013-2015 The rulemaking was largely adopted as proposed, with the following revisions and exceptions:  The proposed 30 day advance reporting requirement was changed to quarterly.  The Direct Access requirement which would have required SCI Entities to provide SEC staff with remote or on-site access to SCI Systems was not adopted.  Safe Harbor protection from liability is limited to those individuals who reasonably discharge their responsibilities under Reg SCI.  Senior management involved in the annual Reg SCI review will be required to certify that they have implemented policies and procedures reasonably designed to ensure compliance with the rulemaking. Reg SCI – Final Rulemaking
Tellefsen and Company, L.L.C. 2013-2015  Core technology of national securities exchanges, self-regulatory organizations, significant alternative trading systems, clearing agencies, and plan processors meets certain standards.  That these entities conduct regular business continuity testing with their members or participants.  That they provide certain notifications regarding systems disruptions, intrusions and other types of systems issues.  The probability of technology problems is reduced, and key entities are well-positioned to take appropriate, corrective action when problems occur. Reg SCI Is Designed to Ensure:
Tellefsen and Company, L.L.C. 2013-2015  The proposed rule would apply to “SCI Entities” such as: – Self-regulatory organizations (the registered national securities exchanges, registered clearing agencies, FINRA, and MSRB). – Alternative Trading Systems that exceed specified volume thresholds (SCI ATS). – Disseminators of market data under certain National Market Systems plans (“plan processors”). – Certain clearing agencies exempt from SEC registration.  It would apply primarily to the systems of SCI Entities that are core to the functioning of the securities markets, such as those that directly support trading, clearance and settlement, order routing, market data, regulation, or surveillance.  The SEC anticipates that 14 ATSs will be required to be compliant.  It is unknown whether other business systems such as a shared drive system or phone system are within the scope. Reg SCI – Applicability
Tellefsen and Company, L.L.C. 2013-2015  Establish policies and supervisory procedures relating to the capacity, integrity, resiliency and security of its technology systems.  Ensure its systems operate in the manner intended, including in compliance with relevant federal securities laws and rules.  Take timely corrective action in response to systems disruptions, systems compliance issues and systems intrusions.  Notify and provide the SEC with detailed information when such systems issues occur, systems intrusions, and when there are material changes in its systems. Written notices of “SCI Events” will be reported to members and market participants and filed electronically to the SEC on Form SCI.  Inform its members or participants about certain systems problems and provide information about the systems and market participants affected by the problem and the progress of corrective action. SCI Entities - Requirements:
Tellefsen and Company, L.L.C. 2013-2015  Provide quarterly notice to the SEC of any material system changes, including completed, ongoing and planned material changes to SCI systems and the security of indirect SCI systems, during the prior, current and subsequent calendar quarters.  Conduct an annual review of its compliance with Regulation SCI, and submit a report of the annual review to its senior management and the SEC.  Plan and engage in annual business continuity and disaster recovery testing.  Designate certain individuals or firms to participate in the testing of its business continuity and disaster recovery plans, and coordinate such testing with other entities on an industry- or sector-wide basis.  Demonstrate systems testing, test results and related capabilities to SEC staff on-site during inspections. SCI Entities Requirements (Cont’d)…
Tellefsen and Company, L.L.C. 2013-2015  The SEC has granted Safe Harbor protection from liability to individuals within SCI Entities who reasonably discharge their Reg SCI compliance responsibilities under their policies, procedures and controls.  Reg SCI is effective 60 days after publication in the Federal Register, and SCI Entities must comply with the requirements within 9 months of the effective date.  ATSs that satisfy volume threshold levels for the first time will be granted an additional 6 months from that time to comply.  SCI Entities will have 21 months from the effective date to comply with the industry or sector wide BC/DR testing requirement. SCI Entities Requirements (Cont’d)…
Tellefsen and Company, L.L.C. 2013- 2015  Reg SCI entities need to ensure their written policies and procedures are up to date.  Problem tracking systems must actively capture problems, problem identification, cause/effect and resolution.  Regular reporting to the SEC is required: – Ad-hoc incident reporting – Quarterly reports of planned and material system changes – Annual Reg SCI Review Policies, Procedures and Reporting
Tellefsen and Company, L.L.C. 2013- 2015  Reg SCI entities need a comprehensive testing regimen in order to be compliant.  Functional and non-functional testing of applicable Reg SCI ecosystems.  Comprehensive test regimens for quality assurance, regression, capacity, stress, failover/recovery, user acceptance etc.  Development and maintenance of a test repository and active analysis of production data.  Need for industry insight and domain market structure expertise in the design, planning and execution of industry test initiatives.  Independent test execution, oversight and reporting.  Assistance with preparation of annual Reg SCI compliance report to SEC. Reg SCI Testing and Oversight
Tellefsen and Company, L.L.C. 2013-2015  Tellefsen and Company (TCL) has a market structure practice and core competency and depth of experience in assisting exchanges, clearing houses and ATS in complying with regulatory guidelines.  We have conducted numerous technology reviews for clients in the last several years, including investment management firms, ATS, clearing houses and exchanges.  We have also counseled and guided our clients through the preparation for regulatory designation reviews and inspections by the CFTC, FINRA and the SEC.  Our mission-critical systems expertise includes trading systems, market data dissemination, clearing, risk management and market surveillance components. Tellefsen and Company – Automation Review Expertise
Tellefsen and Company, L.L.C. 2013- 2015  Experience with prior client assignments has included the development of testing, compliance documentation and procedures for trading and operations management, including:  Business impact analysis  Business continuity management  Capacity planning  Systems development methodology  Acceptance testing  Configuration and release management  Network management  Problem management/problem tracking  Information and physical security  Failover, stress and capacity testing Market Structure, Compliance and Automation Review Expertise
Tellefsen and Company, L.L.C. 2013 -2015  Our firm brings unique market insight and market micro structure experience to client assignments  Development and audit of business continuity plans, systems failover and fall back testing strategies and plans are a core competency of our firm, as is systems quality assurance and acceptance testing  We have provided independent test oversight and test results attestation for various exchanges, clearing houses and numerous market participants. Market Structure Expertise (Cont’d) …
Tellefsen and Company, L.L.C. 2013- 2015  TCL has introduced a marketing partnership with Exactpro Systems, a specialist FinTech firm focused on testing of mission-critical trading systems and market infrastructure .  Started in 2009, Exactpro has experienced phenomenal growth as satisfied clients consume more services - now employing over 280 specialists.  Headquartered in San Rafael, California, with four quality assurance and development centers in Russia and sales support in the UK.  Clients include global exchanges, clearing houses, inter-dealer brokers, investment banks, ATS, futures commission merchants, order management/execution management system providers.  www.exactpro.com Marketing Partnership with Exactpro Systems
Tellefsen and Company, L.L.C. 2013- 2015 ▀ Major equities and commodities futures exchanges ▀ Commodities futures clearing corporation ▀ ATSs with low latency trading platforms ▀ Swap Execution Facilities (SEFs) ▀ Global derivatives and futures commission merchant ▀ Investment bank specializing in emerging markets ▀ Equity broker-dealer offering program and single name execution ▀ Order management/execution management system provider to buy- side and sell-side constituents Exactpro Systems – Prior Client Experience
Reg SCI Testing Expertise Quality Assurance: Test Planning and Management Latency and Capacity Testing Intelligent Management of Large Data Sets Process Audit and Test Coverage Analysis Automated Regression Testing Requirements Definition and Test Scenario Creation (human, message & reporting interfaces) Intelligent Functional and Exploratory Testing Develop/Productize state-of-the-art Test Harnesses Test Automation Test Data Management Protocol Level Testing via: FIX/FAST, SOAP, HTTP, ITCH, SWIFT, MQ, SQL, Proprietary Binary and Text-based Data Formats, etc.
Focused on the Lifecycle of Trading Financial Products Platforms Pre and Post Trade; Commodities, Futures, Derivatives, Equities, Fixed Income, FX Deal Capture & Position Keeping Risk Management Middle Office Clearing and Settlement Messaging Reference Data Order and Execution Management Market Venue Connectivity Smart Order Routing Algorithmic Trading Matching Engines Market Data Distribution
Exactpro’s Test Automation Suite ClearTH: • Post-Trade testing tool • Verifies each stage of the DLC • Integrated schedule • Automated matrices • Can create multiple days test scenarios • Concurrent multiple tests • Integrated simulators • SWIFT ISO protocol support MiniRobots: • Executes multithreaded java code • Complexity of test algorithms is defined by the test developer • Supports multiple client fix connections, order entry and market data via FIX • Can use GUI to iterate through sent and received messages Dolphin: • Model-based testing of market surveillance systems • Production-scale capacity and throughput • Interactive real-time alerts and reports Shsha: • Post-transactional tool • Analyzes clients' activity and forecasts system response • Parses and displays logs in a user-friendly way • Parses messages and then puts each to a data base table where each column corresponds to each message field • Allows making summarized reports, etc • Easy to understand GUI Load Injector: • Simulates multiple client connections with a specified load shape for each connection or a group of connections • Up to 75K messages / second from a single CPU core • Measures latencies in microsecond range • Performance test reports Sailfish: • Can test Order Entry, Market Data and Post Trade connections in one test scenario • Each test scenario is independent • Allows running test scripts in any sequence • Simulation of multiple user connections • Server simulators • All messages are stored into a data base • Generates test reports
Applicability to Reg SCI An experienced team, armed with the proper tools that can hit the ground running to review, test and provide evidence in a cost effective fashion! A range of well organized testing services that cover several of the aspects essential for Reg SCI compliance - 1. Conventional Non Functional Testing: • Load test to establish the reasonable current and future capacity planning estimates • Capacity stress tests of systems to determine their ability to process transactions in an accurate, timely, and efficient manner • Failover & recovery tests to verify backup, contingency and disaster recovery capabilities, including geographically diverse locations 2. Conventional Functional Testing: • Efficient testing to exercise all key functionality and data set-up • Positive and negative tests to identify vulnerabilities pertaining to internal and external threats, physical hazards, and natural or manmade disasters • All test evidence per run stored within an easy to access and report test repository • Automated Regression testing of subsequent releases and reporting of all relevant changes within the system 3. Testing at the Confluence of Functional and Non Functional Testing: • High frequency and algorithmic trading activity simulations • Testing to assure systems capacity, integrity, resiliency, availability and security under realistic participants load • Modeling of all data inputs and outputs from system to evaluate the behavior within normal operational and outage scenarios 4. Production Data Analysis: • Capture and Analyze data from production to understand real usage • Monitor and investigate production events • Feedback to refine test coverage for subsequent versions • Bringing QA perspective into operational support
For More Information, Contact Tellefsen and Company, L.LC. John Rapa 1-212 809 3800 JJR@Tellefsen.com 22

Recommended

SEC Regulation SCI, ARP Reviews and Audits
SEC Regulation SCI, ARP Reviews and AuditsSEC Regulation SCI, ARP Reviews and Audits
SEC Regulation SCI, ARP Reviews and Audits
John Rapa
 
Lawrbit Global Regulatory Intelligence
Lawrbit Global Regulatory IntelligenceLawrbit Global Regulatory Intelligence
Lawrbit Global Regulatory Intelligence
Lawrbit Lextech India Private Limited
 
LexComply - Compliance Software India
LexComply - Compliance Software IndiaLexComply - Compliance Software India
LexComply - Compliance Software India
LexComply
 
Citifyd_special_offer_v4
Citifyd_special_offer_v4Citifyd_special_offer_v4
Citifyd_special_offer_v4
Laura Rozentals
 
Securities Trade Life Cycle
Securities Trade Life CycleSecurities Trade Life Cycle
Securities Trade Life Cycle
Khader Shaik
 
SEC Regulation SCI Automation Review Compliance
SEC Regulation SCI Automation Review ComplianceSEC Regulation SCI Automation Review Compliance
SEC Regulation SCI Automation Review Compliance
Iosif Itkin
 
SEC Regulation SCI and Automation Review Policy Compliance
SEC Regulation SCI and Automation Review Policy ComplianceSEC Regulation SCI and Automation Review Policy Compliance
SEC Regulation SCI and Automation Review Policy Compliance
John Rapa
 
CH&Co - Supporting the development and adoption of RegTech
CH&Co - Supporting the development and adoption of RegTechCH&Co - Supporting the development and adoption of RegTech
CH&Co - Supporting the development and adoption of RegTech
Nicolas Heguy
 

Recommended

SEC Regulation SCI, ARP Reviews and Audits
SEC Regulation SCI, ARP Reviews and AuditsSEC Regulation SCI, ARP Reviews and Audits
SEC Regulation SCI, ARP Reviews and Audits
John Rapa
 
Lawrbit Global Regulatory Intelligence
Lawrbit Global Regulatory IntelligenceLawrbit Global Regulatory Intelligence
Lawrbit Global Regulatory Intelligence
Lawrbit Lextech India Private Limited
 
LexComply - Compliance Software India
LexComply - Compliance Software IndiaLexComply - Compliance Software India
LexComply - Compliance Software India
LexComply
 
Citifyd_special_offer_v4
Citifyd_special_offer_v4Citifyd_special_offer_v4
Citifyd_special_offer_v4
Laura Rozentals
 
Securities Trade Life Cycle
Securities Trade Life CycleSecurities Trade Life Cycle
Securities Trade Life Cycle
Khader Shaik
 
SEC Regulation SCI Automation Review Compliance
SEC Regulation SCI Automation Review ComplianceSEC Regulation SCI Automation Review Compliance
SEC Regulation SCI Automation Review Compliance
Iosif Itkin
 
SEC Regulation SCI and Automation Review Policy Compliance
SEC Regulation SCI and Automation Review Policy ComplianceSEC Regulation SCI and Automation Review Policy Compliance
SEC Regulation SCI and Automation Review Policy Compliance
John Rapa
 
CH&Co - Supporting the development and adoption of RegTech
CH&Co - Supporting the development and adoption of RegTechCH&Co - Supporting the development and adoption of RegTech
CH&Co - Supporting the development and adoption of RegTech
Nicolas Heguy
 
Six Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC ComplianceSix Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC Compliance
Lumension
 
Enterprise Governance Risk and Compliance (GRC) Management Solution in India
Enterprise Governance Risk and Compliance (GRC) Management Solution in IndiaEnterprise Governance Risk and Compliance (GRC) Management Solution in India
Enterprise Governance Risk and Compliance (GRC) Management Solution in India
LexComply
 
Towards Automating Security Compliance Value Chain_FSE15_2June_submitted_final
Towards Automating Security Compliance Value Chain_FSE15_2June_submitted_finalTowards Automating Security Compliance Value Chain_FSE15_2June_submitted_final
Towards Automating Security Compliance Value Chain_FSE15_2June_submitted_final
Smita S. Ghaisas
 
eDelta Trading Platform Marketing-2015
eDelta Trading Platform Marketing-2015eDelta Trading Platform Marketing-2015
eDelta Trading Platform Marketing-2015
Frank Castelluccio
 
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
Accounting_Whitepapers
 
James Okarimia - Aligning Finance, Risk and Data Analytics in Meeting the Req...
James Okarimia - Aligning Finance, Risk and Data Analytics in Meeting the Req...James Okarimia - Aligning Finance, Risk and Data Analytics in Meeting the Req...
James Okarimia - Aligning Finance, Risk and Data Analytics in Meeting the Req...
JAMES OKARIMIA
 
James Okarimia Aligning Finance , Risk and Compliance to Meet Regulation
James Okarimia Aligning Finance , Risk and Compliance to Meet RegulationJames Okarimia Aligning Finance , Risk and Compliance to Meet Regulation
James Okarimia Aligning Finance , Risk and Compliance to Meet Regulation
JAMES OKARIMIA
 
James Okarimia Aligning Finance , Risk and Compliance to Meet Regulation
James Okarimia Aligning Finance , Risk and Compliance to Meet RegulationJames Okarimia Aligning Finance , Risk and Compliance to Meet Regulation
James Okarimia Aligning Finance , Risk and Compliance to Meet Regulation
JAMES OKARIMIA
 
James Okarimia - Aligning Finance , Risk and Data Analytics in Meeting the R...
James Okarimia - Aligning Finance , Risk and Data Analytics in Meeting the R...James Okarimia - Aligning Finance , Risk and Data Analytics in Meeting the R...
James Okarimia - Aligning Finance , Risk and Data Analytics in Meeting the R...
JAMES OKARIMIA
 
Aligning finance , risk and compliance
Aligning finance , risk and complianceAligning finance , risk and compliance
Aligning finance , risk and compliance
JAMES OKARIMIA
 
Aligning finance , risk and compliance
Aligning finance , risk and complianceAligning finance , risk and compliance
Aligning finance , risk and compliance
JAMES OKARIMIA
 
Aligning finance , risk and compliance
Aligning finance , risk and complianceAligning finance , risk and compliance
Aligning finance , risk and compliance
JAMES OKARIMIA
 
Aligning finance , risk and compliance
Aligning finance , risk and complianceAligning finance , risk and compliance
Aligning finance , risk and compliance
JAMES OKARIMIA
 
Aligning finance , risk and compliance
Aligning finance , risk and complianceAligning finance , risk and compliance
Aligning finance , risk and compliance
JAMES OKARIMIA
 
Technology Facilitating the Regulatory Reporting
Technology Facilitating the Regulatory ReportingTechnology Facilitating the Regulatory Reporting
Technology Facilitating the Regulatory Reporting
NIIT Technologies
 
NIIT Technologies regulatory reporting
NIIT Technologies regulatory reportingNIIT Technologies regulatory reporting
NIIT Technologies regulatory reporting
NIIT Technologies
 
Lexcomply - Compliance Management System
Lexcomply - Compliance Management SystemLexcomply - Compliance Management System
Lexcomply - Compliance Management System
LexComply
 
Auditing Systems Development
Auditing Systems DevelopmentAuditing Systems Development
Auditing Systems Development
essbaih
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
gueste080564
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
renetta
 
Cybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesCybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial Services
John Rapa
 
Evolution of U.S. Financial Markets 2000-2014
Evolution of U.S. Financial Markets 2000-2014 Evolution of U.S. Financial Markets 2000-2014
Evolution of U.S. Financial Markets 2000-2014
John Rapa
 

More Related Content

Similar to SEC Regulation SCI: Automation Review Compliance

Six Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC ComplianceSix Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC Compliance
Lumension
 
Enterprise Governance Risk and Compliance (GRC) Management Solution in India
Enterprise Governance Risk and Compliance (GRC) Management Solution in IndiaEnterprise Governance Risk and Compliance (GRC) Management Solution in India
Enterprise Governance Risk and Compliance (GRC) Management Solution in India
LexComply
 
Towards Automating Security Compliance Value Chain_FSE15_2June_submitted_final
Towards Automating Security Compliance Value Chain_FSE15_2June_submitted_finalTowards Automating Security Compliance Value Chain_FSE15_2June_submitted_final
Towards Automating Security Compliance Value Chain_FSE15_2June_submitted_final
Smita S. Ghaisas
 
eDelta Trading Platform Marketing-2015
eDelta Trading Platform Marketing-2015eDelta Trading Platform Marketing-2015
eDelta Trading Platform Marketing-2015
Frank Castelluccio
 
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
Accounting_Whitepapers
 
James Okarimia - Aligning Finance, Risk and Data Analytics in Meeting the Req...
James Okarimia - Aligning Finance, Risk and Data Analytics in Meeting the Req...James Okarimia - Aligning Finance, Risk and Data Analytics in Meeting the Req...
James Okarimia - Aligning Finance, Risk and Data Analytics in Meeting the Req...
JAMES OKARIMIA
 
James Okarimia Aligning Finance , Risk and Compliance to Meet Regulation
James Okarimia Aligning Finance , Risk and Compliance to Meet RegulationJames Okarimia Aligning Finance , Risk and Compliance to Meet Regulation
James Okarimia Aligning Finance , Risk and Compliance to Meet Regulation
JAMES OKARIMIA
 
James Okarimia Aligning Finance , Risk and Compliance to Meet Regulation
James Okarimia Aligning Finance , Risk and Compliance to Meet RegulationJames Okarimia Aligning Finance , Risk and Compliance to Meet Regulation
James Okarimia Aligning Finance , Risk and Compliance to Meet Regulation
JAMES OKARIMIA
 
James Okarimia - Aligning Finance , Risk and Data Analytics in Meeting the R...
James Okarimia - Aligning Finance , Risk and Data Analytics in Meeting the R...James Okarimia - Aligning Finance , Risk and Data Analytics in Meeting the R...
James Okarimia - Aligning Finance , Risk and Data Analytics in Meeting the R...
JAMES OKARIMIA
 
Aligning finance , risk and compliance
Aligning finance , risk and complianceAligning finance , risk and compliance
Aligning finance , risk and compliance
JAMES OKARIMIA
 
Aligning finance , risk and compliance
Aligning finance , risk and complianceAligning finance , risk and compliance
Aligning finance , risk and compliance
JAMES OKARIMIA
 
Aligning finance , risk and compliance
Aligning finance , risk and complianceAligning finance , risk and compliance
Aligning finance , risk and compliance
JAMES OKARIMIA
 
Aligning finance , risk and compliance
Aligning finance , risk and complianceAligning finance , risk and compliance
Aligning finance , risk and compliance
JAMES OKARIMIA
 
Aligning finance , risk and compliance
Aligning finance , risk and complianceAligning finance , risk and compliance
Aligning finance , risk and compliance
JAMES OKARIMIA
 
Technology Facilitating the Regulatory Reporting
Technology Facilitating the Regulatory ReportingTechnology Facilitating the Regulatory Reporting
Technology Facilitating the Regulatory Reporting
NIIT Technologies
 
NIIT Technologies regulatory reporting
NIIT Technologies regulatory reportingNIIT Technologies regulatory reporting
NIIT Technologies regulatory reporting
NIIT Technologies
 
Lexcomply - Compliance Management System
Lexcomply - Compliance Management SystemLexcomply - Compliance Management System
Lexcomply - Compliance Management System
LexComply
 
Auditing Systems Development
Auditing Systems DevelopmentAuditing Systems Development
Auditing Systems Development
essbaih
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
gueste080564
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
renetta
 

Similar to SEC Regulation SCI: Automation Review Compliance (20)

Six Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC ComplianceSix Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC Compliance
 
Enterprise Governance Risk and Compliance (GRC) Management Solution in India
Enterprise Governance Risk and Compliance (GRC) Management Solution in IndiaEnterprise Governance Risk and Compliance (GRC) Management Solution in India
Enterprise Governance Risk and Compliance (GRC) Management Solution in India
 
Towards Automating Security Compliance Value Chain_FSE15_2June_submitted_final
Towards Automating Security Compliance Value Chain_FSE15_2June_submitted_finalTowards Automating Security Compliance Value Chain_FSE15_2June_submitted_final
Towards Automating Security Compliance Value Chain_FSE15_2June_submitted_final
 
eDelta Trading Platform Marketing-2015
eDelta Trading Platform Marketing-2015eDelta Trading Platform Marketing-2015
eDelta Trading Platform Marketing-2015
 
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
 
James Okarimia - Aligning Finance, Risk and Data Analytics in Meeting the Req...
James Okarimia - Aligning Finance, Risk and Data Analytics in Meeting the Req...James Okarimia - Aligning Finance, Risk and Data Analytics in Meeting the Req...
James Okarimia - Aligning Finance, Risk and Data Analytics in Meeting the Req...
 
James Okarimia Aligning Finance , Risk and Compliance to Meet Regulation
James Okarimia Aligning Finance , Risk and Compliance to Meet RegulationJames Okarimia Aligning Finance , Risk and Compliance to Meet Regulation
James Okarimia Aligning Finance , Risk and Compliance to Meet Regulation
 
James Okarimia Aligning Finance , Risk and Compliance to Meet Regulation
James Okarimia Aligning Finance , Risk and Compliance to Meet RegulationJames Okarimia Aligning Finance , Risk and Compliance to Meet Regulation
James Okarimia Aligning Finance , Risk and Compliance to Meet Regulation
 
James Okarimia - Aligning Finance , Risk and Data Analytics in Meeting the R...
James Okarimia - Aligning Finance , Risk and Data Analytics in Meeting the R...James Okarimia - Aligning Finance , Risk and Data Analytics in Meeting the R...
James Okarimia - Aligning Finance , Risk and Data Analytics in Meeting the R...
 
Aligning finance , risk and compliance
Aligning finance , risk and complianceAligning finance , risk and compliance
Aligning finance , risk and compliance
 
Aligning finance , risk and compliance
Aligning finance , risk and complianceAligning finance , risk and compliance
Aligning finance , risk and compliance
 
Aligning finance , risk and compliance
Aligning finance , risk and complianceAligning finance , risk and compliance
Aligning finance , risk and compliance
 
Aligning finance , risk and compliance
Aligning finance , risk and complianceAligning finance , risk and compliance
Aligning finance , risk and compliance
 
Aligning finance , risk and compliance
Aligning finance , risk and complianceAligning finance , risk and compliance
Aligning finance , risk and compliance
 
Technology Facilitating the Regulatory Reporting
Technology Facilitating the Regulatory ReportingTechnology Facilitating the Regulatory Reporting
Technology Facilitating the Regulatory Reporting
 
NIIT Technologies regulatory reporting
NIIT Technologies regulatory reportingNIIT Technologies regulatory reporting
NIIT Technologies regulatory reporting
 
Lexcomply - Compliance Management System
Lexcomply - Compliance Management SystemLexcomply - Compliance Management System
Lexcomply - Compliance Management System
 
Auditing Systems Development
Auditing Systems DevelopmentAuditing Systems Development
Auditing Systems Development
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
 

More from John Rapa

Cybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesCybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial Services
John Rapa
 
Evolution of U.S. Financial Markets 2000-2014
Evolution of U.S. Financial Markets 2000-2014 Evolution of U.S. Financial Markets 2000-2014
Evolution of U.S. Financial Markets 2000-2014
John Rapa
 
Volcker rule update 1210
Volcker rule update 1210Volcker rule update 1210
Volcker rule update 1210
John Rapa
 
Swap Execution Facilities: Market Evolution and SEF Profiles
Swap Execution Facilities: Market Evolution and SEF ProfilesSwap Execution Facilities: Market Evolution and SEF Profiles
Swap Execution Facilities: Market Evolution and SEF Profiles
John Rapa
 
Industry impact and lessons learned from hurricane sandy summary report 010913
Industry impact and lessons learned from hurricane sandy summary report 010913Industry impact and lessons learned from hurricane sandy summary report 010913
Industry impact and lessons learned from hurricane sandy summary report 010913
John Rapa
 
Tech Solutions For C 1104
Tech Solutions For C 1104Tech Solutions For C 1104
Tech Solutions For C 1104
John Rapa
 
O Tlearing 13 Cpril 2010 0.1
O Tlearing 13 Cpril 2010 0.1O Tlearing 13 Cpril 2010 0.1
O Tlearing 13 Cpril 2010 0.1
John Rapa
 

More from John Rapa (7)

Cybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesCybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial Services
 
Evolution of U.S. Financial Markets 2000-2014
Evolution of U.S. Financial Markets 2000-2014 Evolution of U.S. Financial Markets 2000-2014
Evolution of U.S. Financial Markets 2000-2014
 
Volcker rule update 1210
Volcker rule update 1210Volcker rule update 1210
Volcker rule update 1210
 
Swap Execution Facilities: Market Evolution and SEF Profiles
Swap Execution Facilities: Market Evolution and SEF ProfilesSwap Execution Facilities: Market Evolution and SEF Profiles
Swap Execution Facilities: Market Evolution and SEF Profiles
 
Industry impact and lessons learned from hurricane sandy summary report 010913
Industry impact and lessons learned from hurricane sandy summary report 010913Industry impact and lessons learned from hurricane sandy summary report 010913
Industry impact and lessons learned from hurricane sandy summary report 010913
 
Tech Solutions For C 1104
Tech Solutions For C 1104Tech Solutions For C 1104
Tech Solutions For C 1104
 
O Tlearing 13 Cpril 2010 0.1
O Tlearing 13 Cpril 2010 0.1O Tlearing 13 Cpril 2010 0.1
O Tlearing 13 Cpril 2010 0.1
 

Recently uploaded

Money20/20 and EU Networking Event of 20/24!
Money20/20 and EU Networking Event of 20/24!Money20/20 and EU Networking Event of 20/24!
Money20/20 and EU Networking Event of 20/24!
FinTech Belgium
 
Tdasx: In-Depth Analysis of Cryptocurrency Giveaway Scams and Security Strate...
Tdasx: In-Depth Analysis of Cryptocurrency Giveaway Scams and Security Strate...Tdasx: In-Depth Analysis of Cryptocurrency Giveaway Scams and Security Strate...
Tdasx: In-Depth Analysis of Cryptocurrency Giveaway Scams and Security Strate...
nimaruinazawa258
 
Who Is the Largest Producer of Soybean in India Now.pdf
Who Is the Largest Producer of Soybean in India Now.pdfWho Is the Largest Producer of Soybean in India Now.pdf
Who Is the Largest Producer of Soybean in India Now.pdf
Price Vision
 
OAT_RI_Ep20 WeighingTheRisks_May24_Trade Wars.pptx
OAT_RI_Ep20 WeighingTheRisks_May24_Trade Wars.pptxOAT_RI_Ep20 WeighingTheRisks_May24_Trade Wars.pptx
OAT_RI_Ep20 WeighingTheRisks_May24_Trade Wars.pptx
hiddenlevers
 
1.2 Business Ideas Business Ideas Busine
1.2 Business Ideas Business Ideas Busine1.2 Business Ideas Business Ideas Busine
1.2 Business Ideas Business Ideas Busine
Lawrence101
 
Detailed power point presentation on compound interest and how it is calculated
Detailed power point presentation on compound interest and how it is calculatedDetailed power point presentation on compound interest and how it is calculated
Detailed power point presentation on compound interest and how it is calculated
KishanChaudhary23
 
Pensions and housing - Pensions PlayPen - 4 June 2024 v3 (1).pdf
Pensions and housing - Pensions PlayPen - 4 June 2024 v3 (1).pdfPensions and housing - Pensions PlayPen - 4 June 2024 v3 (1).pdf
Pensions and housing - Pensions PlayPen - 4 June 2024 v3 (1).pdf
Henry Tapper
 
falcon-invoice-discounting-a-strategic-approach-to-optimize-investments
falcon-invoice-discounting-a-strategic-approach-to-optimize-investmentsfalcon-invoice-discounting-a-strategic-approach-to-optimize-investments
falcon-invoice-discounting-a-strategic-approach-to-optimize-investments
Falcon Invoice Discounting
 
一比一原版美国新罕布什尔大学(unh)毕业证学历认证真实可查
一比一原版美国新罕布什尔大学(unh)毕业证学历认证真实可查一比一原版美国新罕布什尔大学(unh)毕业证学历认证真实可查
一比一原版美国新罕布什尔大学(unh)毕业证学历认证真实可查
taqyea
 
Solution Manual For Financial Accounting, 8th Canadian Edition 2024, by Libby...
Solution Manual For Financial Accounting, 8th Canadian Edition 2024, by Libby...Solution Manual For Financial Accounting, 8th Canadian Edition 2024, by Libby...
Solution Manual For Financial Accounting, 8th Canadian Edition 2024, by Libby...
Donc Test
 
1. Elemental Economics - Introduction to mining.pdf
1. Elemental Economics - Introduction to mining.pdf1. Elemental Economics - Introduction to mining.pdf
1. Elemental Economics - Introduction to mining.pdf
Neal Brewster
 
Bridging the gap: Online job postings, survey data and the assessment of job ...
Bridging the gap: Online job postings, survey data and the assessment of job ...Bridging the gap: Online job postings, survey data and the assessment of job ...
Bridging the gap: Online job postings, survey data and the assessment of job ...
Labour Market Information Council | Conseil de l’information sur le marché du travail
 
一比一原版(UCL毕业证)伦敦大学|学院毕业证如何办理
一比一原版(UCL毕业证)伦敦大学|学院毕业证如何办理一比一原版(UCL毕业证)伦敦大学|学院毕业证如何办理
一比一原版(UCL毕业证)伦敦大学|学院毕业证如何办理
otogas
 
Instant Issue Debit Cards - High School Spirit
Instant Issue Debit Cards - High School SpiritInstant Issue Debit Cards - High School Spirit
Instant Issue Debit Cards - High School Spirit
egoetzinger
 
SWAIAP Fraud Risk Mitigation Prof Oyedokun.pptx
SWAIAP Fraud Risk Mitigation Prof Oyedokun.pptxSWAIAP Fraud Risk Mitigation Prof Oyedokun.pptx
SWAIAP Fraud Risk Mitigation Prof Oyedokun.pptx
Godwin Emmanuel Oyedokun MBA MSc PhD FCA FCTI FCNA CFE FFAR
 
Tumelo-deep-dive-into-pass-through-voting-Feb23 (1).pdf
Tumelo-deep-dive-into-pass-through-voting-Feb23 (1).pdfTumelo-deep-dive-into-pass-through-voting-Feb23 (1).pdf
Tumelo-deep-dive-into-pass-through-voting-Feb23 (1).pdf
Henry Tapper
 
Earn a passive income with prosocial investing
Earn a passive income with prosocial investingEarn a passive income with prosocial investing
Earn a passive income with prosocial investing
Colin R. Turner
 
2. Elemental Economics - Mineral demand.pdf
2. Elemental Economics - Mineral demand.pdf2. Elemental Economics - Mineral demand.pdf
2. Elemental Economics - Mineral demand.pdf
Neal Brewster
 
STREETONOMICS: Exploring the Uncharted Territories of Informal Markets throug...
STREETONOMICS: Exploring the Uncharted Territories of Informal Markets throug...STREETONOMICS: Exploring the Uncharted Territories of Informal Markets throug...
STREETONOMICS: Exploring the Uncharted Territories of Informal Markets throug...
sameer shah
 
How Non-Banking Financial Companies Empower Startups With Venture Debt Financing
How Non-Banking Financial Companies Empower Startups With Venture Debt FinancingHow Non-Banking Financial Companies Empower Startups With Venture Debt Financing
How Non-Banking Financial Companies Empower Startups With Venture Debt Financing
Vighnesh Shashtri
 

Recently uploaded (20)

Money20/20 and EU Networking Event of 20/24!
Money20/20 and EU Networking Event of 20/24!Money20/20 and EU Networking Event of 20/24!
Money20/20 and EU Networking Event of 20/24!
 
Tdasx: In-Depth Analysis of Cryptocurrency Giveaway Scams and Security Strate...
Tdasx: In-Depth Analysis of Cryptocurrency Giveaway Scams and Security Strate...Tdasx: In-Depth Analysis of Cryptocurrency Giveaway Scams and Security Strate...
Tdasx: In-Depth Analysis of Cryptocurrency Giveaway Scams and Security Strate...
 
Who Is the Largest Producer of Soybean in India Now.pdf
Who Is the Largest Producer of Soybean in India Now.pdfWho Is the Largest Producer of Soybean in India Now.pdf
Who Is the Largest Producer of Soybean in India Now.pdf
 
OAT_RI_Ep20 WeighingTheRisks_May24_Trade Wars.pptx
OAT_RI_Ep20 WeighingTheRisks_May24_Trade Wars.pptxOAT_RI_Ep20 WeighingTheRisks_May24_Trade Wars.pptx
OAT_RI_Ep20 WeighingTheRisks_May24_Trade Wars.pptx
 
1.2 Business Ideas Business Ideas Busine
1.2 Business Ideas Business Ideas Busine1.2 Business Ideas Business Ideas Busine
1.2 Business Ideas Business Ideas Busine
 
Detailed power point presentation on compound interest and how it is calculated
Detailed power point presentation on compound interest and how it is calculatedDetailed power point presentation on compound interest and how it is calculated
Detailed power point presentation on compound interest and how it is calculated
 
Pensions and housing - Pensions PlayPen - 4 June 2024 v3 (1).pdf
Pensions and housing - Pensions PlayPen - 4 June 2024 v3 (1).pdfPensions and housing - Pensions PlayPen - 4 June 2024 v3 (1).pdf
Pensions and housing - Pensions PlayPen - 4 June 2024 v3 (1).pdf
 
falcon-invoice-discounting-a-strategic-approach-to-optimize-investments
falcon-invoice-discounting-a-strategic-approach-to-optimize-investmentsfalcon-invoice-discounting-a-strategic-approach-to-optimize-investments
falcon-invoice-discounting-a-strategic-approach-to-optimize-investments
 
一比一原版美国新罕布什尔大学(unh)毕业证学历认证真实可查
一比一原版美国新罕布什尔大学(unh)毕业证学历认证真实可查一比一原版美国新罕布什尔大学(unh)毕业证学历认证真实可查
一比一原版美国新罕布什尔大学(unh)毕业证学历认证真实可查
 
Solution Manual For Financial Accounting, 8th Canadian Edition 2024, by Libby...
Solution Manual For Financial Accounting, 8th Canadian Edition 2024, by Libby...Solution Manual For Financial Accounting, 8th Canadian Edition 2024, by Libby...
Solution Manual For Financial Accounting, 8th Canadian Edition 2024, by Libby...
 
1. Elemental Economics - Introduction to mining.pdf
1. Elemental Economics - Introduction to mining.pdf1. Elemental Economics - Introduction to mining.pdf
1. Elemental Economics - Introduction to mining.pdf
 
Bridging the gap: Online job postings, survey data and the assessment of job ...
Bridging the gap: Online job postings, survey data and the assessment of job ...Bridging the gap: Online job postings, survey data and the assessment of job ...
Bridging the gap: Online job postings, survey data and the assessment of job ...
 
一比一原版(UCL毕业证)伦敦大学|学院毕业证如何办理
一比一原版(UCL毕业证)伦敦大学|学院毕业证如何办理一比一原版(UCL毕业证)伦敦大学|学院毕业证如何办理
一比一原版(UCL毕业证)伦敦大学|学院毕业证如何办理
 
Instant Issue Debit Cards - High School Spirit
Instant Issue Debit Cards - High School SpiritInstant Issue Debit Cards - High School Spirit
Instant Issue Debit Cards - High School Spirit
 
SWAIAP Fraud Risk Mitigation Prof Oyedokun.pptx
SWAIAP Fraud Risk Mitigation Prof Oyedokun.pptxSWAIAP Fraud Risk Mitigation Prof Oyedokun.pptx
SWAIAP Fraud Risk Mitigation Prof Oyedokun.pptx
 
Tumelo-deep-dive-into-pass-through-voting-Feb23 (1).pdf
Tumelo-deep-dive-into-pass-through-voting-Feb23 (1).pdfTumelo-deep-dive-into-pass-through-voting-Feb23 (1).pdf
Tumelo-deep-dive-into-pass-through-voting-Feb23 (1).pdf
 
Earn a passive income with prosocial investing
Earn a passive income with prosocial investingEarn a passive income with prosocial investing
Earn a passive income with prosocial investing
 
2. Elemental Economics - Mineral demand.pdf
2. Elemental Economics - Mineral demand.pdf2. Elemental Economics - Mineral demand.pdf
2. Elemental Economics - Mineral demand.pdf
 
STREETONOMICS: Exploring the Uncharted Territories of Informal Markets throug...
STREETONOMICS: Exploring the Uncharted Territories of Informal Markets throug...STREETONOMICS: Exploring the Uncharted Territories of Informal Markets throug...
STREETONOMICS: Exploring the Uncharted Territories of Informal Markets throug...
 
How Non-Banking Financial Companies Empower Startups With Venture Debt Financing
How Non-Banking Financial Companies Empower Startups With Venture Debt FinancingHow Non-Banking Financial Companies Empower Startups With Venture Debt Financing
How Non-Banking Financial Companies Empower Startups With Venture Debt Financing
 

SEC Regulation SCI: Automation Review Compliance

  • 1. SEC Regulation SCI Automation Review Compliance January 2015 Proprietary
  • 2. SEC Regulation SCI - Systems Compliance and Integrity  On November 19, 2014 the SEC adopted new rules to require certain key market participants to have comprehensive policies and procedures in place surrounding their technology (Reg SCI).  Regulation SCI under the Securities Act of 1934 (“Systems Compliance and Integrity”) replaces the current voluntary ARP compliance program with rules whose violation of which may be the subject to enforcement actions.  SROs, selected alternative trading systems (ATS), plan processors, and exempt clearing agencies are required to design, develop, test, maintain, and oversee their mission-critical systems.  The rules require them to ensure that their core technology meets certain standards, conduct regular business continuity testing, and provide certain notifications in the event of systems disruptions, intrusions and other events. Tellefsen and Company, L.L.C. 2013-2015
  • 3. Tellefsen and Company, L.L.C. 2013-2015  High-profile technical glitches in the securities markets including those that arose during the 2010 Flash Crash, the initial public offerings of Facebook and BATS Global Markets as well as the Knight Capital trading incident have illustrated that investors can be at risk when technology fails, and confidence in the markets can falter.  The market closures following Hurricane Sandy in 2012 also highlighted the importance of having a robust market technology infrastructure.  These events, subsequent discussions and commentary from a cross section of market participants have helped shape the development of the new rulemaking. Reg SCI (Cont’d) …
  • 4. Tellefsen and Company, L.L.C. 2013-2015  The new regulations will present challenges to the Chief Technology Officer and especially the Chief Compliance Officer, who is responsible for the creation and enforcement of reasonable supervisory procedures related to the implementation and maintenance of applicable HW/SW/NW technologies and infrastructure.  While these responsibilities are far from a routine compliance skill set, Reg. SCI is a continuation of a trend by the SEC of placing increased responsibility on compliance with respect to policies and procedures for implementing and maintaining various types of technology.  For the past two decades, SROs have followed a voluntary set of principles articulated in the SEC’s Automation Review Policy and participated in what is known as the ARP Inspection Program.  Reg SCI now supersedes this (see final rulemaking in the Federal Register: https://www.federalregister.gov/articles/2014/12/05/2014-27767/regulation-systems-compliance- and-integrity) Reg SCI (Cont’d) …
  • 5. Tellefsen and Company, L.L.C. 2013-2015 The rulemaking was largely adopted as proposed, with the following revisions and exceptions:  The proposed 30 day advance reporting requirement was changed to quarterly.  The Direct Access requirement which would have required SCI Entities to provide SEC staff with remote or on-site access to SCI Systems was not adopted.  Safe Harbor protection from liability is limited to those individuals who reasonably discharge their responsibilities under Reg SCI.  Senior management involved in the annual Reg SCI review will be required to certify that they have implemented policies and procedures reasonably designed to ensure compliance with the rulemaking. Reg SCI – Final Rulemaking
  • 6. Tellefsen and Company, L.L.C. 2013-2015  Core technology of national securities exchanges, self-regulatory organizations, significant alternative trading systems, clearing agencies, and plan processors meets certain standards.  That these entities conduct regular business continuity testing with their members or participants.  That they provide certain notifications regarding systems disruptions, intrusions and other types of systems issues.  The probability of technology problems is reduced, and key entities are well-positioned to take appropriate, corrective action when problems occur. Reg SCI Is Designed to Ensure:
  • 7. Tellefsen and Company, L.L.C. 2013-2015  The proposed rule would apply to “SCI Entities” such as: – Self-regulatory organizations (the registered national securities exchanges, registered clearing agencies, FINRA, and MSRB). – Alternative Trading Systems that exceed specified volume thresholds (SCI ATS). – Disseminators of market data under certain National Market Systems plans (“plan processors”). – Certain clearing agencies exempt from SEC registration.  It would apply primarily to the systems of SCI Entities that are core to the functioning of the securities markets, such as those that directly support trading, clearance and settlement, order routing, market data, regulation, or surveillance.  The SEC anticipates that 14 ATSs will be required to be compliant.  It is unknown whether other business systems such as a shared drive system or phone system are within the scope. Reg SCI – Applicability
  • 8. Tellefsen and Company, L.L.C. 2013-2015  Establish policies and supervisory procedures relating to the capacity, integrity, resiliency and security of its technology systems.  Ensure its systems operate in the manner intended, including in compliance with relevant federal securities laws and rules.  Take timely corrective action in response to systems disruptions, systems compliance issues and systems intrusions.  Notify and provide the SEC with detailed information when such systems issues occur, systems intrusions, and when there are material changes in its systems. Written notices of “SCI Events” will be reported to members and market participants and filed electronically to the SEC on Form SCI.  Inform its members or participants about certain systems problems and provide information about the systems and market participants affected by the problem and the progress of corrective action. SCI Entities - Requirements:
  • 9. Tellefsen and Company, L.L.C. 2013-2015  Provide quarterly notice to the SEC of any material system changes, including completed, ongoing and planned material changes to SCI systems and the security of indirect SCI systems, during the prior, current and subsequent calendar quarters.  Conduct an annual review of its compliance with Regulation SCI, and submit a report of the annual review to its senior management and the SEC.  Plan and engage in annual business continuity and disaster recovery testing.  Designate certain individuals or firms to participate in the testing of its business continuity and disaster recovery plans, and coordinate such testing with other entities on an industry- or sector-wide basis.  Demonstrate systems testing, test results and related capabilities to SEC staff on-site during inspections. SCI Entities Requirements (Cont’d)…
  • 10. Tellefsen and Company, L.L.C. 2013-2015  The SEC has granted Safe Harbor protection from liability to individuals within SCI Entities who reasonably discharge their Reg SCI compliance responsibilities under their policies, procedures and controls.  Reg SCI is effective 60 days after publication in the Federal Register, and SCI Entities must comply with the requirements within 9 months of the effective date.  ATSs that satisfy volume threshold levels for the first time will be granted an additional 6 months from that time to comply.  SCI Entities will have 21 months from the effective date to comply with the industry or sector wide BC/DR testing requirement. SCI Entities Requirements (Cont’d)…
  • 11. Tellefsen and Company, L.L.C. 2013- 2015  Reg SCI entities need to ensure their written policies and procedures are up to date.  Problem tracking systems must actively capture problems, problem identification, cause/effect and resolution.  Regular reporting to the SEC is required: – Ad-hoc incident reporting – Quarterly reports of planned and material system changes – Annual Reg SCI Review Policies, Procedures and Reporting
  • 12. Tellefsen and Company, L.L.C. 2013- 2015  Reg SCI entities need a comprehensive testing regimen in order to be compliant.  Functional and non-functional testing of applicable Reg SCI ecosystems.  Comprehensive test regimens for quality assurance, regression, capacity, stress, failover/recovery, user acceptance etc.  Development and maintenance of a test repository and active analysis of production data.  Need for industry insight and domain market structure expertise in the design, planning and execution of industry test initiatives.  Independent test execution, oversight and reporting.  Assistance with preparation of annual Reg SCI compliance report to SEC. Reg SCI Testing and Oversight
  • 13. Tellefsen and Company, L.L.C. 2013-2015  Tellefsen and Company (TCL) has a market structure practice and core competency and depth of experience in assisting exchanges, clearing houses and ATS in complying with regulatory guidelines.  We have conducted numerous technology reviews for clients in the last several years, including investment management firms, ATS, clearing houses and exchanges.  We have also counseled and guided our clients through the preparation for regulatory designation reviews and inspections by the CFTC, FINRA and the SEC.  Our mission-critical systems expertise includes trading systems, market data dissemination, clearing, risk management and market surveillance components. Tellefsen and Company – Automation Review Expertise
  • 14. Tellefsen and Company, L.L.C. 2013- 2015  Experience with prior client assignments has included the development of testing, compliance documentation and procedures for trading and operations management, including:  Business impact analysis  Business continuity management  Capacity planning  Systems development methodology  Acceptance testing  Configuration and release management  Network management  Problem management/problem tracking  Information and physical security  Failover, stress and capacity testing Market Structure, Compliance and Automation Review Expertise
  • 15. Tellefsen and Company, L.L.C. 2013 -2015  Our firm brings unique market insight and market micro structure experience to client assignments  Development and audit of business continuity plans, systems failover and fall back testing strategies and plans are a core competency of our firm, as is systems quality assurance and acceptance testing  We have provided independent test oversight and test results attestation for various exchanges, clearing houses and numerous market participants. Market Structure Expertise (Cont’d) …
  • 16. Tellefsen and Company, L.L.C. 2013- 2015  TCL has introduced a marketing partnership with Exactpro Systems, a specialist FinTech firm focused on testing of mission-critical trading systems and market infrastructure .  Started in 2009, Exactpro has experienced phenomenal growth as satisfied clients consume more services - now employing over 280 specialists.  Headquartered in San Rafael, California, with four quality assurance and development centers in Russia and sales support in the UK.  Clients include global exchanges, clearing houses, inter-dealer brokers, investment banks, ATS, futures commission merchants, order management/execution management system providers.  www.exactpro.com Marketing Partnership with Exactpro Systems
  • 17. Tellefsen and Company, L.L.C. 2013- 2015 ▀ Major equities and commodities futures exchanges ▀ Commodities futures clearing corporation ▀ ATSs with low latency trading platforms ▀ Swap Execution Facilities (SEFs) ▀ Global derivatives and futures commission merchant ▀ Investment bank specializing in emerging markets ▀ Equity broker-dealer offering program and single name execution ▀ Order management/execution management system provider to buy- side and sell-side constituents Exactpro Systems – Prior Client Experience
  • 18. Reg SCI Testing Expertise Quality Assurance: Test Planning and Management Latency and Capacity Testing Intelligent Management of Large Data Sets Process Audit and Test Coverage Analysis Automated Regression Testing Requirements Definition and Test Scenario Creation (human, message & reporting interfaces) Intelligent Functional and Exploratory Testing Develop/Productize state-of-the-art Test Harnesses Test Automation Test Data Management Protocol Level Testing via: FIX/FAST, SOAP, HTTP, ITCH, SWIFT, MQ, SQL, Proprietary Binary and Text-based Data Formats, etc.
  • 19. Focused on the Lifecycle of Trading Financial Products Platforms Pre and Post Trade; Commodities, Futures, Derivatives, Equities, Fixed Income, FX Deal Capture & Position Keeping Risk Management Middle Office Clearing and Settlement Messaging Reference Data Order and Execution Management Market Venue Connectivity Smart Order Routing Algorithmic Trading Matching Engines Market Data Distribution
  • 20. Exactpro’s Test Automation Suite ClearTH: • Post-Trade testing tool • Verifies each stage of the DLC • Integrated schedule • Automated matrices • Can create multiple days test scenarios • Concurrent multiple tests • Integrated simulators • SWIFT ISO protocol support MiniRobots: • Executes multithreaded java code • Complexity of test algorithms is defined by the test developer • Supports multiple client fix connections, order entry and market data via FIX • Can use GUI to iterate through sent and received messages Dolphin: • Model-based testing of market surveillance systems • Production-scale capacity and throughput • Interactive real-time alerts and reports Shsha: • Post-transactional tool • Analyzes clients' activity and forecasts system response • Parses and displays logs in a user-friendly way • Parses messages and then puts each to a data base table where each column corresponds to each message field • Allows making summarized reports, etc • Easy to understand GUI Load Injector: • Simulates multiple client connections with a specified load shape for each connection or a group of connections • Up to 75K messages / second from a single CPU core • Measures latencies in microsecond range • Performance test reports Sailfish: • Can test Order Entry, Market Data and Post Trade connections in one test scenario • Each test scenario is independent • Allows running test scripts in any sequence • Simulation of multiple user connections • Server simulators • All messages are stored into a data base • Generates test reports
  • 21. Applicability to Reg SCI An experienced team, armed with the proper tools that can hit the ground running to review, test and provide evidence in a cost effective fashion! A range of well organized testing services that cover several of the aspects essential for Reg SCI compliance - 1. Conventional Non Functional Testing: • Load test to establish the reasonable current and future capacity planning estimates • Capacity stress tests of systems to determine their ability to process transactions in an accurate, timely, and efficient manner • Failover & recovery tests to verify backup, contingency and disaster recovery capabilities, including geographically diverse locations 2. Conventional Functional Testing: • Efficient testing to exercise all key functionality and data set-up • Positive and negative tests to identify vulnerabilities pertaining to internal and external threats, physical hazards, and natural or manmade disasters • All test evidence per run stored within an easy to access and report test repository • Automated Regression testing of subsequent releases and reporting of all relevant changes within the system 3. Testing at the Confluence of Functional and Non Functional Testing: • High frequency and algorithmic trading activity simulations • Testing to assure systems capacity, integrity, resiliency, availability and security under realistic participants load • Modeling of all data inputs and outputs from system to evaluate the behavior within normal operational and outage scenarios 4. Production Data Analysis: • Capture and Analyze data from production to understand real usage • Monitor and investigate production events • Feedback to refine test coverage for subsequent versions • Bringing QA perspective into operational support
  • 22. For More Information, Contact Tellefsen and Company, L.LC. John Rapa 1-212 809 3800 JJR@Tellefsen.com 22