You May Be Exempt From Reg SCI, But You Still Need SCI!

By Oyster Consulting LLC

Margaret Hunt-Hill Bridge in Dallas, Texas

Reg SCI Regulatory Background

On November 19, 2014 the Securities and Exchange Commission (SEC) voted to adopt new rules designed to strengthen the technology infrastructure of the US securities markets, requiring entities to have comprehensive policies and procedures in place for market impacting technologies. These Regulations for Systems Compliance and Integrity (Reg SCI) also offer guidance to take corrective actions when system issues or planned changes occur, provide notifications and status reports to the SEC, inform members and participants about system issues/changes, conduct business continuity testing and conduct annual reviews of their systems. Compliance with these rules became effective in August 2015. Alternative Trading Systems (ATS) newly meeting the volume thresholds in the rules for the first time are allowed an additional six months from the time the ATS first meets the thresholds. Entities must also comply with the sector-wide testing requirement.

Protection, Continuity and Growth

Ensuring that your technology systems, and the policies, procedures, supervisory responsibilities and risk controls surrounding it are robust and ready for the new rules is paramount for the protection, continuity and growth of your business. There is every indication from industry experts and from the SEC leadership themselves that they plan to continue to drive this down to firms with direct market access and higher trading volumes, and that if left uncontrolled, could potentially disrupt market activities. In order to ensure your firm is prepared, your firm should:

Perform a Technology Controls Assessment 

Identify where improvements may be needed.

Establish a Technology Controls Roadmap

Create a comprehensive plan to continue driving toward a ‘best in class’ application controls management program

Review Your Firm’s Software Development Lifecycle (SDLC) Management Processes

  • Application Governance
  • Roles and Responsibilities – Business, IT, Operations, Risk, Compliance, Legal & Internal Audit, etc.
  • Risk and Issue Management processes
  • Regulatory Compliance – Rule 15c3-5 (Market Access) certification, 3012 Review/Testing and Regulatory Reporting
  • Software Design and Development procedures and code versioning controls
  • Quality Assurance: all phases of testing, defect/enhancement management and change control processes
  • Release Management & Post-release Monitoring
  • Incident Management and Technical/User Support
  • Change Management and Implementation Processes
  • Information & Data Security, Cyber Security and Data Management
  • Business Continuity and Disaster Recovery Policies, Procedures and Testing
  • Performance and Capacity Management
  • Application Access Management, Monitoring and Controls

Exclusive Case Studies Discover How Firms Are Focusing on Core Transformation Driven By Technology 

Reg SCI Compliance and Technology Experts

Oyster Consulting’s experts have years of industry-specific technology experience, enabling them to perform a comprehensive technology controls review to help your firm stay ahead of the regulatory curve. Oyster will analyze your firm’s existing policies and procedures and supervisory responsibilities, and provide a report assessing strengths and weaknesses in the systems’ environment, process and potential resource risks. The analysis will include specific recommendations, and provide a tactical plan to implement them. Oyster does not have a one-size-fits-all approach to application controls and governance of systems. Our consultants can quickly assess which areas of your firm’s IT management controls need the most attention, and provide your firm with specific recommendations for enhancements to achieve industry best practices.

Related Content

Man in suit represents former regulator navigating regulatory exams

Podcast

Navigating Regulatory Exams: Insights from Former Regulators

Ever wondered how to turn a regulatory exam into a strategic advantage? Join our discussion (Part 1 of 2) with former regulators Patrick Dennis, Evan Rosser, Ed Wegener, Jeffrey Hiller and Bill Reilly as they share their insights into what regulators consider when they come in to do exams, the art of managing document request […]

Learn More
executive at laptop frustrated represents common compliance mistakes

Podcast

Compliance Mistakes Every CCO Should Avoid: Practical Tips for Success

In Part 2 of our series on common compliance mistakes, Oyster’s regulatory compliance experts tackle the common pitfalls firms encounter with policy updates, procedural documentation, and regulatory filings. Discover practical strategies for aligning your written supervisory procedures with real-world practices, ensuring timely and accurate delivery of disclosures like Form ADV, Form CRS, and Reg BI, […]

Learn More
Overhead view of bridge represents compliance risk management

Blog

Decoding Compliance Risk Concepts: Strategies for Effective Risk Management

Types of Compliance Risk Over the last several years, examinations have evolved to become more risk-based and data driven. Both FINRA and the SEC have indicated they use risk-based assessments to determine the scope and areas they will examine. To prepare for risk-based exams and regulatory focus, firms need strategies for developing and maintaining a […]

Learn More
Get In Touch Scroll Up