Entidades no sistema de negociação

7.1.1 entidades no sistema comercial que se seguem são.

Clique para editar os detalhes do documento.

Pré-visualização de texto não formatado: 7.1.1 Entidades no sistema de negociação A seguir, as quatro entidades do sistema de negociação: • Membros comerciais: os membros comerciais são membros da NSE. Eles podem negociar por conta própria ou em nome de seus clientes, incluindo os participantes. A troca atribui uma ID de membro comercial a cada membro comercial. Cada membro comercial pode ter mais de um usuário. O número de usuários permitidos para cada membro comercial é notificado pela troca de tempos em tempos. Cada usuário de um membro comercial deve estar registrado na troca e recebe uma ID de usuário única. O ID exclusivo do membro comercial é uma referência para todos os pedidos / negócios de diferentes usuários. Esta ID é comum para todos os usuários de um membro comercial específico. É responsabilidade do membro comercial manter um controle adequado sobre as pessoas que têm acesso às IDs de usuários da empresa. • Membros de compensação: membros de compensação são membros do NSCCL. Eles realizam atividades de gerenciamento de risco e confirmação / indagação de negócios através do sistema de negociação. • Membros de compensação profissionais: um membro de compensação profissional é um membro de clearing 55 que não é um membro comercial. Normalmente, os bancos e os depositários tornam-se membros de compensação profissionais e claros e se contentam com seus membros comerciais. • Participantes: um participante é um cliente de membros comerciais como instituições financeiras. Esses clientes podem negociar através de vários membros comerciais, mas se estabelecem por meio de um único membro de compensação. 7.1.2 Base de negociação O sistema NEAT F & amp; O suporta um mercado orientado por pedidos, em que as ordens correspondem automaticamente. A correspondência de pedidos é essencialmente baseada na segurança, preço, tempo e quantidade. Todos os campos de quantidade estão em unidades e o preço em Rúpias. A troca notifica o tamanho regular do lote e marca o tamanho para cada um dos contratos negociados neste segmento de tempos em tempos. Quando qualquer ordem entra no sistema de negociação, é uma ordem ativa. Ele tenta encontrar uma correspondência do outro lado do livro. Se encontrar uma correspondência, um comércio é gerado. Se não encontrar uma correspondência, a ordem torna-se passiva e vai e fica no respectivo livro de pedidos pendente no sistema. 7.1.3 Hierarquia corporativa No software de negociação F & O, um membro comercial tem a facilidade de definir uma hierarquia entre os usuários do sistema. Esta hierarquia compreende o gerente corporativo, o gerente do gerente do setor e o administrador. • Gerente corporativo: o termo é atribuído a um usuário colocado no nível mais alto em uma empresa comercial. Esse usuário pode desempenhar todas as funções, tais como atividades relacionadas a pedidos e comércio de todos os usuários, ver a posição líquida de todos os revendedores e em todos os níveis de clientes, pode receber relatórios de negociação e relatórios de pedidos consolidados do final do dia para todos os ramos do membro comercial firme e também todos os revendedores da empresa. Apenas um gerente corporativo pode assinar qualquer usuário e também definir limites de exposição para os ramos da empresa e seus revendedores.

TERM Summer & # 039; 12 PROFESSOR Rakita TAGS Derivados, Derivados, Opções,. contrato derivado.

Clique para editar os detalhes do documento.

Compartilhe este link com um amigo:

Bookmarked Docs.

Bom para MBS e Binomial_rev.

Marque-o para ver mais tarde.

Marcador Bom para MBS e Binomial_rev.

Não há documentos marcados.

Marque este documento.

Visto recentemente.

Documentos mais populares para FINA 412.

715 Page Question Bank Concordia Canadá FINA 412 - Verão 2014 Uma discussão de economia financeira em modelos atuariais Preparação para a Atuari.

715 Page Question Bank.

MBS E GREGOS Concordia Canadá FINA 412 - Problemas no verão de 2014; as opções de sorriso escritas no mesmo recurso subjacente geralmente não produzem.

NoArbitragePricing Concordia Canada FINA 412 - Verão 2014 NENHUM PREÇO DE ARBITRAGEM NAS OPÇÕES DE CHAMADA LARRY, ZHIRONG LI Opções de chamada no mesmo abaixo.

conferência8 Concordia Canada FINA 412 - Verão 2014 1 Opções americanas As opções de compra de ações mais negociadas e as opções de futuros são de tipo americano.

Perguntas de fim de capítulo Concordia Canada FINA 412 - Summer 2014 MFIN6003 Derivative Securities Dr. Huiyan Qiu Perguntas de fim de capítulo para a prática (

Tópico6 Concordia Canada FINA 412 - Verão 2014 VI. Estratégias de negociação envolvendo opções Devido a fricções do mercado, como a transação.

Estude sobre a viagem.

Outros Materiais Relacionados.

ch11 Toledo FINA 4090 - Primavera de 2011 CAPÍTULO 11 MERCADOS DE DERIVADOS CAPÍTULO OBJECTIVOS 1. O principal objetivo deste cap.

Ch.8 A Universidade de Hong Kong FINA 2383 - Primavera de 2015 Capítulo 8: Derivados em moeda corrente Neste capítulo, cobrimos: Contratos futuros Futuros.

Na década de 1990, essas trocas estavam negociando futuros e opções em tudo. Escola para Negócios Finanças e Empreendedorismo FINANÇAS FINANCEIRAS - Verão de 2015 CAPÍTULO 3 INTRODUÇÃO SOBRE FUTUROS E OPÇÕES Nos últimos anos, os derivados se tornaram.

INTRODUÇÃO A FUTUROS E.

Contratos Futuros O que é um contrato a prazo e como ele difere de uma Universidade de Illinois, Urbana Champaign FIN 412 - Spring 2016 Finance 412 Derivatives 21 de janeiro de 2016 Paul E. Peterson, Ph. D. Departamento de Financ.

160120 423 Exame 1 Texas A & amp; M FINC 423 - Outono 2016 Introdução Opções, Futuros e Outros Derivados, 9ª Edição, Copyright John C.

160120 423 Exame 1.

90 Os Fundamentos de Opon Valuaon Passo 1 ConCentou o determinar a composição da Universidade do Texas FINANCE 765567 - Outono 2015 Seção VII: Derivados cfw_Professor Ritter Derivatives A Introduction A Derivati.

Página 56 & # 47; 120.

Esta visualização mostra as páginas do documento 56 - 58. Inscreva-se para ver o documento completo.

Obter Course Hero.

Legal.

Conecte-se conosco.

Copyright © 2018. Termos de Privacidade do Course Hero, Inc.

O Curso Herói não é patrocinado ou aprovado por qualquer faculdade ou universidade.

10 melhores corretores binários - Tabela de comparação.

Entidades no sistema de comércio.

Entidades no sistema de comércio.

Sobre a Shell Trading. todas as entidades Trading da Shell na América do Norte e Shell International Trading and Shipping Company Ltd para outras entidades da Shell Trading. Princípios do sistema comercial. A Rodada Uruguai de negociações comerciais multilaterais foi aumentar o montante por milhares de entidades governamentais em muitos. Contém um processo (forma) que representa o sistema para modelar, neste caso, a plataforma de negociação de títulos. Os clientes do IB Canadá podem transferir fundos eletronicamente de uma conta bancária canadense denominada em dólares canadenses ou em dólares americanos. Você pode criar uma instrução EFT durante o. Solução de Gerenciamento Mestre de Valores Mobiliários: o Primeiro Passo para a Implementação Credível de entidades de dados em diferentes títulos para os quais o sistema comercial é. Opções não utilizadas (opções nulas) Glossário de termos Entidade Comercial Elegível, Comissão de Negociação de Futuros, Contrato. As licenças só podem ser obtidas por entidades jurídicas que atendam a determinados critérios legais, que incluem: um montante mínimo de capital fundado, um regulador apropriado do mercado de capitais, Sebi, revogou a proibição de negociação imposta a 82 entidades que se encontravam sob o sistema de mercado de títulos para aumentar artificialmente. O acesso à plataforma de negociação é concedido com base no acordo estabelecido entre a plataforma de negociação e a entidade jurídica que procura a participação do sistema. Seguem-se as quatro entidades do sistema de negociação: membros de negociação: os sócios comerciais só podem negociar, por conta própria ou em nome de seus clientes. Entidades comerciais O que você deve ser? Duas ou mais pessoas que procuram operar uma empresa como uma parceria no sistema de impostos PAYE. ENTITY INTELLIGENCE Entity Exchange é um sistema flexível, global do LEI. Após a acreditação, Entity Exchange FOR FIRMS PARA IMPLEMENTAR SOLUÇÕES MISIF II para departamentos, entidades comerciais, instituições constitucionais e entidades públicas Emitidas em termos de 17. Mudanças nos sistemas financeiros. Existem muitos tipos de entidades empresariais definidas nos sistemas jurídicos de vários. Esses tipos de entidades empresariais não são empresas comerciais populares. Uma coisa que você deseja evitar é a abordagem do cortador de bolachas para a criação de uma entidade comercial ou de uma série de entidades comerciais. Eu vi alguns online, profissionais. Webinar verde, CPA 14 de maio: Cadastre-se para o nosso webinar para discutir este blog. Antes de 2014, sugerimos que os comerciantes comerciais se organizassem como um. Conformidade e Integridade de Sistemas de Regulação (Regulamento SCI) é um conjunto de regras criadas pela SEC para monitorar os sistemas e tecnologia de TI da U. Vinculação de sistemas de comércio de emissões Penalidades por má conduta de entidades comerciais e seus funcionários, International Carbon Action Partnership. A negociação de emissões ou o cap e o comércio são uma abordagem governamental, baseada no mercado, para controlar a poluição, proporcionando incentivos econômicos para obter reduções. Directiva 2 de maio de 2010 7 Diretiva sobre disposições transitórias para entidades públicas, entidades comerciais, entidades municipais e instituições constitucionais Precisa de ajuda com deduções fiscais? Oferecemos serviços completos de planejamento tributário para comerciantes ativos, deduções fiscais de comerciantes e serviços de formação de entidades. Contagem de palavra: 234 Resumo: Entidades no sistema de negociação em mercados de ações indianos Palavras-chave: sistema de comércio, mercados de ações indianos, mercado de ações, Índia, artigos. Entidades no sistema de negociação Existem quatro entidades no sistema de negociação: 1. Membros comerciais: da ME 3 no Indian Institute of Technology, Kharagpur Desenhe o EERD para representar com precisão este conjunto de requisitos. Este será design conceitual. Especifique claramente os pressupostos que você está fazendo. Mudanças nos sistemas financeiros ou de recursos humanos. Identificadores de Entidades Jurídicas (LEIs) O que é um identificador de entidade legal (LEI)? O LEI é um código de 20 caracteres usado para identificar entidades que entram em transações financeiras. O Sistema de Comércio de Emissões da UE mostrou que o capital e o comércio podem ser estendidos ao carbono, as emissões são chamadas de entidades reguladas. Entidade Modelos de diagramas de relacionamento com muitos exemplos para criar diagramas ER mais rapidamente. Use os modelos do diagrama ER para começar de imediato. Emitido em termos de 17. 3 Mudanças nos sistemas financeiros. Como o comércio de emissões pode beneficiar os países em desenvolvimento. Geralmente, acredita-se que um sistema de comércio de emissões exige que todas as entidades envolvidas sejam. Entidades no sistema de negociação A seguir estão as quatro entidades no sistema de negociação: da FINA 412 na Concordia Canadá Existem quatro entidades no sistema de negociação. Membros comerciais, membros de compensação, membros de compensação profissionais e participantes. Membros comerciais: membros comerciais são membros da NSE. Eles podem negociar por conta própria ou em nome de seus clientes, incluindo os participantes. A troca atribui uma identificação de membro comercial a cada uma. Categoria: Entidades Sustentáveis ​​de alguns Estados O IRS pode ver esta negociação como jogo do sistema, uma entidade comercial sem status de imposto de comerciante é uma empresa de investimento. São divulgados sistemas e métodos para facilitar negociações entre duas entidades comerciais. Um sistema de computador pode corresponder a uma oferta de uma primeira entidade de negociação para um item com. DEFINIÇÃO da 'Conta de Negociação de Entidades' Uma conta de negociação que pertence a uma entidade jurídica, como uma corporação ou parceria limitada. Há certas vantagens para. Este é um resumo do orçamento Californias Cap e Trade para entidades cobertas e fornece um mecanismo de negociação para GAS EMISSIONS TRADING SYSTEMS. São divulgados sistemas e métodos para facilitar negociações entre duas entidades comerciais. Um sistema de computador pode corresponder a uma oferta de uma primeira entidade de negociação para um item com. A informação técnica sobre o sistema de comércio internacional baseado no Estado Trading é a falta de entidades do setor privado na mesma área. CALENDÁRIO Regulamento do Tesouro para departamentos, entidades comerciais, instituições constitucionais e entidades públicas Emitidos em termos da Lei de Gestão de Finanças Públicas. Nenhuma parte desta publicação pode ser reproduzida, armazenada em um sistema de recuperação ou transmitida, de qualquer forma ou por qualquer meio, eletrônica, ENTIDADES DE NEGOCIAÇÃO. Além do risco, garanta o sistema de livre mercado. Publicações sobre entidades comerciais escritas pelo Innovator. ATSs), processadores de planos e agências de compensação isentas sujeitas à. Exemplo de Diagrama de Caso UML Exemplo de Projeto de Sites de Rede Social. Exemplo de Diagrama de Caso de Uso UML Sites de Rede Social Projetos Cenários de uso do sistema de negociação Entidade. Esta publicação discute as disposições relativas à negociação de Entidades Maltesas em derivados OTC, com foco específico em como as Entidades Maltesas estarão reportando à Negociação. Entidades no Sistema de Negociação. Há uma série de entidades que existem é o sistema comercial de trocas, como o NCDEX e o MCX. Uma breve descrição de cada um segue: (i) Trading cum Membro Compensador (TCM). Registro de Serviços Automatizados de Negociação Autorizados de acordo com a Parte III da Portaria de Valores Mobiliários e Futuros. Leia as informações legais importantes sobre o. Como a negociação quantitativa é geralmente utilizada pelo financeiro, o sistema é então implementado em reais. Os mercados financeiros são algumas das entidades mais dinâmicas que. Alteração ao Ciclo de Liquidação de Transações de Valores Mobiliários, incluindo entidades pequenas, pode precisar testar mudanças nos sistemas, a Divisão de Negociação da Comissão e.

Entidades no sistema de negociação em Indian Stock Markets.

Imagens relacionadas "Entities In Trading System" (281 fotos):

Conta de Negociação de Entidade - Investopedia.

Equipamento e suporte de defesa (DES) Nota padrão: Em 1 de abril de 2014, tornou-se uma entidade comercializada a medida, sistema: historicamente. O sistema automatizado de fluxo de trabalho de cobrança interage com um sistema para taxas de crédito para entidades Criando encargos de crédito para negociação de entidades. Os grupos médicos que não são propriedade de um sistema de saúde e entram em um OHCA com o sistema devem ser prestados a entidades cobertas. FLK Entity Trading Policy em Folkestone Securities FLK ENTITY TRADING POLICY EM FOLKESTONE SECURITIES 3 Grupo entidade. A solução rápida UML estende o software ConceptDraw PRO com modelos, amostras e bibliotecas de estêncis vetoriais para o desenho rápido dos diagramas UML usando Rapid Draw. Designado pelo governo canadense em julho de 2010 como uma entidade que contribui para as atividades nucleares do Irã ou para o seu desenvolvimento químico. Imposto sobre as entidades com participação pública. Imposição do sistema de imposto sobre as empresas em entidades de capital aberto tem. O Comissário sênior de trânsito, no entanto, extraiu a negociação individual na sua própria conta. A economia interna é um tipo de mecânico que você pode encontrar em um jogo. Projetar a economia de um jogo é o núcleo do comércio de designers de jogos: você fabrica mecânica para. Perfil público para IMAGINE TRADING SYSTEMS INC. MADISON AVE em NEW YORK, NY. Nossos sistemas easyto use libertam você do estresse de fazer decisões de investimento emocionalmente difíceis, fornecendo sinais de negociação claros e overnight, para entrada e saída. Uma entidade contábil pode ser uma empresa ou subdivisão de uma empresa que se envolve no Trade Forex risco de mercado livre usando o nosso simulador de negociação Forex gratuito. O Tesouro designou seis entidades chinesas, uma para obter acesso à U. A Deutsche Brse AG opera a Bolsa de Valores de Frankfurt, uma entidade sob público facilita sistemas eletrônicos avançados de negociação, liquidação e informação. Uma lista de nossas entidades comerciais legais em todo o mundo. Pulse Software Systems Ltd Reg. Reforma e Melhorias no Sistema de Comércio Exterior da China. República Popular da China a diversificação das entidades de comércio exterior da China. Negociação dentro de uma Entidade em OptionsANIMAL Existem algumas vantagens definitivas para a negociação dentro de uma entidade, utilizando contabilidade marktomarket. Perguntas frequentes sobre o Sales Sales: sistema de identificação global da Entidade Jurídica Global para entidades jurídicas em todos os mercados e o Commodity Futures Trading. O regulador Sebi levantou a proibição de negociação em 14 entidades que deveriam ter abusado do sistema de mercado de valores mobiliários por serem ilegais. Perfil público para WEB TRADING SYSTEMS INCORPORATED, localizado em 501 E 87TH ST # 7B em NEW YORK, NY. Sistemas de negociação e indicadores para os mercados de futuros e Forex na plataforma de negociação NinjaTrader. Torne-se um comerciante melhor e mais lucrativo. As Circulares Regulamentares do CBOE referentes aos Sistemas de Negociação de Opção e Execução Automática podem ser direcionadas aos membros da Associação do Piso de Negociação. Implicações da Regra Volcker para sistemas de negociação alternativos ou em outros para alcançar o cumprimento da Regra Volcker. YeboYethu e se registrar para usar a plataforma de negociação disponibilizou sistemas, tecnologias e. Os sistemas de negociação substituirão o sistema Eurolight que é usado atualmente. Ir para todas as antigas entidades do grupo APX, com exceção do belga. Os Sistemas de Risco de Negociação Robusto e a negociação de entidades bancárias sob a Regra da Volcker provavelmente serão restringidos pela Negociação de Entidades Bancárias. Baixe o diagrama de relacionamento da entidade do sistema de negociação no Trading Informer: Violet, Altova UModel, assistente de ER. Um método e sistema para a execução automática de entidades de negociação sintética controladas pelo risco. Os parâmetros de risco são gerados para duas ou mais entidades comerciais reais que. Serviços de Sistema de Acompanhamento de Instrumentos de Conformidade (CITSS) Webinars; A negociação cria incentivos para reduzir os GEEs abaixo dos níveis permitidos através de investimentos. As informações nesta Declaração de Divulgação de Risco são informações gerais on-line, sistema de negociação eletrônica e as limitações no serviço que algumas negociações de opções binárias existem casos em que um corretor comercial registrado com um sistema de negociação ou Todas as outras entidades que oferecem opções binárias que. Um método para gerenciar comércio eletrônico é fornecido. Em um mercado eletrônico com regras de correspondência comercial, uma pluralidade de primeiros pedidos cada um associado a uma conta. Propõe o estabelecimento de um Programa de Revisão de Automação (ARP ou Programa) para qualquer entidade de infra-estrutura de mercado especificada (Entidade) que opera sistemas e processos de tecnologia chave nos mercados de valores canadenses. A negociação de títulos pode ser feita dentro de qualquer número de entidades legais. Enquanto as entidades OutofState não são necessariamente todas as que estão rachadas, aí. LIVRO BRANCO Sistemas de Negociação de Energia e Gestão de Riscos Preparados pela UtiliPoint International, Inc. PARTICIPANTES DE MERCADO DE CAPITAL Aviso aos Participantes do Mercado de Capitais (Instituições e Profissionais) 29 de abril de 2015 Instituições de Mercado de Capitais Mercado de Capitais. Negociação de Instrumentos Financeiros 1) os direitos e obrigações das entidades envolvidas em tais operações e sistema de negociação alternativo significam a. A Sebi levantou a proibição de negociação em 14 entidades que alegadamente abusaram do regime para abusar do sistema de mercado de valores mobiliários para fazer ganhos ilegais. Como comerciante, você precisa formar uma entidade de negociação separada para o seguinte, incluindo fitas e 70 sistemas operacionais diferentes. A SEC Adota o Regulamento SCI para Fortalecer a Infraestrutura de Mercado de Valores Mobiliários. Fortalecer a Infraestrutura do Mercado de Valores Mobiliários Realiza sistemas que oferecem suporte à negociação. Um sistema de controles internos razoavelmente projetado para monitorar o cumprimento das entidades bancárias com ativos e passivos de negociação de 25 bilhões ou mais. Um método, que compreende: um sistema informático de uma primeira entidade comercial que envia informações a um sistema informático central indicando que a primeira entidade comercial está disposta a atuar como uma ponte de crédito entre entidades com as quais a primeira entidade comercial possui uma relação de crédito; em que as informações enviadas pelo sistema informático da primeira negociação. O sistema pitagórico é uma das formas de realização da Tradição Perene. Nível Estado de Ser Características 2. O Estado concorda em fornecer ao Parceiro Comercial acesso eletrônico ao TCMIS e à rede para fins de troca de transações via Trading. Ao executar a atualização direcionada para os parceiros comerciais da entidade, para coletar dados de seus sistemas ERP não-rooteiros ou seus parceiros comerciais. É fornecido um sistema de gerenciamento de negociação eletrônica. O sistema compreende uma memória que armazena regras de correspondência comercial. Um processador conectado de forma comunicativa à memória. Daytraders: Negociação através de uma entidade separada: negociação através de uma entidade separada: Home Solicitar mais informações Mod IEIN System Overview: Q. Atos Online fornece legislação, entidades comerciais, etc. Sistema de Administração de Pessoal e Salário (PERSAL) Anexo E4: LOGIS. A sessão de negociação da noite no Mercado de Derivados começa às 7.

Lista de entidades empresariais - Wikipedia.

O Deutsche Brse Group usa cookies para melhorar seu site. Se continuar a navegar no nosso site, você concorda com o uso de cookies. O regulador Sebi levantou a proibição de negociação em 14 entidades que alegadamente abusaram do sistema de mercado de valores mobiliários para fazer ganhos ilegais. Sistemas e métodos são fornecidos para ligar várias entidades para a ligação de múltiplas entidades a várias contas são fornecidos sistema de negociação. O regulador de mercados de capitais, Sebi, revogou a proibição de negociação imposta em 82 entidades que haviam vindo ao sistema de mercado de títulos para aumentar artificialmente. A entidade isenta e as antigas regras da entidade isenta destinam-se a evitar operações de franqueamento de crédito envolvendo entidades fiscais corporativas que são efetivamente detidas por. Identificador de Entidade Legal Atender a necessidade de um sistema global para identificar todas as entidades jurídicas que transacionam nos mercados financeiros e (e não para negociação. Bancos de investimento: os vínculos com os bancos de investimento também trazem riscos para o sistema financeiro. Com os ativos de negociação dos dez maiores entidades legais que. O Tesouro designou seis entidades chinesas, uma para obter acesso à U. Design e desenvolvimento de sistema de reservas on-line: sistema de mensagens ligando vários sistemas de criadores de mercado à negociação de ações ordinárias Entidade Limitada 58. Revisão da Diretoria de Mercados em Instrumentos Financeiros bem como os sistemas de negociação. A obrigação de negociação também se aplica às entidades de países terceiros. Ao trabalhar em conjunto, a Europa tem o peso de moldar um sistema aberto de comércio global com base em regras justas e garantir que essas regras sejam respeitadas. As trocas estabelecem as entidades de negociação do índice de mercado. CFETS System for trading in Northbound Trading Link In Instrumentos na entidade de termos que foi reconhecido pelo PBOC de acordo com as Regras da PRC aplicáveis. Casa; Nosso pensamento; Publicações Eventos; Disposições-chave da regulamentação final da regra de Volcker para as entidades bancárias não - USICAS Recolha de informações de entidades conectadas das organizações de Transmissão Regional e do Sistema Independente para negociações aparentemente anômalas. ESCRITÓRIO DE GESTÃO E ORÇAMENTO. Lista de Entidades Federais Designadas e Entidades Federais. AGÊNCIA: Escritório de Gestão e Orçamento. AÇÃO: Aviso de Gestão de Direitos Digitais que abrange a modelagem das entidades dentro de um sistema DRM. Este módulo também pode precisar interoperar com o sistema de negociação para. Um sistema para agregação de dados que representam participações de valores mobiliários detidos por uma pluralidade de entidades comumente controladas, compreendendo pelo menos um processador de dados. Envolvido na transferência ilícita de armas do Irã para a África Ocidental; designado em 18 de abril de 2012 pelo Comitê do Conselho de Segurança da U. estabelecido em conformidade com a resolução. Além da Figura 32 mostra alguns dos casos de uso para um sistema de comércio financeiro. Introdução ao Sistema de Comércio de Emissões da UE, incluindo o funcionamento do sistema de capitais, como alocações gratuitas são alocadas, detalhes sobre o cumprimento, a inclusão. Requisitos de Relatórios de Entidades da Coroa. As entidades da Coroa nas quais a Coroa tem uma compra, bem como uma participação acionária, além de demonstrações financeiras, são. Padrões de análise para entidades de gerenciamento de relacionamento com clientes em uma comunidade comercial podem desempenhar o sistema precisa entender as organizações. VISÃO GERAL DO ARB O programa de comércio de emissões é projetado para fornecer às entidades abrangidas a flexibilidade de buscar Ligado com o sistema de capandransmissão da Qubecs. A Direção de Execução (ED) invadiu as instalações de duas entidades que negociam em Bitcoins, uma moeda virtual, disseram autoridades hoje. A NFA é a organização autônoma do setor para a U. Intercompany e Intracompany em R12 Cada entidade do sistema é atribuída a uma conta intercompanhia definida para diferentes entidades jurídicas de parceiros comerciais. Glossário FAQS Outras entidades como os comerciantes de energia e Eles publicam dados de preços volumosos para milhares de locais no sistema em. Saiba mais sobre as diferentes entidades envolvidas na desmaterialização de contratos de commodities com o principal fornecedor de commodities da Kotak Commodities India. A Bloomberg recebe aprovação para emitir negócios legais com contrapartes comerciais em sistemas universais e padrão para instrumento e entidade. Capítulo 14 Entidades relacionadas intencionalmente: um exame detalhado de um sistema de banco de dados para narrações temporárias do espaço: HGIS e o estudo das redes comerciais. Fevereiro de 2015 foram revogadas. Nova Deli: o regulador Sebi levantou a negociação. Novos sistemas de negociação para mercados do Reino Unido provados pelo Exchange Council Paris, todas as antigas entidades do grupo APX, com exceção do belga. Esquemas de comércio de emissões em todo o mundo. June As entidades competentes que participam do ETS da UE O Cazaquistão inicia o início do sistema de comércio de emissões. Restrições comerciais comerciais. A Regra proíbe que uma entidade bancária se envolva em negociação proprietária. A negociação de propriedade é definida como significando, em relação a entidades cobertas, engajar como principal da conta de negociação da entidade bancária em qualquer compra ou venda de um ou mais instrumentos financeiros. Muitos sistemas de comércio de emissões fornecem às entidades uma maior flexibilidade no cumprimento de parte do seu Sistema Uniforme de Contas é a única orientação contábil. Entity Group são resolvidas algumas informações da complexidade das atividades de comércio comercial entre o importador e convidadas pelos sistemas iniciados. Uso de salvaguarda da seção 475 por negociação em uma entidade 10 de maio de 2016 Por: Robert A. Green, CPA Conservador e sistema de negociação de opções simples para negociar QQQ e SPY opções descobertas (opções nua). Este capítulo fornece uma visão geral da Oracle Trading Community em um único sistema e assegura-se de que a Oracle granular Oracle Trading Community Architecture. Identificador de entidade legal O que é atualizado e presente neste sistema. Aqui está o que você precisa saber sobre o dia de negociação, incluindo gráficos comerciais gratuitos, normalmente, isso significa evitar sistemas que são excessivamente complexos. Empresa comercial (Entity Relationship Diagram) Empresa comercial. Diagrama ER para o sistema de gerenciamento do hotel Por Lankika. Fazendo negócios no Reino da Arábia Saudita Um guia fiscal e legal Para facilitar os procedimentos para entidades estrangeiras criando em SAR 20 milhões para negociação A empresa de instalações de execução de swap anunciou que separou seus serviços de processamento de sua plataforma de execução comercial de derivativos e criou uma nova entidade, truePTS. Um banco de dados gratuito, aberto e pesquisável de informações do Identificador de Entidade Legal (LEI) U. Agências Aprovam a Regra Final de Volcker, Regimes de Conformidade Aplicáveis ​​às Entidades Bancárias 2013, o Conselho de Governadores do Sistema da Reserva Federal. Introdução Futuros e Opções Entidades no Segmento Derivativo Participantes em um Mercado Derivativo Negociação, Solução de Liquidação Gestão de Riscos FAQ Sistema de Negociação Seguindo entidades que, por 3 anos, possuem ativos totais de pelo menos 30 bilhões de euros e atividades de negociação de 70 bilhões de euros ou 10 de ativos totais: Banco da UE todas as agências (onde quer que se encontre no mundo) Pais da UE do banco da UE todas as agências e subsidiárias em grupo (onde quer que estejam localizadas no mundo) Filiais não pertencentes aos bancos da UE. Com cerca de 7 000 funcionários e ativos de aproximadamente 20 bilhões, o Grupo ATCO oferece excelência em serviços e soluções de negócios inovadoras em todo o mundo. Departamento de Sistemas de Informação; Departamento de Supervisão de Bolsa e Trading Platforms; Entidades supervisionadas. Entities Search Entity Relationship Diagram. Um diagrama de relacionamento de entidade, também chamado modelo de relação de entidade, é uma representação gráfica de entidades e seus relacionamentos. Conselho de Valores e Câmbio da Índia A bolsa de valores reconhecida deve implementar um sistema para publicar um aviso de negociação de ações da entidade. Novo Sistema Fiscal de Negócios (Sistema Fiscal Simplificado) Bill 2000. O estoque de negociação é definido na seção 6010 do Sistema de Imposto de Negócios Novos de Lei de 1997 (Taxa de Entidade). As entidades empresariais que conduzem negócios eletronicamente são chamadas de parceiros comerciais. O que é Electronic Data Interchange (EDI)? O que é o intercâmbio eletrônico de dados. O uso expandido de um Identificador de Entidade Legal (LEI) padronizado pode permitir que as organizações avaliem e gerenciem riscos de forma mais eficiente, ao mesmo tempo em que fornecem. Entidade FISCALIDADE O Governo anunciará a política em um Novo Sistema de Taxas, introduzindo maior consistência nos fideicomissos da unidade corporativa e na negociação pública. O Sistema de Classificação de Participação Eletiva e Eletiva para o Canadá design de um sistema fiscal consistente para entidades empresariais. O sistema de imputação aplica-se apenas a empresas e dividendos e a entidades que são tratadas como empresas (por exemplo, uma entidade jurídica é uma construção legal através da qual a lei permite que um grupo de pessoas físicas atuem como se estivessem em alguns sistemas legais Legislação separada. SEBI DEBARRED Entidades Download como Excel Spreadsheet Sr. Nome do membro comercial Clg. Sua aplicação, deve continuar funcionando para manter o acesso ao sistema de negociação do IB. Sim: Sim: ENTRADAS DE CORRETORES INTERATIVOS. Este trecho da SOA: Princípios de Design de Serviços explica o modelo de serviço da entidade e como ele pode ser alavancado para automatizar vários processos de negócios. Nova Delhi, Set 24 (PTI) O regulador Sebi levantou a proibição de negociação em 14 entidades que alegadamente usaram a plataforma do mercado de ações para lavagem de dinheiro e impostos. CFTC aumenta a supervisão de segurança cibernética para estrutura de mercado e outras entidades de infra-estrutura de mercado incluem a tecnologia de Wall Street, sistemas bancários. Negociação estendida; opções de negociação Will Bl Ockchains Renomeie as Entidades Corporativas maneiras em que as cadeias de bloqueio podem afetar o sistema de votação por procuração. Um método para gerenciar comércio eletrônico é fornecido. Em um mercado eletrônico com regras de correspondência comercial, uma pluralidade de primeiros pedidos cada um associado a uma conta. Suporte de suporte para você e seu parceiro comercial Dart Entities. Dart Entities EDI Qualquer outro sistema ERP; Vamos Conectar! O programa Californias Capandtrade é limitado. A negociação permite que as entidades compram e venda e o Sistema de Comércio de Emissões da UE. Negociação global do sistema LEI. 65 trilhões de melhores paises de. As entidades comerciais devem Ajay Tyagi ter dito hoje que as entidades precisam manter o prazo de 31 de dezembro para a ligação KYCAadhaar em caso de sistema comercial. Criando Coleções de Objetos de Entidade. Método de campo. O principal sistema de negociação da Barclays. Uma introdução ao sistema de negociação do banco global e a forma como os graduados poderiam se envolver no trabalho. Trading Nation Trader Talk As entidades da U. norte-coreanas para acessar a U. EUA sancionam entidades chinesas e russas para realizar negócios com a Coréia do Norte. Os EUA derrubaram empresas chinesas e russas com sanções. O Sistema Global de Identificação de Entidade Legal (em breve abreviado para GLEIS) é projetado para resolver os problemas de identidade corporativa. Um glossário de termos utilizados nos pagamentos e sistemas de liquidação aceita qualquer estabelecimento comercial ou de serviço que adquira a entidade ou entidades que. FATCA: Implicações para NonUS Funds nonUS) entidades que não estão isentas ou negociadas em ativos financeiros. O Tesouro designou seis entidades chinesas, para obter acesso às U. Novas sanções dos EUA Target North Korea Trading que visam entidades terceirizadas, os sistemas bancários digitais internacionais estavam dentro. Em um nível básico, a regra Volcker destina-se a limitar os riscos para o sistema financeiro que o Congresso acredita que pode ser criado por: (i) operações de negociação proprietárias de instituições de depósito seguradas, entidades bancárias estrangeiras com certos U. DoddFranks Título VII reforma de derivados OTC 3 sistema financeiro entidades financeiras Bancos. Países, Entidades e Pessoas Controladas ou Embargadas de Exportação. Países com entidades restritas no gráfico de entidades EAR. Após a NSE, a BSE líder da BSE alertou as entidades de mercado para se protegerem de um "script de software malicioso" que atende a setores críticos como energia e finanças. Bolhas dos Estados Unidos sancionam as entidades russas e chinesas para apoiar As sanções visam as empresas de países terceiros e os indivíduos que auxiliam as pessoas já designadas que. Faça login na sua negociação no nosso Sistema Global de Gerenciamento de Entidades, a necessidade de um sistema de gerenciamento de entidade que permita que os departamentos trabalhem. Home Press Center, isolando-os da U. Korea Taesong Trading Company e. Entidades norte-coreanas para acessar a U. Rich Earth Trading. O Commodity Futures Trading que ajudou a torpedear o sistema financeiro em 2008 é três entidades principais que policiais em Wall Street. Artigos etiquetados com 'Entidades legais para Daytrading' na ação Forex Comece a negociar como profissionais CICI Utility Progresso para uma solução LEI global por instituições financeiras para identificar clientes ou sistemas de numeração de negociação. Definindo dados de parceiros comerciais Esta entidade parceira comercial está vinculada a um endereço físico na configuração usando a administração do sistema. Saiba quais são abrangidos pelo sistema Fair Work e o que outras entidades não incorporadas; não comercial O que existia antes do Ombudsman do Trabalho Justo? Nome Nova Deli, 24 de setembro (PTI) O regulador Sebi levantou a proibição de negociação em 14 entidades que alegadamente usaram mal a plataforma do mercado de ações por dinheiro. The CFTCs proposed rule, on the other hand, would require entities to trade pursuant to independent trading systems and to have risk management systems that preclude the sharing of certain information. ShortTerm Trading Account, unless the banking entity can demonstrate, based on all relevant facts and Financial derivatives are financial instruments that are and credit risk, etc. System of. Electronic Trading: New Hong Kong regulations in 2014 or registered entities only trading system that you are. Commodity Futures Trading The Commodity Futures Trading Commission is considering adopting amendments to the definition systems. Optimize your trading speed and efficiency with Interactive Brokers Trader Workstation, a global trading system which lets you use a suite of online trading. Trading accuracy for faster entity linking Trading accuracy for faster named entity linking. NEL system on which Home Press Center Press Releases Treasury Sanctions Individuals Kumsan Trading Corporation for parts or items used in ScudB missile systems. This section of the FEDERAL REGISTER 1 See Conformance Period for Entities Engaged in Prohibited Proprietary Trading or Private Equity Tony came from humble beginnings, making a living in his early days slinging a battered Aurora Clipper around the Ellis system hauling ore for his fathers mining. Having issued more than 240, 000 LEIs to entities from over 200 DTCCs legal entity identifier service, GMEI utility, readies industry for Trading Systems Binary Options Trading System STRIKER9 Video Watch the Binary Options Trading System video below to find out more about the Binary Options Trading System. On the righthand side of the 'Entity details' screen are the following tickboxes: Master This paper presents a new high level software architecture used to develop automated trading agents in betting exchange markets. Betfair betting exchange entity is. Sebi has revoked trading ban imposed on 82 entities which had come under the used the securities market system to artificially increase volume and. Trades between third country entities that would be subject to EMIR if multilateral trading system Your Survival Guide. MiFID II MiFIR: Your Survival Guide. Logging database operations in Entity Framework and handling Exceptions; Author: Dholakiya Ankit; Updated: 8 Feb 2016; Section: C# ; Chapter: Languages; Updated: 8. Day Trading Entities Review Scam or Not Click here to find out accounting standards board directive 4 transitional provisions for medium and low capacity municipalities and trading entities. The MAS issued a consultation paper on its proposals to expand the scope of the Act to regulate OTC derivatives. Singapore Finance and Banking Colin Ng. At the G20 Summit (IDBB), or Alternative Trading System (ATS). If the counterparty is a customer, Financial market regulation: rated entities. MiFID II Series: Frequently Asked Questions: Legal Entity Identifier Frequently Asked Questions: Legal Entity Identifier All entities trading equity or debt. FATCA Frequently Asked Questions (FAQs) or trading in securities, opening of the FFI Registration system and extended most of the FATCA deadlines established. Cybersecurity needs to learn from algorithmic trading. IT security and a better way of doing User and Entity. Online Trading and manage up to 50 stocks as a single entity using basket trading. System availability and response. The Impact of Proposed Volcker Rule Regulations on the the Board of Governors of the Federal Reserve System for nonU. These 307 entities were barred by Sebi from trading in the securities market in 2014 and 2015 on suspicion of market thus helping bring black money into the system. Prior to the submission of any transactions to the TDH production system, Trading Partner agrees to submit test transactions to TDH. Payment systems in the United States. United States CPSS Payment media used by nonfinancial entities 4. Allegro creates commodity trading and risk management software, OASIS, transmission system operators, regulatory entities and market data. Financial reporting in the power and utilities industry 3 Emission trading scheme and certified emission Financial reporting in the power and utilities. ISC is the leading provider of registry and information management services for public data and records. Visit our investor website to learn more about ISC, including. The Spanish securities operated by an investment firm or a managing entity Securities are traded in euros in the Spanish electronic trading system. WPF MVVM RealTime Trading freeze and crash is a field of study in complex adaptive systems and I decided Another class worth mentioning is the Entity. Meet your compliance, audit and legal entity data management requirements with the most complete entity risk source available for understanding complex corporate. A netting system collates because a more professional approach to FX trading can be employed. In a typical netting Using a netting system, each entity pays or. Data import, export and migration Plan data import, export, Export configured entities, and import them into another system Best Do not use This section of the FEDERAL REGISTER FEDERAL RESERVE SYSTEM 12 CFR Part 225 regulating banking entities trading Beginners Guide to Commodities Trading in India. Everything you always wanted to know about how to trade commodites in India Trade Alert, LLC is a software and services company focused on the synthesis and distribution of securities market intelligence to financial professionals. A list of our legal trading entities across the world. Pulse Software Systems Ltd Reg. About us; Community; Corporate governance. Establishing a fair system for evaluating of financial statements of foreign entities the likelihood of any improper trading activity. Swing Trading Systems Technical Analysis Trader Taxes Trading Strategy With a legal entity, you can lock in the business benefits of trading. Banking Entity Trading Under the Volcker Rule. GLEIS Global Legal Entity Identifier System trading names, Entity Plus Frequently Asked Questions ENTITIES File Enterprise bean method calls may permeate the network layers of the system even trading application, a Composite Entity that Entity Inherits Transfer Object. Government Entities; Trocar é a comercialização de um produto ou serviço para outro. In modern Internet barter exchanges. Entities trading eFiling entity that may have a less automated system and enter the data by hand in a software application like Microsoft Excel or Access. Belief Sustains 4Dimensional Entities The beliefs of humans over time emits out of the physical plane and The Soul Trading System; The Bigger. The Volcker Rule, International the financial system and constrain financial instrument by a banking entity is for the trading account of the banking entity.

Entities in the trading system in Indian Stock Markets.

There are four entities in the trading system. Trading members, clearing members, professional.

clearing members and participants.

1. Trading members: Trading members are members of NSE. They can trade either on their own.

account or on behalf of their clients including participants. The exchange assigns a Trading member.

ID to each trading member. Each trading member can have more than one user. The number of.

users allowed for each trading member is notifi ed by the exchange from time to time. Each user.

of a trading member must be registered with the exchange and is assigned an unique user ID. O.

unique trading member ID functions as a reference for all orders/trades of different users. This ID is.

common for all users of a particular trading member. It is the responsibility of the trading member.

to maintain adequate control over persons having access to the fi rm’s User IDs.

2. Clearing members: Clearing members are members of NSCCL. They carry out risk management.

activities and confi rmation/inquiry of trades through the trading system.

3. Professional clearing members: A professional clearing members is a clearing member who is not.

a trading member. Typically, banks and custodians become professional clearing members and clear and settle for their trading members.

4. Participants: A participant is a client of trading members like financial institutions. These clients.

may trade through multiple trading members but settle through a single clearing member.

Responses to Frequently Asked Questions Concerning Regulation SCI.

September 2, 2015 (Updated December 8, 2016)

Responses to these frequently asked questions (“FAQs”) were prepared by and represent the views of the staff of the Division of Trading and Markets (“Staff”). They are not rules, regulations, or statements of the Securities and Exchange Commission (“Commission”). Further, the Commission has neither approved nor disapproved of these interpretive answers.

For Further Information Contact: Sara Hawkins, Special Counsel, at (202) 551-5523; Geoff Pemble, Special Counsel, at (202) 551-5628; or Alexander Zozos, Attorney-Adviser, at (202) 551-6932; Division of Trading and Markets, Securities and Exchange Commission, 100 F Street, NE, Washington, DC 20549-6628.

Introdução.

The Commission adopted Regulation SCI and Form SCI (“Form”) in November 2014 to strengthen the technology infrastructure of the U. S. securities markets.[1] Specifically, the rules are designed to reduce the occurrence of systems issues, improve resiliency when systems problems do occur, and enhance the Commission’s oversight and enforcement of securities market technology infrastructure. Regulation SCI applies to “SCI entities,” a term which includes SROs (including stock and options exchanges, registered clearing agencies, FINRA and the MSRB), alternative trading systems (“ATSs”) that trade NMS and non-NMS stocks exceeding specified volume thresholds, disseminators of consolidated market data (“plan processors”), and certain exempt clearing agencies. Regulation SCI applies primarily to the systems of SCI entities that directly support any one of six key securities market functions – trading, clearance and settlement, order routing, market data, market regulation, and market surveillance (“SCI systems”).[2]

Regulation SCI requires SCI entities to establish written policies and procedures reasonably designed to ensure that their systems have levels of capacity, integrity, resiliency, availability, and security adequate to maintain their operational capability and promote the maintenance of fair and orderly markets, and that they operate in a manner that complies with the Exchange Act.[3] In addition, Regulation SCI requires SCI entities to take corrective action with respect to SCI events (defined to include systems disruptions, systems compliance issues, and systems intrusions), notify the Commission of such events, and disseminate information about certain SCI events to affected members or participants (and, for certain major SCI events, to all members or participants of the SCI entity).[4] Moreover, Regulation SCI requires SCI entities to conduct a review of their systems by objective, qualified personnel at least annually, submit quarterly reports regarding completed, ongoing, and planned material changes to their SCI systems to the Commission,[5] and maintain certain books and records.[6] It also requires SCI entities to mandate participation by designated members or participants in scheduled testing of the operation of their business continuity and disaster recovery plans, including backup systems, and to coordinate such testing on an industry - or sector-wide basis with other SCI entities.[7]

The compliance date of Regulation SCI is nine months after the effective date of the regulation, or November 3, 2015. ATSs newly meeting the thresholds in the definition of SCI ATS for the first time are provided an additional six months from the time that an ATS first meets the applicable thresholds to comply with the requirements of Regulation SCI. Further, with respect to the industry - or sector-wide coordinated testing requirement of Rule 1004(c), SCI entities have 21 months from the effective date, which is an additional year beyond the compliance date for the other requirements of Regulation SCI.

The Staff may update these FAQs periodically. In each update, the FAQs modified or added after publication of the last version will be marked with “ MODIFIED” or “NEW” .

The interpretive questions addressed in this document are as follows:

Section 1: SCI Entities.

Question 1.01: For alternative trading systems trading NMS stocks, is the calculation to determine whether such an ATS is an SCI ATS based on both NMS stock prongs of the definition of SCI ATS?

Under the definition of “SCI ATS” in Rule 1000 of Regulation SCI, with regard to NMS stocks, an ATS will be subject to Regulation SCI if, during at least four of the preceding six calendar months, it had: (i) five percent or more in any single NMS stock, and 0.25 percent or more in all NMS stocks, of the average daily dollar volume reported by applicable effective transaction reporting plans, or (ii) one percent or more, in all NMS stocks, of the average daily dollar volume reported by applicable effective transaction reporting plans. In determining whether an ATS meets this definition, the two prongs of the definition must be examined separately. Specifically, to become subject to Regulation SCI as an SCI ATS with regard to NMS stocks, an ATS would need to meet the applicable volume threshold in either prong of the test (viewed independently of each other) for four out of the previous six calendar months. As an example, if during a six-month period, an ATS met the first prong of the threshold (had five percent or more of the average daily volume in a single NMS stock and 0.25 percent or more in all NMS stocks) in months one and three only and met the second prong (had one percent or more of the average daily volume in all NMS stocks) in months two and five only, the ATS would not be an SCI ATS. Rather, the ATS would only become subject to Regulation SCI if it met the first prong for four out of the previous six months or the second prong for four out of the previous six months.

Section 2: Systems of SCI Entities.

Question 2.01: What does it mean for a system to “be reasonably likely to pose a security threat to SCI systems” in the definition of “indirect SCI systems”? (MODIFIED)

Systems meeting the definition of “indirect SCI systems” are subject to the provisions of Regulation SCI relating to security standards and systems intrusions.[8] The Commission explained in the SCI Adopting Release that it believed that indirect SCI systems should be included within the scope of Regulation SCI because such systems could serve as vulnerable entry points into SCI systems.[9] Accordingly, Rule 1000 defines “indirect SCI systems” as “any systems of, or operated by or on behalf of, an SCI entity that, if breached, would be reasonably likely to pose a security threat to SCI systems.” As the Commission noted in the SCI Adopting Release, whether a system is “reasonably likely to pose a security threat to SCI systems” for purposes of the definition of “indirect SCI systems” in Rule 1000 depends on whether a system is effectively physically or logically separated from SCI systems.[10] In particular, the analysis should consider whether a system is sufficiently isolated through adequate separation and security controls such that it does not provide vulnerable points of entry into SCI systems.[11] First, an SCI entity will need to identify which of its systems meet the definition of “SCI systems” in Rule 1000 of Regulation SCI. SCI entities should then identify the boundaries for their SCI systems, and assess which controls or methods of separation are appropriate or necessary to ensure effective physical or logical separation. For each of its SCI systems, the SCI entity should consider consulting existing industry standards on logical and physical separation and conform to such standards as appropriate.[12] In addition, as part of the SCI entity’s annual SCI review required by Rule 1003(b),[13] it would be appropriate for the objective personnel to review the effectiveness of the controls and methods of separation and determine whether non-SCI systems are outside of the scope of the definition of “indirect SCI systems.” In the SCI Adopting Release, the Commission noted that the universe of an SCI entity’s indirect SCI systems is in the control of each SCI entity. If an SCI entity establishes reasonably designed and effective controls so that non-SCI systems are logically or physically separated from SCI systems, they will not be indirect SCI systems. In this regard, it is possible that an SCI entity could design and implement its security controls such that few or none of its non-SCI systems would be reasonably likely to pose a security threat to SCI systems and thus, are not indirect SCI systems. However, if it is possible for an SCI system to be accessed, for example, via electronic or physical means by an unauthorized user from a non-SCI system, such non-SCI system would be an “indirect SCI system” and would be subject to certain provisions of Regulation SCI. Further, it should be noted that a non-SCI system need not connect directly to an SCI system to be an “indirect SCI system.” Rather, a non-SCI system is an “indirect SCI system” if it is reasonably likely to pose a security threat to an SCI system, if breached, whether such threat is posed by virtue of a direct connection to the SCI system, or through another indirect SCI system.

Question 2.02: Are the SCI systems of plan processors that are securities information processors (“SIPs”) considered to be SCI systems of each SCI SRO that provides and receives market data from the SIPs?

No. As the Commission stated in the SCI Adopting Release, because they deal with consolidated market data, the systems of each plan processor that is a SIP are central features of the national market system.[14] While each such entity is subject to Regulation SCI directly because, as a plan processor, it falls within the definition of SCI entity pursuant to Rule 1000, the SCI systems of such SIPs relating to consolidated market data are not SCI systems of each SCI SRO that provides and receives market data from such SIPs. “SCI systems” are defined as all computer, network, electronic, technical, automated or similar systems of, or operated by or on behalf of , an SCI entity that, with respect to securities, directly support, among other things, market data. As such, the systems of, or operated by or on behalf of, such SIPs are SCI systems of the SIP itself and therefore, the SIP is responsible for compliance with the requirements of Regulation SCI with regard to those systems. Although an SCI SRO that provides such SIP its market data provides it as an input into the SIP’s consolidated data, and may also utilize the SIP’s consolidated market data feed as an input into its trading, routing, or compliance functionality, the SIP is not operating its systems “on behalf of” any SCI SRO. Therefore, these SIP systems are not considered to be SCI systems of SCI SROs. Of course, an SCI SRO’s systems that are used to process and send the SCI SRO’s own market data to these SIPs and that receive and process consolidated market data from the SIPs ( i. e. , systems that interface into and out of the SIP systems) would be SCI systems of the SCI SRO as a system operated by the SCI SRO that directly supports market data.

Question 2.03: If an SCI entity utilizes a third party to operate SCI systems on its behalf, how may the SCI entity ensure compliance with Regulation SCI with regard to such systems?

As the Commission noted in the SCI Adopting Release, an SCI entity may determine to contract with third parties to operate SCI systems on its behalf.[15] However, that SCI entity is responsible for having in place processes and requirements to ensure that it is able to satisfy the requirements of Regulation SCI for SCI systems[16] operated on its behalf by a third party and, if an SCI entity is uncertain of its ability to manage a third-party relationship (whether through appropriate due diligence, contract terms, monitoring, or other methods) to satisfy the requirements of Regulation SCI, the SCI entity would need to reassess its decision to outsource the applicable system to such third party.[17] These requirements include the obligations, under Rule 1001, to establish, maintain and enforce policies and procedures reasonably designed to, among other things, ensure that those SCI systems (1) have levels of capacity, integrity, resiliency, availability and security adequate to maintain the SCI entity’s operational capability and promote fair and orderly markets, and (2) operate in a manner that complies with the Act and the rules and regulations thereunder, and the entity’s rules and governing documents, as applicable. They also include the obligations of SCI entities under Rules 1002-1005, such as those with respect to SCI events, systems changes, SCI reviews, business continuity and disaster recovery plans, and recordkeeping.

In these cases, however, the Staff believes the expertise and access of the third party directly operating the applicable SCI system could be reasonably leveraged by the SCI entity on whose behalf that system is being operated in fulfilling regulatory obligations under Regulation SCI. For example, where an SCI entity (“Contracting SCI Entity”) has contracted with another entity (“Operating Entity”) to perform certain functions on its behalf that use SCI systems, the Contracting SCI Entity may look to the Operating Entity to take the initial steps to facilitate the meeting of certain obligations under Regulation SCI, subject to appropriate due diligence by the Contracting SCI Entity. For instance, the Operating Entity might take the initial steps for establishing the policies and procedures required under Regulation SCI for the relevant SCI system(s).[18]

Similarly, because the Operating Entity may have more immediate access to information regarding SCI events affecting an SCI system, the Operating Entity may determine to take the initial and supporting role in complying with the rule’s requirements relating to notifications of SCI events under Rule 1002. For example, the Operating Entity may be asked by the Contracting SCI Entity to draft any applicable notification in the first instance and then provide the Contracting SCI Entity with the draft of the submission, which the Contracting SCI Entity could submit to the Commission after performing its own appropriate due diligence, including review of and any revisions to such draft it deemed appropriate. [19]

The Contracting SCI Entity may rely on the Operating Entity’s expertise, direct access to systems, and more timely information to take the initial steps to help facilitate the Contracting SCI Entity’s compliance with certain requirements of Regulation SCI, so long as the reliance is reasonable and the Contracting SCI Entity exercises appropriate due diligence.[20] In the case of all applicable requirements of Regulation SCI, the Staff believes that it is important that the Contracting SCI Entity maintain the right ( i. e., in its contractual arrangements with the Operating Entity) to request relevant documents and perform regulatory inspections or audits. Further, it may be appropriate for the Operating Entity to provide to the Contracting SCI Entity certain attestations as to compliance with Regulation SCI requirements. At the same time, the Staff believes that relying on attestations alone would not constitute sufficient appropriate due diligence by the Contracting SCI Entity. As noted above, where the Contracting SCI Entity utilizes an Operating Entity to operate SCI systems on its behalf, the Contracting SCI Entity remains responsible for ensuring compliance with Regulation SCI with respect to such SCI systems.

Question 2.04: Is every system involved in delivering an order to another trading center an SCI system?

Whether the particular systems used in connection with order routing constitute SCI systems of an SCI entity depends on the particular facts and circumstances of the arrangement. As a general matter, systems used for routing orders to other trading centers are within the scope of the definition of SCI systems, which includes “all computer, network, electronic, technical, automated, or similar systems of, or operated by or on behalf of, an SCI entity that, with respect to securities, directly support trading, clearance and settlement, order routing , market data, market regulation, or market surveillance.” The Staff understands, however, that SCI entities utilize various arrangements for routing orders to other trading centers. For example, orders may be routed through an affiliated broker-dealer router or through one or more third-party routing brokers, and use a variety of connectivity providers as part of that process. For example, routed orders may pass through the systems of several routing brokers and telecommunications providers before the routing process is complete and the order reaches its intended destination.

Determining which routing systems are, in fact, SCI systems under Regulation SCI requires an analysis as to which systems “directly support” the order routing functionality offered by the SCI entity. In this respect, the Staff believes that all systems used by the SCI entity in the order routing process — up to and including those systems that make the determination of which trading center to route a particular order, and the price, size and other characteristics thereof — are systems that “directly support” the order routing of the SCI entity and, as such, are SCI systems of the SCI entity. The Staff believes this to be the case irrespective of whether such routing logic is housed at a third party ( e. g. , a third party routing broker), or within the SCI entity or an affiliated broker. However, the Staff believes that those systems that are involved in the delivery of the order to a trading center after a routing decision is made, and without any ability to alter that routing decision, would generally not be SCI systems of the SCI entity. [21]

The Staff notes that, in addition to the requirements of Regulation SCI, many SCI entities are subject to other obligations under the federal securities laws and rules thereunder with regard to order routing. For example, Rule 611 of Regulation NMS requires a trading center to establish, maintain, and enforce written policies and procedures that are reasonably designed to prevent trade-throughs on that trading center of protected quotations in NMS stocks that do not fall within an exception set forth in the rule and, if relying on such an exception, that are reasonably designed to assure compliance with the terms of the exception.[22] A trading center must take prompt action to remedy any deficiencies in such policies and procedures. To the extent a systems issue with an order routing system results in non-compliance with Regulation NMS, such systems issue would need to be reported to the Commission as a “systems compliance issue” under Regulation SCI.

Question 2.05: Are the systems of utilities ( e. g. , power companies) that provide services necessary for the performance of the core functions covered by Regulation SCI considered to be SCI systems of the SCI entities that rely upon them?

As a general matter, it is unlikely that the systems of utility companies (such as a power company providing general power services for an SCI entity) would be SCI systems. As noted above, SCI systems are defined in Rule 1000 as “all computer, network, electronic, technical, automated, or similar systems of, or operated by or on behalf of, an SCI entity that, with respect to securities, directly support trading, clearance and settlement, order routing, market data, market regulation, or market surveillance.” Systems that provide general power services undoubtedly support many of the functions of an SCI entity. However, the Staff believes that such systems generally would indirectly support these functions as they provide products or services that are necessary for the SCI systems to operate, but are not systems that perform the core functions themselves. Therefore, the Staff does not believe the systems of the utilities such as power companies generally would be SCI systems of an SCI entity.

Though such systems may not be SCI systems, SCI entities should be aware of how issues relating to such systems may impact their obligations under Regulation SCI. For example, an issue at a power utility may interrupt the electric power supplied to an SCI entity’s SCI systems. Even if the outage at the power utility’s system would not itself be an SCI event, there is a significant likelihood that an SCI entity would nonetheless experience an SCI event following such an outage. For example, the power outage may cause one or more SCI systems of an SCI entity to themselves experience systems disruptions, which would require the SCI entity to take certain actions pursuant to Rule 1002 of Regulation SCI (including corrective action, Commission notification, and information dissemination, as applicable).

The Staff also notes that Rule 1001(a) requires that an SCI entity have policies and procedures reasonably designed to ensure that its SCI systems have levels of capacity, integrity, resiliency, availability, and security adequate to maintain the SCI entity’s operational capability and promote the maintenance of fair and orderly markets. In addition, Rule 1001(a)(2)(iv) requires such policies and procedures to include regular reviews and testing, as applicable, of such systems, including backup systems, to identify vulnerabilities pertaining to internal and external threats, physical hazards, and natural or manmade disasters. As such, given the importance of utilities such as the supply of power to the operation of its SCI systems, an SCI entity should consider whether its policies and procedures should contemplate and address the potential occurrence of SCI events that arise from the effect of the failure or disruption of such utilities on SCI systems.

Question 2.06: Can ATSs have market regulation and/or market surveillance systems under the definition of SCI systems?

As noted above in Question 1.01, an alternative trading system that meets the volume thresholds in the definition of “SCI ATS” in Rule 1000 of Regulation SCI is subject to Regulation SCI as an SCI entity, and its SCI systems, critical SCI systems, and indirect SCI systems must comply with the requirements of Regulation SCI. Regulation SCI’s definition of “SCI systems” includes all computer, network, electronic, technical, automated or similar systems of, or operated by or on behalf of, an SCI entity that, with respect to securities, directly support market regulation and market surveillance.

In the context of Regulation SCI, the Staff believes that market regulation systems are intended to refer to those used to carry out self-regulatory responsibilities under the Act. SCI SROs such as national securities exchanges, national securities associations, and registered clearing agencies are subject to a variety of obligations as self-regulatory organizations under the Act, including enforcing their rules and the federal securities laws with respect to their members. [23] ATSs do not have such self-regulatory responsibilities. Accordingly, the Staff believes that it is unlikely that an SCI ATS would have systems falling within the category of market regulation systems.

With respect to market surveillance systems, in adopting Regulation SCI, the Commission narrowed the definition of SCI systems to include those systems relating to “market surveillance,” rather than the broader term “surveillance” which had been in the proposed definition of SCI systems.[24] In doing so, the Commission stated that it believed that the “change will more appropriately capture only those…surveillance systems that are related to core market functions, such as trading, clearance and settlement, order routing, and market data.”[25] In the context of Regulation SCI, market surveillance systems of an SCI ATS would consist of those systems used by the SCI ATS in its role as a trading venue to monitor the order entry, trading, or other market-related activities conducted on or by the SCI ATS. For example, the Staff understands that many ATSs maintain such systems to surveil market-related activities for compliance with certain federal securities laws and the rules and regulations thereunder (such as Regulation SHO). In addition, the Staff understands that many ATSs also maintain such systems to surveil market-related activities for subscriber compliance with the ATS’s own rules and governing documents, as applicable, such as those designed to limit certain types of trading behavior or otherwise maintain the quality of its market.[26]

Question 2.07: What is the meaning of “exclusively-listed securities” in the definition of “critical SCI systems”?

“Critical SCI systems” are a subset of “SCI systems,” and Regulation SCI subjects critical SCI systems to certain heightened requirements, including a two-hour resumption goal following a wide-scale disruption[27] and broader dissemination obligations for “major SCI events.”[28] Rule 1000 of Regulation SCI defines “critical SCI systems” as “any SCI systems of, or operated by or on behalf of, an SCI entity that: (1) directly support functionality relating to: (i) clearance and settlement systems of clearing agencies; (ii) openings, reopenings, and closings on the primary listing market; (iii) trading halts; (iv) initial public offerings; (v) the provision of consolidated market data; or (vi) exclusively-listed securities; or (2) provide functionality to the securities markets for which the availability of alternatives is significantly limited or nonexistent and without which there would be a material impact on fair and orderly markets.”[29]

As discussed in the Regulation SCI Adopting Release, the definition of critical SCI systems in Regulation SCI was designed to cover “those SCI systems whose functions are critical to the operation of the markets, including those systems that represent potential single points of failure in the securities markets.”[30] With regard to systems that directly support functionality relating to exclusively-listed securities, the Commission stated that such systems “represent single points of failure because exclusively-listed securities, by definition, are listed and traded solely on one exchange.”[31] Accordingly, the Commission noted that all trading by all market participants in such securities necessarily will be disrupted by a trading disruption or outage on the exclusive listing market.[32]

The Staff believes that whether a security is an “exclusively-listed security” for purposes of Regulation SCI depends on the specific facts and circumstances relating to the listing and trading of such security. For example, if a security is subject to an intellectual property or other restriction that expressly limits the listing and trading of the security to a single trading venue, that security would clearly be an exclusively-listed security for purposes of Regulation SCI.

On the other hand, if a security is subject to an intellectual property or other restriction that does not expressly limit trading to a single trading venue ( e. g. , such that multiple trading venues potentially could list and trade the security if they enter into the requisite licensing or similar arrangement), then there should be an analysis of whether the security has, in fact, been licensed to more than one trading venue. If so, then the security would not be an “exclusively-listed security” for purposes of Regulation SCI. If, however, such a security has not, in fact, been licensed to more than one trading venue, it would be considered an “exclusively-listed security,” as an external requirement prevents, limits, or otherwise excludes other trading venues from immediately listing or trading the security.

Finally, if a security is not subject to an intellectual property or other restriction that limits the listing or trading of that security to particular trading venues, but the security lists or trades on only one trading venue due to low demand or other market conditions, such a security would not be considered an “exclusively-listed security” for purposes of Regulation SCI. In such a case, unlike a security that is subject to an intellectual property or other restriction, there is nothing external that prevents, limits, or otherwise excludes other trading venues from immediately listing or trading the security.

Question 2.08: Which SCI systems relating to the communication of “trading halts” are “critical SCI systems”?

Critical SCI systems is defined in Rule 1000 to include any SCI systems of, or operated by or on behalf of, an SCI entity that, among other things, directly support functionality relating to trading halts. In the SCI Adopting Release, the Commission stated, for the purposes of clarity, that the term “trading halts,” for purposes of this definition, was intended to capture market-wide halts, such as regulatory halts, rather trading halts on an individual market.[33] The Commission also noted that it is typically the responsibility of the primary listing market to call such a trading halt and stated that, “systems which communicate information regarding trading halts provide an essential service in the U. S. markets and, should a systems issue occur affecting the ability of an SCI entity to provide such notifications, the fair and orderly markets may be significantly impacted.”[34]

Given that the definition of critical SCI systems was designed to identify SCI systems whose functions may represent potential single points of failure in the securities markets,[35] the Staff believes that those systems that are responsible for disseminating such market-wide trading halt communications (typically from the primary listing market to other trading venues and market participants more broadly) across the markets represent potential single points of failure, and as such, are critical SCI systems. However, those systems used by a trading center to receive such market-wide trading halt communications or to implement a trading halt on a particular market would not be considered to be critical SCI systems, though they would be SCI systems under Regulation SCI.

Question 2.09: Are systems that support the provision of historical market data included within the scope of the definition of “SCI systems”? (NEW)

Rule 1000 of Regulation SCI defines SCI systems to mean “all computer, network, electronic, technical, automated, or similar systems of, or operated by or on behalf of, an SCI entity that, with respect to securities, directly support … market data.” Although Regulation SCI does not define the term “market data,” the Commission stated in the SCI Adopting Release that “that term generally refers to price information for securities, both pre-trade and post-trade, such as quotations and transaction reports.”[36] The Commission further noted that both consolidated and proprietary market data was within the scope of Regulation SCI, as both types of market data systems “are widely used and relied upon by a broad array of market participants, including institutional investors, to make trading decisions.”[37]

The Staff believes that the Commission’s statements in the Adopting Release indicate that market data systems are included within the scope of Regulation SCI largely because of their role in supporting price transparency, and thus the trading decisions of market participants.[38] Specifically, as highlighted by the Commission’s discussion in the Adopting Release,[39] if a “consolidated or a proprietary market data feed became unavailable or otherwise unreliable, it could have a significant impact on the trading of the securities to which it pertains, and could interfere with the maintenance of fair and orderly markets.”[40] In contrast, the unavailability or unreliability of a historical market data system would not have a similar impact on trading or the maintenance of fair and orderly markets where such data systems do not have a significant role in supporting price transparency. The Staff therefore believes that, if an SCI entity reasonably determines that a system providing historical market data generally is not used by market participants as a source of price transparency in connection with trading decisions, then it would be appropriate for the SCI entity to categorize such a system as outside of the scope of the definition of “SCI system.”[41] The Staff notes that whether or not historical market data provided by a system is used by market participants as a source of price transparency in connection with trading decisions will depend on the particular facts and circumstances, including the liquidity of the security and its asset class. For example, market data that is several days old likely would not be relied upon by market participants in making trading decisions in NMS stocks, particularly those which are highly liquid, but may be used to make trading decisions for certain illiquid fixed income securities. Accordingly, SCI entities would need to analyze which systems may be appropriately excluded from the definition of “SCI systems” as providing only historical market data that is generally not relied upon by market participants in connection with making trading decisions. As with other aspects of an SCI entity’s compliance with Regulation SCI, the Commission and its staff may review the SCI entity’s determination with regard to historical market data systems, including the SCI entity’s analysis and factors considered, to assess whether the SCI entity’s determination was, and continues to be, reasonable and consistent with the requirements of Regulation SCI.

Section 3: SCI Events.

Question 3.01: Does the de minimis exception under Rule 1002(c)(4)(ii) apply to SCI events affecting critical SCI systems?

Sim. Rule 1002(c)(1)(i) of Regulation SCI requires an SCI entity, promptly after any responsible SCI personnel has a reasonable basis to conclude that an SCI event that is a systems disruption or systems compliance issue has occurred, to disseminate information about such SCI event, unless an exception applies. With respect to a “major SCI event” ( i. e. , an SCI event that has had, or the SCI entity reasonably estimates would have: (1) any impact on a critical SCI system, or (2) a significant impact on the SCI entity’s operations or on market participants), Rule 1002(c)(3) requires that the information required to be disseminated under Rules 1002(c)(1)-(2) shall be promptly disseminated by the SCI entity to all of its members or participants.

Rule 1002(c)(4) provides certain exceptions to the information dissemination requirement. In particular, Rule 1002(c)(4)(ii) provides an exception for any SCI event that has had, or the SCI entity reasonably estimates would have, no or a de minimis impact on the SCI entity’s operations or on market participants. As noted above, an SCI event that has had or would have any impact on a critical SCI system is a “major SCI event.” The SCI Adopting Release noted that, because major SCI events are a subset of SCI events, the exception for de minimis events also applies to major SCI events that meet the requirements of Rule 1002(c)(4)(ii).[42] Therefore, it is possible for an SCI entity to experience an SCI event that affects a critical SCI system (and thus is a major SCI event), but does not require the dissemination of information about such major SCI event to all members or participants because it falls within the de minimis exception to the rule. For example, if there was a successful virus attack to a server for a critical SCI system, such as a clearance and settlement system of a clearing agency, which was immediately detected by antivirus software and quarantined, and the SCI entity reasonably determined that such attack had no or a de minimis impact on the SCI entity’s operations or on market participants, information about such SCI event would not be required to be disseminated to members or participants under Rule 1002.

Question 3.02: How should SCI entities contact the Commission for SCI events that require immediate notification to the Commission under Rule 1002(b)(1) or for updates pertaining to such SCI events pursuant to Rule 1002(b)(3)?

Pursuant to Rule 1006, the notifications relating to SCI events required by Rules 1002(b)(2) and 1002(b)(4) are required to be filed electronically with the Commission on Form SCI. Rules 1002(b)(1) and 1002(b)(3), however, do not prescribe the specific method for providing immediate notifications to the Commission of SCI events or for regular updates to the Commission, respectively. As noted in the SCI Adopting Release, these rules provide flexibility so that an SCI entity may provide such immediate notifications and updates orally ( e. g. , by telephone) or in writing ( e. g. , by email or on Form SCI).[43] Though it is not required, the Staff encourages SCI entities to make use of Form SCI when appropriate, as it provides a standardized means for submitting such notifications and updates to the Commission; in addition, SCI entities are permitted to electronically request confidential treatment of all information filed on Form SCI in accordance with Regulation SCI. However, if an SCI entity chooses instead to provide an immediate notification or update of an SCI event to comply with the requirements of Rule 1002(b)(1) or 1002(b)(3) without using Form SCI, it may do so through the designated phone number or email address that Commission staff will make available to each SCI entity prior to the compliance date of Regulation SCI. Of course, SCI entity personnel may additionally, as a secondary notification, notify or update any other Commission staff that it feels appropriate, including any staff member with whom the SCI entity’s personnel consults regarding the issues relating to a given SCI event.

Question 3.03: If an SCI entity loses a redundant component of a system but has a seamless failover, is that a systems disruption?

Whether the failure of a system component with a seamless failover to a backup system constitutes a systems disruption depends on the particular facts and circumstances of the incident. It is not automatically a systems disruption simply because a component failed; nor is it automatically excluded from being an SCI event simply because there was a seamless failover. Rather, an SCI entity would have to determine whether such a failure meets the definition of “systems disruption” under Rule 1000. A systems disruption is defined in Rule 1000 as an event in an SCI entity’s SCI systems that disrupts, or significantly degrades, the normal operation of an SCI system. The Staff encourages SCI entities to establish parameters regarding what constitutes normal operations for each of its SCI systems so that it is able to ascertain when such normal operations have been disrupted or significantly degraded.

Question 3.04: Does an SCI entity need to report to the Commission virus alerts produced by its security software on its email systems?

Generally speaking, it is the Staff’s expectation that many corporate email systems of SCI entities will not be subject to Regulation SCI because they do not meet the definition of “SCI systems” or “indirect SCI systems” under Rule 1000 of Regulation SCI. Specifically, Rule 1000 defines “SCI systems” as “all computer, network, electronic, technical, automated, or similar systems of, or operated by or on behalf of, an SCI entity that, with respect to securities, directly support trading, clearance and settlement, order routing, market data, market regulation, or market surveillance.” If the corporate email systems at issue do not directly support any one of the six enumerated areas ( i. e. , trading, clearance and settlement, order routing, market data, market regulation, market surveillance), they would not constitute SCI systems and would not be subject to Regulation SCI’s reporting rules. Of course, to the extent that such email systems directly support any one of the six enumerated areas ( i. e. , trading, clearance and settlement, order routing, market data, market regulation, market surveillance), such functionality would be considered to be an SCI system and, as such, would be subject to the reporting and other requirements of Regulation SCI.[44]

However, even if the corporate email systems at issue do not directly support the above enumerated areas and thus do not constitute SCI systems, the SCI entity would need to determine whether the corporate email systems fall into the category of “indirect SCI systems,” which are defined in Rule 1000 as “any systems of, or operated by or on behalf of, an SCI entity that, if breached, would be reasonably likely to pose a security threat to SCI systems.” As discussed in the SCI Adopting Release, whether a system is an indirect SCI system will depend on whether it is effectively physically or logically separated from SCI systems.[45] Thus, an SCI entity should consider taking the steps necessary to ensure that its corporate email systems would not, if breached, be reasonably likely to pose a security threat to its SCI systems. However, if the corporate email systems would, if breached, be reasonably likely to pose a security threat to the SCI entity’s SCI systems, they would be indirect SCI systems and subject to the various provisions of Regulation SCI with respect to security, including the reporting requirements with regard to systems intrusions.

Thus, a virus alert produced by security software on a corporate email system that is not an SCI system or an indirect SCI system would not be indicative of an SCI event that would be reportable pursuant to Rule 1002. To the extent an email system is an SCI system or an indirect SCI system, however, a virus alert occurring in that system could indicate the occurrence of a “systems intrusion,” i. e. , any unauthorized entry into the SCI entity’s SCI systems or indirect SCI systems, which an SCI entity would be required to report to the Commission. As noted in the SCI Adopting Release, attempted ( i. e. , unsuccessful) virus attacks would not be required to be reported to the Commission.[46]

Question 3.05: Would a systems issue that significantly impacts only a small number of market participants constitute a “major SCI event”?

Under Rule 1000 of Regulation SCI, “major SCI event” is defined as an SCI event that has had, or the SCI entity reasonably estimates would have, any impact on a critical SCI system, or a significant impact on the SCI entity’s operations or on market participants. With respect to an SCI event that is a major SCI event because it has a significant market impact on market participants, the definition does not set forth a minimum number of market participants that must be impacted for an SCI event to be a major SCI event. Rather than focusing solely on the number of market participants impacted, an SCI entity should analyze the facts and circumstances regarding the impact of an SCI event and may consider how the event affects one or more, or a given group or class, of market participants as a whole and whether it has a “significant impact” on such market participants. In conducting such an analysis, the Staff believes it would be appropriate that an SCI entity take into account the relative significance of the market participant(s) impacted, whether by trading volume, importance to the operation of the SCI entity, or such other factors an SCI entity determines to be appropriate. For example, if a systems disruption at an exchange only impacts two market makers but such market makers are two of the largest on the exchange, such an event could constitute a major SCI event if the impact on those two participants would be considered significant. If an SCI event is deemed to be a major SCI event, information regarding the event would be required to be disseminated to all of an SCI entity’s members or participants (rather than only to those members or participants that have been affected, as is required for SCI events that are not major SCI events).[47]

Question 3.06: If an SCI entity experiences an SCI event that also impacts other SCI entities, do all of the SCI entities need to report it to the Commission?

Rule 1002(b) of Regulation SCI requires that, upon any responsible SCI personnel having a reasonable basis to conclude that an SCI event has occurred, the SCI entity must provide the Commission with notifications pertaining to such event, as well as regular updates until the event is resolved. Although a single incident may affect multiple SCI entities, it is incumbent upon each SCI entity to fulfill its own obligations under Rule 1002(b). Thus, each SCI entity that experiences an SCI event is required to submit the required notifications and updates under Rule 1002(b), regardless of whether it believes that other SCI entities are also affected by the same systems issue. This is required even where an SCI event affects a single system that is used by multiple affiliated entities.[48]

As noted in the SCI Adopting Release, the Commission viewed such individualized SCI event notices to be important and did not believe that allowing certain entities to forego notification where a given event appears to be affecting multiple SCI entities would be appropriate because each SCI entity and its systems may be impacted differently by the systems issue, and each entity may have a unique perspective on the details surrounding the event.[49] In addition, the initial analysis of an SCI entity that it is affected by the same systems issue affecting other SCI entities may be incorrect and, by receiving notifications from various SCI entities, the Commission will be better positioned to determine whether, in fact, they are concurrently experiencing the same event.[50]

In this regard, Rule 1002(b) and Form SCI require, among other things, information regarding the SCI entity’s assessment of the types and number of market participants potentially affected by the SCI event; the potential impact on the market; and a description of the steps the SCI entity has taken, is taking, or plans to take, with respect to the SCI event. In many cases, this information will be different for each entity impacted by an SCI event. For example, the impact of a given SCI event may differ between SCI entities depending upon a wide variety of factors, including the specific policies and procedures in place at an SCI entity relating to the affected system and the types of market participants that comprise an SCI entity’s members or participants, among others. These individual facts and perspectives are valuable to the Commission and its staff, and may assist the Commission and its staff to gather the relevant facts and develop a more thorough understanding of the event and where the failure or systems issue may have arisen. The Staff believes that this is the case even in instances where the SCI event affects a single system that is used by multiple affiliated entities. The Staff believes that in many cases, the information provided pursuant to the requirements of Form SCI would not be identical for each entity, and believes that it is important to have each entity’s individual response to the requirements of Form SCI for the reasons noted above.

Question 3.07: When is a systems compliance issue “resolved” for purposes of Rule 1002?

A systems compliance issue is defined by Rule 1000 as “an event at an SCI entity that has caused any system of such entity to operate in a manner that does not comply with the Act and the rules and regulations thereunder or the entity’s rules or governing documents, as applicable.” Several requirements of Rule 1002 regarding Commission notification of SCI events are dependent on the date that an event is resolved, including those relating to submitting updates and the final report to the Commission regarding an SCI event. If an SCI entity has experienced a systems compliance issue, such an event may be “resolved” for purposes of Regulation SCI in one of two ways. First, the issue could be resolved when the SCI system’s functionality is modified so that it operates in accordance with the Act, rules and regulations thereunder, and the entity’s existing rules. Second, in the case where an SCI entity’s systems are operating in a manner that does not comply with the entity’s own rules or governing documents, but are not otherwise in violation of the Act or rules thereunder, the system compliance issue could be resolved by modifying the entity’s rules or governing documents to accurately reflect the operation of the system. For an SCI SRO, this would be accomplished through the filing with the Commission of a proposed rule change under Section 19(b) and the proposed rule change becoming effective or being approved by the Commission, as applicable. For other SCI entities, it would entail completing whatever steps are necessary under the entity’s rules or governing documents to effectuate such a modification to such documents.

Question 3.08: How may information related to an SCI event be disseminated? (NEW)

Rule 1002(c)(1)-(2) of Regulation SCI requires an SCI entity, promptly after any responsible SCI personnel has a reasonable basis to conclude that an SCI event has occurred, to disseminate certain information about such SCI event, unless one of the exceptions set forth in Rule 1002(c)(4) applies.[51] With respect to “major SCI events,”[52] Rule 1002(c)(3) requires that such information be promptly disseminated by the SCI entity to all of its members or participants. For non-major SCI events, the SCI entity must promptly disseminate such information only to those members or participants of the SCI entity that it has reasonably estimated may have been affected by the SCI event, as well as any additional members or participants that it subsequently reasonably estimates may have been affected by the SCI event.[53]

Regulation SCI does not specify the means by which information about SCI events must be disseminated. However, the Staff understands that, in practice, SCI entities routinely disseminate information regarding major SCI events in writing, such as through an electronic alert to all members or participants, or a public website posting. Such practices can facilitate the SCI entity’s compliance with its recordkeeping requirements under Rule 1005.

When an SCI event is not a “major SCI event,” and dissemination only is required to be made to affected members and participants, it may in some cases be practical to communicate the required information orally ( e. g. , by telephone). While Regulation SCI is sufficiently flexible to permit the oral dissemination of such information, Rule 1005 requires SCI entities to make, keep, and preserve all documents relating to their compliance with Regulation SCI.

Section 4: Business Continuity and Disaster Recovery Plans (“BC/DR plans”) Testing.

Question 4.01: Do the testing requirements of Rule 1004 require two different tests, i. e. , one test that includes participation of members or participants and another test that is industry - or sector-wide?

No. Rule 1004 does not require two separate tests of BC/DR plans, one which includes the participation of members or participants and one that does not. Rather, Rule 1004(b) and (c) should be read in conjunction, so that SCI entities can conduct functional and performance testing of their BC/DR plans with the participation of designated members or participants and in coordination with other SCI entities on an industry - or sector - wide basis not less than once every 12 months.[54] Further, as stated by the Commission in the SCI Adopting Release, participation by members and participants of SCI entities in the testing of SCI entity BC/DR plans on an industry - or sector-wide basis would reduce duplicative efforts and be more cost effective than if members or participants were to test with each SCI entity on an individual basis.[55] Therefore, Rule 1004 provides for coordinated BC/DR plan testing that includes the participation of designated members or participants. At the same time, the Commission noted in the SCI Adopting Release that SCI entities are not required to conduct all functional and performance testing at once and in coordination with other SCI entities all at the same time.[56] Rather, the Commission noted that if, to meet the requirements of the rule, a single annual test cannot be properly conducted, SCI entities have flexibility to design their testing to include, for example, weekend testing and testing in segments over the course of a year.[57]

Question 4.02: When are SCI entities required to complete their initial testing of their business continuity and disaster recovery plans with designated members or participants, as required by Rule 1004(b)?

Rule 1004 of Regulation SCI sets forth the requirements for testing an SCI entity’s BC/DR plans with members or participants. This rule requires that, with respect to an SCI entity’s BC/DR plan, including its backup systems, each SCI entity shall: (a) establish standards for the designation of those members or participants that the SCI entity reasonably determines are, taken as a whole, the minimum necessary for the maintenance of fair and orderly markets in the event of the activation of such plans; (b) designate members or participants pursuant to the standards established and require participation by such designated members or participants in scheduled functional and performance testing of the operation of such plans, in the manner and frequency specified by the SCI entity, provided that such frequency shall not be less than once every 12 months; and (c) coordinate the testing of such plans on an industry - or sector-wide basis with other SCI entities.

The practical effect of Rule 1004(b) is that SCI entities have up to 12 months from the compliance date of Regulation SCI to conduct the initial functional and performance testing of BC/DR plans with designated members or participants since Rule 1004(b), by its terms, requires that the frequency of such testing “not be less than once every 12 months.” Consequently, SCI entities would have until November 2, 2016 (12 months from the compliance date of Regulation SCI) to complete their initial BC/DR testing with designated members or participants.

Section 5: Recordkeeping.

Question 5.01: What type of “written undertaking” will satisfy the requirements of Rule 1007 relating to service bureaus or other recordkeeping services?

To ensure that records required to be filed or kept by an SCI entity under Regulation SCI are prepared or maintained by a service bureau or other recordkeeping service on behalf of the SCI entity are available for review by the Commission and its representatives, Rule 1007 of Regulation SCI provides that the SCI entity must submit “a written undertaking, in a form acceptable to the Commission, by such service bureau or other recordkeeping service, signed by a duly authorized person at such service bureau or other recordkeeping service.” Rule 1007 further provides that such a written undertaking “shall include an agreement by the service bureau to permit the Commission and its representatives to examine such records at any time or from time to time during business hours, and to promptly furnish to the Commission and its representatives true, correct, and current electronic files in a form acceptable to the Commission or its representatives or hard copies of any or all or any part of such records, upon request, periodically, or continuously and, in any case, within the same time periods as would apply to the SCI entity for such records.” The written undertaking required by Rule 1007 may be in the form of a letter containing the required elements and should be submitted to the Commission as soon as an SCI entity engages a service bureau or other recordkeeping service. This letter, as well as any subsequent update (as necessary), should be submitted to the designated email address or physical address that Commission staff will make available to each SCI entity prior to the compliance date of Regulation SCI.

Section 6: Compliance Dates.

Question 6.01: When is the report of the first annual SCI review due to the Commission?

Rule 1003(b)(1) of Regulation SCI requires an SCI entity to conduct an “SCI review” of the SCI entity’s compliance with Regulation SCI not less than once per calendar year.[58] An SCI review must contain (1) a risk assessment with respect to an SCI entity’s SCI systems and indirect SCI systems, and (2) an assessment of internal control design and effectiveness of such systems to include logical and physical security controls, development processes, and information technology governance, consistent with industry standards.[59] Pursuant to Rule 1003(b)(2), an SCI entity must submit a report of the SCI review to senior management of the SCI entity for review no more than 30 calendar days after completion of such a review. Moreover, under Rule 1003(b)(3), an SCI entity must submit to the Commission, and to the board of directors of the SCI entity or the equivalent of such board, a report of the SCI review and any response by senior management within 60 calendar days after its submission to senior management. Consequently, if an SCI entity’s initial SCI review (“2015 SCI review”) was completed on December 31, 2015, the report of the SCI review would be due to senior management of the SCI entity no later than January 30, 2016, with such report and any response by senior management due to the Commission and the SCI entity’s board no later than March 31, 2016.

The Staff recognizes that the 2015 SCI review will be the first such review conducted pursuant to the requirements of Regulation SCI, and SCI entity personnel and the objective personnel performing such review will be considering the assessments required by the review for the first time. Furthermore, given that the applicable Regulation SCI compliance date is November 3, 2015, this initial review necessarily will be based on a smaller amount of operational information, reporting, and other data than subsequent SCI reviews. The Staff also acknowledges that SCI entities are likely to be fine-tuning their policies and procedures during the initial months following the Regulation SCI compliance date.

Accordingly, the Staff would expect the 2015 SCI review to be primarily focused on assessing the design and initial implementation of the SCI entity’s policies and procedures and other mechanisms for compliance with Regulation SCI, including their reasonableness and comprehensiveness. Although any significant weaknesses revealed during the initial implementation period would, of course, need to be addressed by the 2015 SCI review, the Staff acknowledges that a limited amount of operational data may be generated during that period and, as such, the Staff believes it is appropriate to focus on such design and implementation aspects for purposes of the 2015 SCI review. In subsequent years, however, the objective personnel performing SCI reviews would need to fully assess the operational data generated during the applicable year in performing their assessments.

Question 6.02: When does the calculation begin for determining whether an alternative trading system is an SCI ATS?

Under the definition of “SCI ATS” in Rule 1000 of Regulation SCI, an ATS will be subject to Regulation SCI if, during at least four of the preceding six calendar months, it had:

With respect to NMS stocks: (i) five percent or more in any single NMS stock, and 0.25 percent or more in all NMS stocks, of the average daily dollar volume reported by applicable effective transaction reporting plans, or (ii) one percent or more, in all NMS stocks, of the average daily dollar volume reported by applicable effective transaction reporting plans; or With respect to non-NMS stocks and for which transactions are reported to a SRO, five percent or more of the average daily dollar volume as calculated by the SRO to which such transactions are reported.

The effective date of Regulation SCI was February 3, 2015, after which ATSs must evaluate whether they met the enumerated thresholds specified in the definition of “SCI ATS” ( i. e. , during four of the preceding six-months). Specifically, in determining whether it falls into the category of SCI ATS, an ATS should, beginning with the month of February 2015 (and in each month thereafter), review its trading activity in the prior six-month period to determine whether it has met the thresholds applicable to SCI ATSs.

Paragraph (c) of the definition of SCI ATS also provides that an ATS that meets any of the volume thresholds in the definition for the first time is not required to comply with the requirements of Regulation SCI until six months after satisfying the thresholds for the first time. For example, if an ATS satisfied the thresholds in the definition of SCI ATS for the first time in June 2015, it would have six months from that time to become fully compliant with Regulation SCI, and thus would have to comply with the requirements of Regulation SCI by December 2015.[60]

[1] See Securities Exchange Act Release No. 73639 (November 19, 2014), 79 FR 72252 (December 5, 2014) (“SCI Adopting Release”).

[2] Regulation SCI also applies to “indirect SCI systems,” which are any systems that, if breached, are likely to pose a security threat to SCI systems. Further, certain SCI systems that are “critical SCI systems” are held to certain heightened requirements under Regulation SCI. See 17 CFR 242.1000 (definitions of “SCI systems,” “indirect SCI systems,” and “critical SCI systems”).

[4] See 17 CFR 242.1002. See also 17 CFR 242.1006.

[6] See 17 CFR 242.1005. See also 17 CFR 242.1007.

[8] See SCI Adopting Release, 79 FR at 72280-81.

[10] See SCI Adopting Release, 79 FR at 72280.

[12] For example, NIST 800-53 Rev. 4, “Security and Privacy Controls for Federal Information Systems and Organizations” contains controls that would be relevant to risk assessments and system interconnections and separation. Among others, such controls include: System and Communications Protection Control Family (particularly SC-7 (Boundary Protection)); CA-3 (System Interconnections), CA-9 (Internal System Connections), PL-2 (System Security Plan), PL-8 (Information Security Architecture), RA-3 (Risk Assessment), AC-5 (Separation of Duties), AC-6 (Least Privilege), AC-14, (Permitted Actions without Identification or Authentication), AC-17 (Remote Access), AC-20 (Use of External Information Systems), CM-5 (Access Restrictions for Change), CM-7 (Least Functionality), and SA-9 (External Information System Services). In addition, the Appendices to NIST Special Publication 800-47, “Security Guide for Interconnecting Information Technology Systems,” describes a formally documented interconnection that details responsibilities, logical protections and controls, and other issues that are relevant to the NIST 800-53, Rev. 4 control CA-3 (System Interconnections)). See Staff Guidance on Current SCI Industry Standards, November 19, 2014, available at sec. gov/rules/final/2014/staff-guidance-current-sci-industry-standards. pdf (listing NIST 800-53 Rev. 4 as one example of a publication that an SCI entity could look to in developing reasonable policies and procedures to comply with Rule 1001(a) of Regulation SCI).

[14] See SCI Adopting Release, 79 FR at 72271.

[15] See SCI Adopting Release, 79 FR at 72275-76. These contracts may be with another SCI entity, as in the case of a regulatory services agreement, or with a non-SCI entity.

[16] Rule 1000 defines SCI systems as “all computer, network, electronic, technical, automated, or similar systems of, or operated by or on behalf of, an SCI entity that, with respect to securities, directly support trading, clearance and settlement, order routing, market data, market regulation, or market surveillance.”

[17] See SCI Adopting Release, 79 FR at 72275-76.

[18] Appropriate due diligence and oversight by the Contracting SCI Entity in such case could include, among other things: (1) reviewing the policies and procedures developed by the Operating Entity; (2) discussing any concerns it identifies with the Operating Entity and working with the Operating Entity to ensure that the policies and procedures comply with Regulation SCI; and (3) periodically reviewing the maintenance and enforcement of the policies and procedures by the Operating Entity, including through assessing the reports of SCI reviews, which should include any weaknesses in such policies and procedures. The Contracting SCI Entity could also incorporate the policies and procedures of the Operating Entity into its own policies and procedures and detail its policies and procedures for conducting appropriate due diligence and overseeing the performance of the Operating Entity under Regulation SCI. However, the Staff does not believe it would be sufficient for the Contracting SCI Entity to solely rely on representations of the Operating Entity with respect to the adequacy of its policies and procedures, or to merely assume they are being maintained and enforced by the Operating Entity in accordance with Regulation SCI.

[19] In cases where the Operating Entity is itself an SCI entity (“Operating SCI Entity”) and, for example, the Operating SCI Entity uses a market surveillance system for itself as well as on behalf of the Contracting SCI Entity such that the system is an SCI system of each SCI entity, the Staff believes that it would be acceptable for the Operating SCI Entity to provide immediate notifications of SCI events to the Commission via phone or email on behalf of the Contracting SCI Entity. In such cases, it would be appropriate that the SCI entities have written agreements in place to authorize the Operating SCI Entity to provide such immediate notifications on behalf of the Contracting SCI Entity, as well as itself, including designating appropriate personnel of the Operating SCI Entity as “responsible SCI personnel” for the limited purpose of immediate notifications under Rule 1002(b)(1). In addition, such agreements should ensure that the Contracting SCI Entity is immediately informed of such communications (for example, a notification submitted via email could be sent to the Contracting SCI Entity at the same time that it is sent to the Commission). The Staff notes that if the SCI entities choose to use the EFFS system for such immediate notifications, each would have to individually submit a Form SCI for the SCI event ( i. e. , in this example, both the Contracting SCI Entity and the Operating SCI Entity). Ultimately, however, each SCI entity remains responsible for ensuring its own compliance with Regulation SCI, including ensuring both the timely submission of any required SCI event notification, as well as the accuracy and completeness of such notifications.

[20] For example, the Contracting SCI Entity and the Operating Entity may agree that it is appropriate for the Operating Entity to take certain corrective actions, as required by Rule 1002(a), following SCI events. In such cases, among other things, the Contracting SCI Entity could be notified of the SCI event and the action to be taken, and the Contracting SCI Entity could periodically review and assess the Operating Entity’s performance with regard to corrective action taken in response to SCI events. Further, with respect to reporting systems changes pursuant to Rule 1003(a), as with the notifications required by Rules 1002(b)(2)-(4), the Operating Entity may determine to, for example, provide the Contracting SCI Entity with a draft of the applicable submission, which the Contracting SCI Entity could submit to the Commission after performing its own appropriate due diligence, including review of and any revisions to such draft it deemed appropriate. In addition, where the third party operating the SCI system is an Operating SCI Entity, the Contracting SCI Entity may also determine that it is appropriate to allow the Operating SCI Entity’s objective personnel to conduct the SCI review (or employ third party objective personnel to conduct such SCI review) and prepare the report of the SCI review as required by Rule 1003(b). In such instances, the Contracting SCI Entity would need to exercise appropriate due diligence, which could include, but is not necessarily limited to, among other things, ensuring that the SCI review is conducted in accordance with the requirements of Regulation SCI ( e. g. , that it is performed by experienced, objective personnel), as well as reviewing the SCI report and taking appropriate action to ensure that any noted deficiencies are appropriately remedied.

[21] The Staff notes that the analysis in Question 2.04 regarding the types of systems that “directly support” order routing is limited to the order routing function. A different analysis may apply to systems supporting the other key functions covered by Regulation SCI – trading, clearance and settlement, market data, market regulation, and market surveillance – which involve different processes and risks.

[23] Sections 6(b), 15A, and 17A(b)(3) of the Exchange Act impose obligations on national securities exchanges, national securities associations, and clearing agencies, respectively, to be “so organized” and “[have] the capacity to…carry out the purposes of [the Exchange Act].” See Sections 6(b)(1), 15A(b)(2), and 17A(b)(3) of the Exchange Act, 15 U. S.C. 78f(b)(1), 78 o -3(b)(2), 78q-1(b)(3), respectively.

[24] In adopting Regulation SCI, the Commission similarly narrowed the definition of SCI systems to include those systems relating to “market regulation,” rather than the broader term “regulation” as was proposed. See Rule 1000 of Regulation SCI.

[25] See SCI Adopting Release, 79 FR at 72275.

[26] The Staff notes that a market surveillance system need not be used exclusively by an SCI ATS to be considered an SCI system. For example, a market surveillance system used to surveil trading activity on an SCI ATS that is also used to surveil trading by the customers of its broker-dealer operator or other affiliates would be an SCI system. However, to the extent certain components of such a market surveillance system are used exclusively to surveil trading activity of the customers of its broker-dealer operator or other affiliates, those components of the market surveillance system would not be an SCI system.

Further, the Staff notes that whether a system used for market surveillance meets the definition of SCI system is not dependent on whether such system conducts real-time surveillance. In the SCI Adopting Release, the Commission expressly stated that it was not limiting the definition of SCI systems strictly to real-time systems because such a limitation could “exclude relevant systems, such as certain… market surveillance systems operated by or on behalf of an SCI entity, which the Commission views as integral to one or more of the six functions identified in the definition.” See SCI Adopting Release, 79 FR at 72274, n.226.

[30] See SCI Adopting Release, 79 FR at 72277.

[31] See SCI Adopting Release, 79 FR at 72279.

[33] See SCI Adopting Release, 79 FR at 72278, n.286.

[34] See SCI Adopting Release, 79 FR at 72278.

[35] See SCI Adopting Release, 79 FR at 72277.

[36] See SCI Adopting Release, 79 FR at 72275. Under Regulation SCI, market data systems may meet either the definition of “SCI systems” or “critical SCI systems.” Specifically, systems that “[d]irectly support functionality relating to … [t]he provision of consolidated market data” are “critical SCI systems,” while other types of market data systems, such as those that directly support proprietary market data systems, are “SCI systems.” In the Adopting Release, the Commission emphasized the importance of consolidated market data, noting that it “provides the public with ready access to a comprehensive and reliable source of information for the prices and volume of any NMS stock at any time during the trading day” and “helps to ensure that the public is aware of the best displayed prices for a stock, no matter where they may arise in the national market system.” See SCI Adopting Release, 79 FR at 72279.

[37] See SCI Adopting Release, 79 FR at 72275.

[38] In this regard, the Commission noted in the SCI Adopting Release that systems providing or directly supporting price transparency are within the scope of SCI systems, while systems solely providing or directly supporting other types of data, such as systems used by market participants to submit disclosure documents, are not within the scope of SCI systems, so long as they do not also directly support price transparency. See SCI Adopting Release, 79 FR at 72275.

[39] See SCI Adopting Release, 79 FR at 72255, nn. 31-33 (discussing market events that have involved market data-related systems issues that resulted in extended halts in trading on options exchanges, stock exchanges, and in the OTC equity securities markets).

[40] See SCI Adopting Release, 79 FR at 72275 (discussing the meaning of “market data” and concluding that both proprietary market data and consolidated market data are within the scope of the definition of SCI systems and subject to Regulation SCI).

[41] In contrast, as noted by the Commission in the SCI Adopting Release, the consolidated audit trail repository would fall within the definition of “SCI system” as a market regulation system. See SCI Adopting Release, 79 FR at 72275, n.246.

[42] See SCI Adopting Release, 79 FR at 72336 at n. 991.

[43] See SCI Adopting Release, 79 FR at 72354.

[44] Even when an email system is used to directly support one of the six enumerated areas, it does not necessarily mean that an SCI entity’s entire email system is subject to Regulation SCI. For example, if an SCI entity uses email to alert market participants of “self-help” issues, and the SCI entity determines that such functionality “directly supports” trading and/or routing, if the “self-help” functionality is effectively separated, such as through physical separation or the existence of appropriate safeguards, to ensure that the functionality is sufficiently segregated from the remainder of the corporate email system, then only the “self-help” email functionality would be subject to Regulation SCI, while the remainder of the corporate email system would not.

[45] See SCI Adopting Release, 79 FR at 72280-81.

[46] See SCI Adopting Release, 79 FR at 72288.

[47] Of course, for SCI events that are not major SCI events, an SCI entity is free (but is not required) to disseminate information about such events to all of its members or participants.

[48] In appropriate circumstances, one SCI Entity may contract with another SCI Entity to take steps to facilitate the meeting of certain obligations under Regulation SCI, including the immediate notification requirements with respect to SCI events. See supra note 19 (FAQ 2.03).

[49] See SCI Adopting Release, 79 FR at 72325.

[51] The information required to be disseminated for systems disruptions or systems compliance issues is set forth in Rule 1002(c)(1), and the information required to be disseminated for systems intrusions is set forth in Rule 1002(c)(2).

[52] A “major SCI event” is defined in Rule 1000 to mean “an SCI event that has had, or the SCI entity reasonably estimates would have: (a) any impact on a critical SCI system; or (b) a significant impact on the SCI entity’s operations or on market participants.”

[54] In this regard, paragraphs (c) and (d) of Rule 1004 both refer to the testing of “such plans,” i. e. , referencing the same BC/DR plans of an SCI entity.

[55] See SCI Adopting Release, 79 FR at 72354.

[56] See SCI Adopting Release, 79 FR at 72352.

[57] See SCI Adopting Release, 79 FR at 72352, n. 1182.

[58] However, penetration test reviews of the network, firewall, and production systems must be conducted at a frequency of not less than once every three years, and assessments of SCI systems directly supporting market regulation or market surveillance must be conducted at a frequency based upon a risk assessment, but not less than once every three years. See Rule 1003(b)(i)-(ii).

[60] The Staff notes that an ATS meeting the definition of SCI ATS as of the Effective Date does not receive an additional six months to comply with Regulation SCI after the November 3, 2015 compliance date. Rather, the six-month compliance period for SCI ATSs would give such an ATS until August 2015 to comply, but because the compliance date of Regulation SCI is November 3, 2015 for all entities, the ATS would not be required to comply with Regulation SCI until November 3, 2015. In other words, if the six-month compliance period for ATSs newly meeting the thresholds would result in a compliance date prior to the November 3, 2015 compliance date, such ATS will not be required to comply with Regulation SCI until the November 3, 2015.

QQQ Options e SPY Options Trading System.

Opções não utilizadas | Eligible Commercial Entity | opções-sistema de negociação.

Sistema de negociação de opções descobertas.

Eligible Commercial Entity.

Commercial : Commercial is an entity that is involved in the production, processing, or merchandising of a commodity.

1) The charge made by a futures commission merchant for buying and selling futures contracts;

2) the fee charged by a futures broker for the execution of an order. Note: when capitalized, the word Commission usually refers to the CFTC.

Inscreva-se agora!

poderia pagar a adesão nos próximos anos.

Declaração de Risco:

O comércio de opções nua é muito arriscado - muitas pessoas perdem dinheiro negociando. Recomenda-se entrar em contato com seu corretor ou profissional de investimentos para descobrir sobre os requisitos de risco e margem de negociação antes de se envolver na negociação de opções descobertas.

Responses to Frequently Asked Questions Concerning Regulation SCI.

September 2, 2015 (Updated December 8, 2016)

Responses to these frequently asked questions (“FAQs”) were prepared by and represent the views of the staff of the Division of Trading and Markets (“Staff”). They are not rules, regulations, or statements of the Securities and Exchange Commission (“Commission”). Further, the Commission has neither approved nor disapproved of these interpretive answers.

For Further Information Contact: Sara Hawkins, Special Counsel, at (202) 551-5523; Geoff Pemble, Special Counsel, at (202) 551-5628; or Alexander Zozos, Attorney-Adviser, at (202) 551-6932; Division of Trading and Markets, Securities and Exchange Commission, 100 F Street, NE, Washington, DC 20549-6628.

Introdução.

The Commission adopted Regulation SCI and Form SCI (“Form”) in November 2014 to strengthen the technology infrastructure of the U. S. securities markets.[1] Specifically, the rules are designed to reduce the occurrence of systems issues, improve resiliency when systems problems do occur, and enhance the Commission’s oversight and enforcement of securities market technology infrastructure. Regulation SCI applies to “SCI entities,” a term which includes SROs (including stock and options exchanges, registered clearing agencies, FINRA and the MSRB), alternative trading systems (“ATSs”) that trade NMS and non-NMS stocks exceeding specified volume thresholds, disseminators of consolidated market data (“plan processors”), and certain exempt clearing agencies. Regulation SCI applies primarily to the systems of SCI entities that directly support any one of six key securities market functions – trading, clearance and settlement, order routing, market data, market regulation, and market surveillance (“SCI systems”).[2]

Regulation SCI requires SCI entities to establish written policies and procedures reasonably designed to ensure that their systems have levels of capacity, integrity, resiliency, availability, and security adequate to maintain their operational capability and promote the maintenance of fair and orderly markets, and that they operate in a manner that complies with the Exchange Act.[3] In addition, Regulation SCI requires SCI entities to take corrective action with respect to SCI events (defined to include systems disruptions, systems compliance issues, and systems intrusions), notify the Commission of such events, and disseminate information about certain SCI events to affected members or participants (and, for certain major SCI events, to all members or participants of the SCI entity).[4] Moreover, Regulation SCI requires SCI entities to conduct a review of their systems by objective, qualified personnel at least annually, submit quarterly reports regarding completed, ongoing, and planned material changes to their SCI systems to the Commission,[5] and maintain certain books and records.[6] It also requires SCI entities to mandate participation by designated members or participants in scheduled testing of the operation of their business continuity and disaster recovery plans, including backup systems, and to coordinate such testing on an industry - or sector-wide basis with other SCI entities.[7]

The compliance date of Regulation SCI is nine months after the effective date of the regulation, or November 3, 2015. ATSs newly meeting the thresholds in the definition of SCI ATS for the first time are provided an additional six months from the time that an ATS first meets the applicable thresholds to comply with the requirements of Regulation SCI. Further, with respect to the industry - or sector-wide coordinated testing requirement of Rule 1004(c), SCI entities have 21 months from the effective date, which is an additional year beyond the compliance date for the other requirements of Regulation SCI.

The Staff may update these FAQs periodically. In each update, the FAQs modified or added after publication of the last version will be marked with “ MODIFIED” or “NEW” .

The interpretive questions addressed in this document are as follows:

Section 1: SCI Entities.

Question 1.01: For alternative trading systems trading NMS stocks, is the calculation to determine whether such an ATS is an SCI ATS based on both NMS stock prongs of the definition of SCI ATS?

Under the definition of “SCI ATS” in Rule 1000 of Regulation SCI, with regard to NMS stocks, an ATS will be subject to Regulation SCI if, during at least four of the preceding six calendar months, it had: (i) five percent or more in any single NMS stock, and 0.25 percent or more in all NMS stocks, of the average daily dollar volume reported by applicable effective transaction reporting plans, or (ii) one percent or more, in all NMS stocks, of the average daily dollar volume reported by applicable effective transaction reporting plans. In determining whether an ATS meets this definition, the two prongs of the definition must be examined separately. Specifically, to become subject to Regulation SCI as an SCI ATS with regard to NMS stocks, an ATS would need to meet the applicable volume threshold in either prong of the test (viewed independently of each other) for four out of the previous six calendar months. As an example, if during a six-month period, an ATS met the first prong of the threshold (had five percent or more of the average daily volume in a single NMS stock and 0.25 percent or more in all NMS stocks) in months one and three only and met the second prong (had one percent or more of the average daily volume in all NMS stocks) in months two and five only, the ATS would not be an SCI ATS. Rather, the ATS would only become subject to Regulation SCI if it met the first prong for four out of the previous six months or the second prong for four out of the previous six months.

Section 2: Systems of SCI Entities.

Question 2.01: What does it mean for a system to “be reasonably likely to pose a security threat to SCI systems” in the definition of “indirect SCI systems”? (MODIFIED)

Systems meeting the definition of “indirect SCI systems” are subject to the provisions of Regulation SCI relating to security standards and systems intrusions.[8] The Commission explained in the SCI Adopting Release that it believed that indirect SCI systems should be included within the scope of Regulation SCI because such systems could serve as vulnerable entry points into SCI systems.[9] Accordingly, Rule 1000 defines “indirect SCI systems” as “any systems of, or operated by or on behalf of, an SCI entity that, if breached, would be reasonably likely to pose a security threat to SCI systems.” As the Commission noted in the SCI Adopting Release, whether a system is “reasonably likely to pose a security threat to SCI systems” for purposes of the definition of “indirect SCI systems” in Rule 1000 depends on whether a system is effectively physically or logically separated from SCI systems.[10] In particular, the analysis should consider whether a system is sufficiently isolated through adequate separation and security controls such that it does not provide vulnerable points of entry into SCI systems.[11] First, an SCI entity will need to identify which of its systems meet the definition of “SCI systems” in Rule 1000 of Regulation SCI. SCI entities should then identify the boundaries for their SCI systems, and assess which controls or methods of separation are appropriate or necessary to ensure effective physical or logical separation. For each of its SCI systems, the SCI entity should consider consulting existing industry standards on logical and physical separation and conform to such standards as appropriate.[12] In addition, as part of the SCI entity’s annual SCI review required by Rule 1003(b),[13] it would be appropriate for the objective personnel to review the effectiveness of the controls and methods of separation and determine whether non-SCI systems are outside of the scope of the definition of “indirect SCI systems.” In the SCI Adopting Release, the Commission noted that the universe of an SCI entity’s indirect SCI systems is in the control of each SCI entity. If an SCI entity establishes reasonably designed and effective controls so that non-SCI systems are logically or physically separated from SCI systems, they will not be indirect SCI systems. In this regard, it is possible that an SCI entity could design and implement its security controls such that few or none of its non-SCI systems would be reasonably likely to pose a security threat to SCI systems and thus, are not indirect SCI systems. However, if it is possible for an SCI system to be accessed, for example, via electronic or physical means by an unauthorized user from a non-SCI system, such non-SCI system would be an “indirect SCI system” and would be subject to certain provisions of Regulation SCI. Further, it should be noted that a non-SCI system need not connect directly to an SCI system to be an “indirect SCI system.” Rather, a non-SCI system is an “indirect SCI system” if it is reasonably likely to pose a security threat to an SCI system, if breached, whether such threat is posed by virtue of a direct connection to the SCI system, or through another indirect SCI system.

Question 2.02: Are the SCI systems of plan processors that are securities information processors (“SIPs”) considered to be SCI systems of each SCI SRO that provides and receives market data from the SIPs?

No. As the Commission stated in the SCI Adopting Release, because they deal with consolidated market data, the systems of each plan processor that is a SIP are central features of the national market system.[14] While each such entity is subject to Regulation SCI directly because, as a plan processor, it falls within the definition of SCI entity pursuant to Rule 1000, the SCI systems of such SIPs relating to consolidated market data are not SCI systems of each SCI SRO that provides and receives market data from such SIPs. “SCI systems” are defined as all computer, network, electronic, technical, automated or similar systems of, or operated by or on behalf of , an SCI entity that, with respect to securities, directly support, among other things, market data. As such, the systems of, or operated by or on behalf of, such SIPs are SCI systems of the SIP itself and therefore, the SIP is responsible for compliance with the requirements of Regulation SCI with regard to those systems. Although an SCI SRO that provides such SIP its market data provides it as an input into the SIP’s consolidated data, and may also utilize the SIP’s consolidated market data feed as an input into its trading, routing, or compliance functionality, the SIP is not operating its systems “on behalf of” any SCI SRO. Therefore, these SIP systems are not considered to be SCI systems of SCI SROs. Of course, an SCI SRO’s systems that are used to process and send the SCI SRO’s own market data to these SIPs and that receive and process consolidated market data from the SIPs ( i. e. , systems that interface into and out of the SIP systems) would be SCI systems of the SCI SRO as a system operated by the SCI SRO that directly supports market data.

Question 2.03: If an SCI entity utilizes a third party to operate SCI systems on its behalf, how may the SCI entity ensure compliance with Regulation SCI with regard to such systems?

As the Commission noted in the SCI Adopting Release, an SCI entity may determine to contract with third parties to operate SCI systems on its behalf.[15] However, that SCI entity is responsible for having in place processes and requirements to ensure that it is able to satisfy the requirements of Regulation SCI for SCI systems[16] operated on its behalf by a third party and, if an SCI entity is uncertain of its ability to manage a third-party relationship (whether through appropriate due diligence, contract terms, monitoring, or other methods) to satisfy the requirements of Regulation SCI, the SCI entity would need to reassess its decision to outsource the applicable system to such third party.[17] These requirements include the obligations, under Rule 1001, to establish, maintain and enforce policies and procedures reasonably designed to, among other things, ensure that those SCI systems (1) have levels of capacity, integrity, resiliency, availability and security adequate to maintain the SCI entity’s operational capability and promote fair and orderly markets, and (2) operate in a manner that complies with the Act and the rules and regulations thereunder, and the entity’s rules and governing documents, as applicable. They also include the obligations of SCI entities under Rules 1002-1005, such as those with respect to SCI events, systems changes, SCI reviews, business continuity and disaster recovery plans, and recordkeeping.

In these cases, however, the Staff believes the expertise and access of the third party directly operating the applicable SCI system could be reasonably leveraged by the SCI entity on whose behalf that system is being operated in fulfilling regulatory obligations under Regulation SCI. For example, where an SCI entity (“Contracting SCI Entity”) has contracted with another entity (“Operating Entity”) to perform certain functions on its behalf that use SCI systems, the Contracting SCI Entity may look to the Operating Entity to take the initial steps to facilitate the meeting of certain obligations under Regulation SCI, subject to appropriate due diligence by the Contracting SCI Entity. For instance, the Operating Entity might take the initial steps for establishing the policies and procedures required under Regulation SCI for the relevant SCI system(s).[18]

Similarly, because the Operating Entity may have more immediate access to information regarding SCI events affecting an SCI system, the Operating Entity may determine to take the initial and supporting role in complying with the rule’s requirements relating to notifications of SCI events under Rule 1002. For example, the Operating Entity may be asked by the Contracting SCI Entity to draft any applicable notification in the first instance and then provide the Contracting SCI Entity with the draft of the submission, which the Contracting SCI Entity could submit to the Commission after performing its own appropriate due diligence, including review of and any revisions to such draft it deemed appropriate. [19]

The Contracting SCI Entity may rely on the Operating Entity’s expertise, direct access to systems, and more timely information to take the initial steps to help facilitate the Contracting SCI Entity’s compliance with certain requirements of Regulation SCI, so long as the reliance is reasonable and the Contracting SCI Entity exercises appropriate due diligence.[20] In the case of all applicable requirements of Regulation SCI, the Staff believes that it is important that the Contracting SCI Entity maintain the right ( i. e., in its contractual arrangements with the Operating Entity) to request relevant documents and perform regulatory inspections or audits. Further, it may be appropriate for the Operating Entity to provide to the Contracting SCI Entity certain attestations as to compliance with Regulation SCI requirements. At the same time, the Staff believes that relying on attestations alone would not constitute sufficient appropriate due diligence by the Contracting SCI Entity. As noted above, where the Contracting SCI Entity utilizes an Operating Entity to operate SCI systems on its behalf, the Contracting SCI Entity remains responsible for ensuring compliance with Regulation SCI with respect to such SCI systems.

Question 2.04: Is every system involved in delivering an order to another trading center an SCI system?

Whether the particular systems used in connection with order routing constitute SCI systems of an SCI entity depends on the particular facts and circumstances of the arrangement. As a general matter, systems used for routing orders to other trading centers are within the scope of the definition of SCI systems, which includes “all computer, network, electronic, technical, automated, or similar systems of, or operated by or on behalf of, an SCI entity that, with respect to securities, directly support trading, clearance and settlement, order routing , market data, market regulation, or market surveillance.” The Staff understands, however, that SCI entities utilize various arrangements for routing orders to other trading centers. For example, orders may be routed through an affiliated broker-dealer router or through one or more third-party routing brokers, and use a variety of connectivity providers as part of that process. For example, routed orders may pass through the systems of several routing brokers and telecommunications providers before the routing process is complete and the order reaches its intended destination.

Determining which routing systems are, in fact, SCI systems under Regulation SCI requires an analysis as to which systems “directly support” the order routing functionality offered by the SCI entity. In this respect, the Staff believes that all systems used by the SCI entity in the order routing process — up to and including those systems that make the determination of which trading center to route a particular order, and the price, size and other characteristics thereof — are systems that “directly support” the order routing of the SCI entity and, as such, are SCI systems of the SCI entity. The Staff believes this to be the case irrespective of whether such routing logic is housed at a third party ( e. g. , a third party routing broker), or within the SCI entity or an affiliated broker. However, the Staff believes that those systems that are involved in the delivery of the order to a trading center after a routing decision is made, and without any ability to alter that routing decision, would generally not be SCI systems of the SCI entity. [21]

The Staff notes that, in addition to the requirements of Regulation SCI, many SCI entities are subject to other obligations under the federal securities laws and rules thereunder with regard to order routing. For example, Rule 611 of Regulation NMS requires a trading center to establish, maintain, and enforce written policies and procedures that are reasonably designed to prevent trade-throughs on that trading center of protected quotations in NMS stocks that do not fall within an exception set forth in the rule and, if relying on such an exception, that are reasonably designed to assure compliance with the terms of the exception.[22] A trading center must take prompt action to remedy any deficiencies in such policies and procedures. To the extent a systems issue with an order routing system results in non-compliance with Regulation NMS, such systems issue would need to be reported to the Commission as a “systems compliance issue” under Regulation SCI.

Question 2.05: Are the systems of utilities ( e. g. , power companies) that provide services necessary for the performance of the core functions covered by Regulation SCI considered to be SCI systems of the SCI entities that rely upon them?

As a general matter, it is unlikely that the systems of utility companies (such as a power company providing general power services for an SCI entity) would be SCI systems. As noted above, SCI systems are defined in Rule 1000 as “all computer, network, electronic, technical, automated, or similar systems of, or operated by or on behalf of, an SCI entity that, with respect to securities, directly support trading, clearance and settlement, order routing, market data, market regulation, or market surveillance.” Systems that provide general power services undoubtedly support many of the functions of an SCI entity. However, the Staff believes that such systems generally would indirectly support these functions as they provide products or services that are necessary for the SCI systems to operate, but are not systems that perform the core functions themselves. Therefore, the Staff does not believe the systems of the utilities such as power companies generally would be SCI systems of an SCI entity.

Though such systems may not be SCI systems, SCI entities should be aware of how issues relating to such systems may impact their obligations under Regulation SCI. For example, an issue at a power utility may interrupt the electric power supplied to an SCI entity’s SCI systems. Even if the outage at the power utility’s system would not itself be an SCI event, there is a significant likelihood that an SCI entity would nonetheless experience an SCI event following such an outage. For example, the power outage may cause one or more SCI systems of an SCI entity to themselves experience systems disruptions, which would require the SCI entity to take certain actions pursuant to Rule 1002 of Regulation SCI (including corrective action, Commission notification, and information dissemination, as applicable).

The Staff also notes that Rule 1001(a) requires that an SCI entity have policies and procedures reasonably designed to ensure that its SCI systems have levels of capacity, integrity, resiliency, availability, and security adequate to maintain the SCI entity’s operational capability and promote the maintenance of fair and orderly markets. In addition, Rule 1001(a)(2)(iv) requires such policies and procedures to include regular reviews and testing, as applicable, of such systems, including backup systems, to identify vulnerabilities pertaining to internal and external threats, physical hazards, and natural or manmade disasters. As such, given the importance of utilities such as the supply of power to the operation of its SCI systems, an SCI entity should consider whether its policies and procedures should contemplate and address the potential occurrence of SCI events that arise from the effect of the failure or disruption of such utilities on SCI systems.

Question 2.06: Can ATSs have market regulation and/or market surveillance systems under the definition of SCI systems?

As noted above in Question 1.01, an alternative trading system that meets the volume thresholds in the definition of “SCI ATS” in Rule 1000 of Regulation SCI is subject to Regulation SCI as an SCI entity, and its SCI systems, critical SCI systems, and indirect SCI systems must comply with the requirements of Regulation SCI. Regulation SCI’s definition of “SCI systems” includes all computer, network, electronic, technical, automated or similar systems of, or operated by or on behalf of, an SCI entity that, with respect to securities, directly support market regulation and market surveillance.

In the context of Regulation SCI, the Staff believes that market regulation systems are intended to refer to those used to carry out self-regulatory responsibilities under the Act. SCI SROs such as national securities exchanges, national securities associations, and registered clearing agencies are subject to a variety of obligations as self-regulatory organizations under the Act, including enforcing their rules and the federal securities laws with respect to their members. [23] ATSs do not have such self-regulatory responsibilities. Accordingly, the Staff believes that it is unlikely that an SCI ATS would have systems falling within the category of market regulation systems.

With respect to market surveillance systems, in adopting Regulation SCI, the Commission narrowed the definition of SCI systems to include those systems relating to “market surveillance,” rather than the broader term “surveillance” which had been in the proposed definition of SCI systems.[24] In doing so, the Commission stated that it believed that the “change will more appropriately capture only those…surveillance systems that are related to core market functions, such as trading, clearance and settlement, order routing, and market data.”[25] In the context of Regulation SCI, market surveillance systems of an SCI ATS would consist of those systems used by the SCI ATS in its role as a trading venue to monitor the order entry, trading, or other market-related activities conducted on or by the SCI ATS. For example, the Staff understands that many ATSs maintain such systems to surveil market-related activities for compliance with certain federal securities laws and the rules and regulations thereunder (such as Regulation SHO). In addition, the Staff understands that many ATSs also maintain such systems to surveil market-related activities for subscriber compliance with the ATS’s own rules and governing documents, as applicable, such as those designed to limit certain types of trading behavior or otherwise maintain the quality of its market.[26]

Question 2.07: What is the meaning of “exclusively-listed securities” in the definition of “critical SCI systems”?

“Critical SCI systems” are a subset of “SCI systems,” and Regulation SCI subjects critical SCI systems to certain heightened requirements, including a two-hour resumption goal following a wide-scale disruption[27] and broader dissemination obligations for “major SCI events.”[28] Rule 1000 of Regulation SCI defines “critical SCI systems” as “any SCI systems of, or operated by or on behalf of, an SCI entity that: (1) directly support functionality relating to: (i) clearance and settlement systems of clearing agencies; (ii) openings, reopenings, and closings on the primary listing market; (iii) trading halts; (iv) initial public offerings; (v) the provision of consolidated market data; or (vi) exclusively-listed securities; or (2) provide functionality to the securities markets for which the availability of alternatives is significantly limited or nonexistent and without which there would be a material impact on fair and orderly markets.”[29]

As discussed in the Regulation SCI Adopting Release, the definition of critical SCI systems in Regulation SCI was designed to cover “those SCI systems whose functions are critical to the operation of the markets, including those systems that represent potential single points of failure in the securities markets.”[30] With regard to systems that directly support functionality relating to exclusively-listed securities, the Commission stated that such systems “represent single points of failure because exclusively-listed securities, by definition, are listed and traded solely on one exchange.”[31] Accordingly, the Commission noted that all trading by all market participants in such securities necessarily will be disrupted by a trading disruption or outage on the exclusive listing market.[32]

The Staff believes that whether a security is an “exclusively-listed security” for purposes of Regulation SCI depends on the specific facts and circumstances relating to the listing and trading of such security. For example, if a security is subject to an intellectual property or other restriction that expressly limits the listing and trading of the security to a single trading venue, that security would clearly be an exclusively-listed security for purposes of Regulation SCI.

On the other hand, if a security is subject to an intellectual property or other restriction that does not expressly limit trading to a single trading venue ( e. g. , such that multiple trading venues potentially could list and trade the security if they enter into the requisite licensing or similar arrangement), then there should be an analysis of whether the security has, in fact, been licensed to more than one trading venue. If so, then the security would not be an “exclusively-listed security” for purposes of Regulation SCI. If, however, such a security has not, in fact, been licensed to more than one trading venue, it would be considered an “exclusively-listed security,” as an external requirement prevents, limits, or otherwise excludes other trading venues from immediately listing or trading the security.

Finally, if a security is not subject to an intellectual property or other restriction that limits the listing or trading of that security to particular trading venues, but the security lists or trades on only one trading venue due to low demand or other market conditions, such a security would not be considered an “exclusively-listed security” for purposes of Regulation SCI. In such a case, unlike a security that is subject to an intellectual property or other restriction, there is nothing external that prevents, limits, or otherwise excludes other trading venues from immediately listing or trading the security.

Question 2.08: Which SCI systems relating to the communication of “trading halts” are “critical SCI systems”?

Critical SCI systems is defined in Rule 1000 to include any SCI systems of, or operated by or on behalf of, an SCI entity that, among other things, directly support functionality relating to trading halts. In the SCI Adopting Release, the Commission stated, for the purposes of clarity, that the term “trading halts,” for purposes of this definition, was intended to capture market-wide halts, such as regulatory halts, rather trading halts on an individual market.[33] The Commission also noted that it is typically the responsibility of the primary listing market to call such a trading halt and stated that, “systems which communicate information regarding trading halts provide an essential service in the U. S. markets and, should a systems issue occur affecting the ability of an SCI entity to provide such notifications, the fair and orderly markets may be significantly impacted.”[34]

Given that the definition of critical SCI systems was designed to identify SCI systems whose functions may represent potential single points of failure in the securities markets,[35] the Staff believes that those systems that are responsible for disseminating such market-wide trading halt communications (typically from the primary listing market to other trading venues and market participants more broadly) across the markets represent potential single points of failure, and as such, are critical SCI systems. However, those systems used by a trading center to receive such market-wide trading halt communications or to implement a trading halt on a particular market would not be considered to be critical SCI systems, though they would be SCI systems under Regulation SCI.

Question 2.09: Are systems that support the provision of historical market data included within the scope of the definition of “SCI systems”? (NEW)

Rule 1000 of Regulation SCI defines SCI systems to mean “all computer, network, electronic, technical, automated, or similar systems of, or operated by or on behalf of, an SCI entity that, with respect to securities, directly support … market data.” Although Regulation SCI does not define the term “market data,” the Commission stated in the SCI Adopting Release that “that term generally refers to price information for securities, both pre-trade and post-trade, such as quotations and transaction reports.”[36] The Commission further noted that both consolidated and proprietary market data was within the scope of Regulation SCI, as both types of market data systems “are widely used and relied upon by a broad array of market participants, including institutional investors, to make trading decisions.”[37]

The Staff believes that the Commission’s statements in the Adopting Release indicate that market data systems are included within the scope of Regulation SCI largely because of their role in supporting price transparency, and thus the trading decisions of market participants.[38] Specifically, as highlighted by the Commission’s discussion in the Adopting Release,[39] if a “consolidated or a proprietary market data feed became unavailable or otherwise unreliable, it could have a significant impact on the trading of the securities to which it pertains, and could interfere with the maintenance of fair and orderly markets.”[40] In contrast, the unavailability or unreliability of a historical market data system would not have a similar impact on trading or the maintenance of fair and orderly markets where such data systems do not have a significant role in supporting price transparency. The Staff therefore believes that, if an SCI entity reasonably determines that a system providing historical market data generally is not used by market participants as a source of price transparency in connection with trading decisions, then it would be appropriate for the SCI entity to categorize such a system as outside of the scope of the definition of “SCI system.”[41] The Staff notes that whether or not historical market data provided by a system is used by market participants as a source of price transparency in connection with trading decisions will depend on the particular facts and circumstances, including the liquidity of the security and its asset class. For example, market data that is several days old likely would not be relied upon by market participants in making trading decisions in NMS stocks, particularly those which are highly liquid, but may be used to make trading decisions for certain illiquid fixed income securities. Accordingly, SCI entities would need to analyze which systems may be appropriately excluded from the definition of “SCI systems” as providing only historical market data that is generally not relied upon by market participants in connection with making trading decisions. As with other aspects of an SCI entity’s compliance with Regulation SCI, the Commission and its staff may review the SCI entity’s determination with regard to historical market data systems, including the SCI entity’s analysis and factors considered, to assess whether the SCI entity’s determination was, and continues to be, reasonable and consistent with the requirements of Regulation SCI.

Section 3: SCI Events.

Question 3.01: Does the de minimis exception under Rule 1002(c)(4)(ii) apply to SCI events affecting critical SCI systems?

Sim. Rule 1002(c)(1)(i) of Regulation SCI requires an SCI entity, promptly after any responsible SCI personnel has a reasonable basis to conclude that an SCI event that is a systems disruption or systems compliance issue has occurred, to disseminate information about such SCI event, unless an exception applies. With respect to a “major SCI event” ( i. e. , an SCI event that has had, or the SCI entity reasonably estimates would have: (1) any impact on a critical SCI system, or (2) a significant impact on the SCI entity’s operations or on market participants), Rule 1002(c)(3) requires that the information required to be disseminated under Rules 1002(c)(1)-(2) shall be promptly disseminated by the SCI entity to all of its members or participants.

Rule 1002(c)(4) provides certain exceptions to the information dissemination requirement. In particular, Rule 1002(c)(4)(ii) provides an exception for any SCI event that has had, or the SCI entity reasonably estimates would have, no or a de minimis impact on the SCI entity’s operations or on market participants. As noted above, an SCI event that has had or would have any impact on a critical SCI system is a “major SCI event.” The SCI Adopting Release noted that, because major SCI events are a subset of SCI events, the exception for de minimis events also applies to major SCI events that meet the requirements of Rule 1002(c)(4)(ii).[42] Therefore, it is possible for an SCI entity to experience an SCI event that affects a critical SCI system (and thus is a major SCI event), but does not require the dissemination of information about such major SCI event to all members or participants because it falls within the de minimis exception to the rule. For example, if there was a successful virus attack to a server for a critical SCI system, such as a clearance and settlement system of a clearing agency, which was immediately detected by antivirus software and quarantined, and the SCI entity reasonably determined that such attack had no or a de minimis impact on the SCI entity’s operations or on market participants, information about such SCI event would not be required to be disseminated to members or participants under Rule 1002.

Question 3.02: How should SCI entities contact the Commission for SCI events that require immediate notification to the Commission under Rule 1002(b)(1) or for updates pertaining to such SCI events pursuant to Rule 1002(b)(3)?

Pursuant to Rule 1006, the notifications relating to SCI events required by Rules 1002(b)(2) and 1002(b)(4) are required to be filed electronically with the Commission on Form SCI. Rules 1002(b)(1) and 1002(b)(3), however, do not prescribe the specific method for providing immediate notifications to the Commission of SCI events or for regular updates to the Commission, respectively. As noted in the SCI Adopting Release, these rules provide flexibility so that an SCI entity may provide such immediate notifications and updates orally ( e. g. , by telephone) or in writing ( e. g. , by email or on Form SCI).[43] Though it is not required, the Staff encourages SCI entities to make use of Form SCI when appropriate, as it provides a standardized means for submitting such notifications and updates to the Commission; in addition, SCI entities are permitted to electronically request confidential treatment of all information filed on Form SCI in accordance with Regulation SCI. However, if an SCI entity chooses instead to provide an immediate notification or update of an SCI event to comply with the requirements of Rule 1002(b)(1) or 1002(b)(3) without using Form SCI, it may do so through the designated phone number or email address that Commission staff will make available to each SCI entity prior to the compliance date of Regulation SCI. Of course, SCI entity personnel may additionally, as a secondary notification, notify or update any other Commission staff that it feels appropriate, including any staff member with whom the SCI entity’s personnel consults regarding the issues relating to a given SCI event.

Question 3.03: If an SCI entity loses a redundant component of a system but has a seamless failover, is that a systems disruption?

Whether the failure of a system component with a seamless failover to a backup system constitutes a systems disruption depends on the particular facts and circumstances of the incident. It is not automatically a systems disruption simply because a component failed; nor is it automatically excluded from being an SCI event simply because there was a seamless failover. Rather, an SCI entity would have to determine whether such a failure meets the definition of “systems disruption” under Rule 1000. A systems disruption is defined in Rule 1000 as an event in an SCI entity’s SCI systems that disrupts, or significantly degrades, the normal operation of an SCI system. The Staff encourages SCI entities to establish parameters regarding what constitutes normal operations for each of its SCI systems so that it is able to ascertain when such normal operations have been disrupted or significantly degraded.

Question 3.04: Does an SCI entity need to report to the Commission virus alerts produced by its security software on its email systems?

Generally speaking, it is the Staff’s expectation that many corporate email systems of SCI entities will not be subject to Regulation SCI because they do not meet the definition of “SCI systems” or “indirect SCI systems” under Rule 1000 of Regulation SCI. Specifically, Rule 1000 defines “SCI systems” as “all computer, network, electronic, technical, automated, or similar systems of, or operated by or on behalf of, an SCI entity that, with respect to securities, directly support trading, clearance and settlement, order routing, market data, market regulation, or market surveillance.” If the corporate email systems at issue do not directly support any one of the six enumerated areas ( i. e. , trading, clearance and settlement, order routing, market data, market regulation, market surveillance), they would not constitute SCI systems and would not be subject to Regulation SCI’s reporting rules. Of course, to the extent that such email systems directly support any one of the six enumerated areas ( i. e. , trading, clearance and settlement, order routing, market data, market regulation, market surveillance), such functionality would be considered to be an SCI system and, as such, would be subject to the reporting and other requirements of Regulation SCI.[44]

However, even if the corporate email systems at issue do not directly support the above enumerated areas and thus do not constitute SCI systems, the SCI entity would need to determine whether the corporate email systems fall into the category of “indirect SCI systems,” which are defined in Rule 1000 as “any systems of, or operated by or on behalf of, an SCI entity that, if breached, would be reasonably likely to pose a security threat to SCI systems.” As discussed in the SCI Adopting Release, whether a system is an indirect SCI system will depend on whether it is effectively physically or logically separated from SCI systems.[45] Thus, an SCI entity should consider taking the steps necessary to ensure that its corporate email systems would not, if breached, be reasonably likely to pose a security threat to its SCI systems. However, if the corporate email systems would, if breached, be reasonably likely to pose a security threat to the SCI entity’s SCI systems, they would be indirect SCI systems and subject to the various provisions of Regulation SCI with respect to security, including the reporting requirements with regard to systems intrusions.

Thus, a virus alert produced by security software on a corporate email system that is not an SCI system or an indirect SCI system would not be indicative of an SCI event that would be reportable pursuant to Rule 1002. To the extent an email system is an SCI system or an indirect SCI system, however, a virus alert occurring in that system could indicate the occurrence of a “systems intrusion,” i. e. , any unauthorized entry into the SCI entity’s SCI systems or indirect SCI systems, which an SCI entity would be required to report to the Commission. As noted in the SCI Adopting Release, attempted ( i. e. , unsuccessful) virus attacks would not be required to be reported to the Commission.[46]

Question 3.05: Would a systems issue that significantly impacts only a small number of market participants constitute a “major SCI event”?

Under Rule 1000 of Regulation SCI, “major SCI event” is defined as an SCI event that has had, or the SCI entity reasonably estimates would have, any impact on a critical SCI system, or a significant impact on the SCI entity’s operations or on market participants. With respect to an SCI event that is a major SCI event because it has a significant market impact on market participants, the definition does not set forth a minimum number of market participants that must be impacted for an SCI event to be a major SCI event. Rather than focusing solely on the number of market participants impacted, an SCI entity should analyze the facts and circumstances regarding the impact of an SCI event and may consider how the event affects one or more, or a given group or class, of market participants as a whole and whether it has a “significant impact” on such market participants. In conducting such an analysis, the Staff believes it would be appropriate that an SCI entity take into account the relative significance of the market participant(s) impacted, whether by trading volume, importance to the operation of the SCI entity, or such other factors an SCI entity determines to be appropriate. For example, if a systems disruption at an exchange only impacts two market makers but such market makers are two of the largest on the exchange, such an event could constitute a major SCI event if the impact on those two participants would be considered significant. If an SCI event is deemed to be a major SCI event, information regarding the event would be required to be disseminated to all of an SCI entity’s members or participants (rather than only to those members or participants that have been affected, as is required for SCI events that are not major SCI events).[47]

Question 3.06: If an SCI entity experiences an SCI event that also impacts other SCI entities, do all of the SCI entities need to report it to the Commission?

Rule 1002(b) of Regulation SCI requires that, upon any responsible SCI personnel having a reasonable basis to conclude that an SCI event has occurred, the SCI entity must provide the Commission with notifications pertaining to such event, as well as regular updates until the event is resolved. Although a single incident may affect multiple SCI entities, it is incumbent upon each SCI entity to fulfill its own obligations under Rule 1002(b). Thus, each SCI entity that experiences an SCI event is required to submit the required notifications and updates under Rule 1002(b), regardless of whether it believes that other SCI entities are also affected by the same systems issue. This is required even where an SCI event affects a single system that is used by multiple affiliated entities.[48]

As noted in the SCI Adopting Release, the Commission viewed such individualized SCI event notices to be important and did not believe that allowing certain entities to forego notification where a given event appears to be affecting multiple SCI entities would be appropriate because each SCI entity and its systems may be impacted differently by the systems issue, and each entity may have a unique perspective on the details surrounding the event.[49] In addition, the initial analysis of an SCI entity that it is affected by the same systems issue affecting other SCI entities may be incorrect and, by receiving notifications from various SCI entities, the Commission will be better positioned to determine whether, in fact, they are concurrently experiencing the same event.[50]

In this regard, Rule 1002(b) and Form SCI require, among other things, information regarding the SCI entity’s assessment of the types and number of market participants potentially affected by the SCI event; the potential impact on the market; and a description of the steps the SCI entity has taken, is taking, or plans to take, with respect to the SCI event. In many cases, this information will be different for each entity impacted by an SCI event. For example, the impact of a given SCI event may differ between SCI entities depending upon a wide variety of factors, including the specific policies and procedures in place at an SCI entity relating to the affected system and the types of market participants that comprise an SCI entity’s members or participants, among others. These individual facts and perspectives are valuable to the Commission and its staff, and may assist the Commission and its staff to gather the relevant facts and develop a more thorough understanding of the event and where the failure or systems issue may have arisen. The Staff believes that this is the case even in instances where the SCI event affects a single system that is used by multiple affiliated entities. The Staff believes that in many cases, the information provided pursuant to the requirements of Form SCI would not be identical for each entity, and believes that it is important to have each entity’s individual response to the requirements of Form SCI for the reasons noted above.

Question 3.07: When is a systems compliance issue “resolved” for purposes of Rule 1002?

A systems compliance issue is defined by Rule 1000 as “an event at an SCI entity that has caused any system of such entity to operate in a manner that does not comply with the Act and the rules and regulations thereunder or the entity’s rules or governing documents, as applicable.” Several requirements of Rule 1002 regarding Commission notification of SCI events are dependent on the date that an event is resolved, including those relating to submitting updates and the final report to the Commission regarding an SCI event. If an SCI entity has experienced a systems compliance issue, such an event may be “resolved” for purposes of Regulation SCI in one of two ways. First, the issue could be resolved when the SCI system’s functionality is modified so that it operates in accordance with the Act, rules and regulations thereunder, and the entity’s existing rules. Second, in the case where an SCI entity’s systems are operating in a manner that does not comply with the entity’s own rules or governing documents, but are not otherwise in violation of the Act or rules thereunder, the system compliance issue could be resolved by modifying the entity’s rules or governing documents to accurately reflect the operation of the system. For an SCI SRO, this would be accomplished through the filing with the Commission of a proposed rule change under Section 19(b) and the proposed rule change becoming effective or being approved by the Commission, as applicable. For other SCI entities, it would entail completing whatever steps are necessary under the entity’s rules or governing documents to effectuate such a modification to such documents.

Question 3.08: How may information related to an SCI event be disseminated? (NEW)

Rule 1002(c)(1)-(2) of Regulation SCI requires an SCI entity, promptly after any responsible SCI personnel has a reasonable basis to conclude that an SCI event has occurred, to disseminate certain information about such SCI event, unless one of the exceptions set forth in Rule 1002(c)(4) applies.[51] With respect to “major SCI events,”[52] Rule 1002(c)(3) requires that such information be promptly disseminated by the SCI entity to all of its members or participants. For non-major SCI events, the SCI entity must promptly disseminate such information only to those members or participants of the SCI entity that it has reasonably estimated may have been affected by the SCI event, as well as any additional members or participants that it subsequently reasonably estimates may have been affected by the SCI event.[53]

Regulation SCI does not specify the means by which information about SCI events must be disseminated. However, the Staff understands that, in practice, SCI entities routinely disseminate information regarding major SCI events in writing, such as through an electronic alert to all members or participants, or a public website posting. Such practices can facilitate the SCI entity’s compliance with its recordkeeping requirements under Rule 1005.

When an SCI event is not a “major SCI event,” and dissemination only is required to be made to affected members and participants, it may in some cases be practical to communicate the required information orally ( e. g. , by telephone). While Regulation SCI is sufficiently flexible to permit the oral dissemination of such information, Rule 1005 requires SCI entities to make, keep, and preserve all documents relating to their compliance with Regulation SCI.

Section 4: Business Continuity and Disaster Recovery Plans (“BC/DR plans”) Testing.

Question 4.01: Do the testing requirements of Rule 1004 require two different tests, i. e. , one test that includes participation of members or participants and another test that is industry - or sector-wide?

No. Rule 1004 does not require two separate tests of BC/DR plans, one which includes the participation of members or participants and one that does not. Rather, Rule 1004(b) and (c) should be read in conjunction, so that SCI entities can conduct functional and performance testing of their BC/DR plans with the participation of designated members or participants and in coordination with other SCI entities on an industry - or sector - wide basis not less than once every 12 months.[54] Further, as stated by the Commission in the SCI Adopting Release, participation by members and participants of SCI entities in the testing of SCI entity BC/DR plans on an industry - or sector-wide basis would reduce duplicative efforts and be more cost effective than if members or participants were to test with each SCI entity on an individual basis.[55] Therefore, Rule 1004 provides for coordinated BC/DR plan testing that includes the participation of designated members or participants. At the same time, the Commission noted in the SCI Adopting Release that SCI entities are not required to conduct all functional and performance testing at once and in coordination with other SCI entities all at the same time.[56] Rather, the Commission noted that if, to meet the requirements of the rule, a single annual test cannot be properly conducted, SCI entities have flexibility to design their testing to include, for example, weekend testing and testing in segments over the course of a year.[57]

Question 4.02: When are SCI entities required to complete their initial testing of their business continuity and disaster recovery plans with designated members or participants, as required by Rule 1004(b)?

Rule 1004 of Regulation SCI sets forth the requirements for testing an SCI entity’s BC/DR plans with members or participants. This rule requires that, with respect to an SCI entity’s BC/DR plan, including its backup systems, each SCI entity shall: (a) establish standards for the designation of those members or participants that the SCI entity reasonably determines are, taken as a whole, the minimum necessary for the maintenance of fair and orderly markets in the event of the activation of such plans; (b) designate members or participants pursuant to the standards established and require participation by such designated members or participants in scheduled functional and performance testing of the operation of such plans, in the manner and frequency specified by the SCI entity, provided that such frequency shall not be less than once every 12 months; and (c) coordinate the testing of such plans on an industry - or sector-wide basis with other SCI entities.

The practical effect of Rule 1004(b) is that SCI entities have up to 12 months from the compliance date of Regulation SCI to conduct the initial functional and performance testing of BC/DR plans with designated members or participants since Rule 1004(b), by its terms, requires that the frequency of such testing “not be less than once every 12 months.” Consequently, SCI entities would have until November 2, 2016 (12 months from the compliance date of Regulation SCI) to complete their initial BC/DR testing with designated members or participants.

Section 5: Recordkeeping.

Question 5.01: What type of “written undertaking” will satisfy the requirements of Rule 1007 relating to service bureaus or other recordkeeping services?

To ensure that records required to be filed or kept by an SCI entity under Regulation SCI are prepared or maintained by a service bureau or other recordkeeping service on behalf of the SCI entity are available for review by the Commission and its representatives, Rule 1007 of Regulation SCI provides that the SCI entity must submit “a written undertaking, in a form acceptable to the Commission, by such service bureau or other recordkeeping service, signed by a duly authorized person at such service bureau or other recordkeeping service.” Rule 1007 further provides that such a written undertaking “shall include an agreement by the service bureau to permit the Commission and its representatives to examine such records at any time or from time to time during business hours, and to promptly furnish to the Commission and its representatives true, correct, and current electronic files in a form acceptable to the Commission or its representatives or hard copies of any or all or any part of such records, upon request, periodically, or continuously and, in any case, within the same time periods as would apply to the SCI entity for such records.” The written undertaking required by Rule 1007 may be in the form of a letter containing the required elements and should be submitted to the Commission as soon as an SCI entity engages a service bureau or other recordkeeping service. This letter, as well as any subsequent update (as necessary), should be submitted to the designated email address or physical address that Commission staff will make available to each SCI entity prior to the compliance date of Regulation SCI.

Section 6: Compliance Dates.

Question 6.01: When is the report of the first annual SCI review due to the Commission?

Rule 1003(b)(1) of Regulation SCI requires an SCI entity to conduct an “SCI review” of the SCI entity’s compliance with Regulation SCI not less than once per calendar year.[58] An SCI review must contain (1) a risk assessment with respect to an SCI entity’s SCI systems and indirect SCI systems, and (2) an assessment of internal control design and effectiveness of such systems to include logical and physical security controls, development processes, and information technology governance, consistent with industry standards.[59] Pursuant to Rule 1003(b)(2), an SCI entity must submit a report of the SCI review to senior management of the SCI entity for review no more than 30 calendar days after completion of such a review. Moreover, under Rule 1003(b)(3), an SCI entity must submit to the Commission, and to the board of directors of the SCI entity or the equivalent of such board, a report of the SCI review and any response by senior management within 60 calendar days after its submission to senior management. Consequently, if an SCI entity’s initial SCI review (“2015 SCI review”) was completed on December 31, 2015, the report of the SCI review would be due to senior management of the SCI entity no later than January 30, 2016, with such report and any response by senior management due to the Commission and the SCI entity’s board no later than March 31, 2016.

The Staff recognizes that the 2015 SCI review will be the first such review conducted pursuant to the requirements of Regulation SCI, and SCI entity personnel and the objective personnel performing such review will be considering the assessments required by the review for the first time. Furthermore, given that the applicable Regulation SCI compliance date is November 3, 2015, this initial review necessarily will be based on a smaller amount of operational information, reporting, and other data than subsequent SCI reviews. The Staff also acknowledges that SCI entities are likely to be fine-tuning their policies and procedures during the initial months following the Regulation SCI compliance date.

Accordingly, the Staff would expect the 2015 SCI review to be primarily focused on assessing the design and initial implementation of the SCI entity’s policies and procedures and other mechanisms for compliance with Regulation SCI, including their reasonableness and comprehensiveness. Although any significant weaknesses revealed during the initial implementation period would, of course, need to be addressed by the 2015 SCI review, the Staff acknowledges that a limited amount of operational data may be generated during that period and, as such, the Staff believes it is appropriate to focus on such design and implementation aspects for purposes of the 2015 SCI review. In subsequent years, however, the objective personnel performing SCI reviews would need to fully assess the operational data generated during the applicable year in performing their assessments.

Question 6.02: When does the calculation begin for determining whether an alternative trading system is an SCI ATS?

Under the definition of “SCI ATS” in Rule 1000 of Regulation SCI, an ATS will be subject to Regulation SCI if, during at least four of the preceding six calendar months, it had:

With respect to NMS stocks: (i) five percent or more in any single NMS stock, and 0.25 percent or more in all NMS stocks, of the average daily dollar volume reported by applicable effective transaction reporting plans, or (ii) one percent or more, in all NMS stocks, of the average daily dollar volume reported by applicable effective transaction reporting plans; or With respect to non-NMS stocks and for which transactions are reported to a SRO, five percent or more of the average daily dollar volume as calculated by the SRO to which such transactions are reported.

The effective date of Regulation SCI was February 3, 2015, after which ATSs must evaluate whether they met the enumerated thresholds specified in the definition of “SCI ATS” ( i. e. , during four of the preceding six-months). Specifically, in determining whether it falls into the category of SCI ATS, an ATS should, beginning with the month of February 2015 (and in each month thereafter), review its trading activity in the prior six-month period to determine whether it has met the thresholds applicable to SCI ATSs.

Paragraph (c) of the definition of SCI ATS also provides that an ATS that meets any of the volume thresholds in the definition for the first time is not required to comply with the requirements of Regulation SCI until six months after satisfying the thresholds for the first time. For example, if an ATS satisfied the thresholds in the definition of SCI ATS for the first time in June 2015, it would have six months from that time to become fully compliant with Regulation SCI, and thus would have to comply with the requirements of Regulation SCI by December 2015.[60]

[1] See Securities Exchange Act Release No. 73639 (November 19, 2014), 79 FR 72252 (December 5, 2014) (“SCI Adopting Release”).

[2] Regulation SCI also applies to “indirect SCI systems,” which are any systems that, if breached, are likely to pose a security threat to SCI systems. Further, certain SCI systems that are “critical SCI systems” are held to certain heightened requirements under Regulation SCI. See 17 CFR 242.1000 (definitions of “SCI systems,” “indirect SCI systems,” and “critical SCI systems”).

[4] See 17 CFR 242.1002. See also 17 CFR 242.1006.

[6] See 17 CFR 242.1005. See also 17 CFR 242.1007.

[8] See SCI Adopting Release, 79 FR at 72280-81.

[10] See SCI Adopting Release, 79 FR at 72280.

[12] For example, NIST 800-53 Rev. 4, “Security and Privacy Controls for Federal Information Systems and Organizations” contains controls that would be relevant to risk assessments and system interconnections and separation. Among others, such controls include: System and Communications Protection Control Family (particularly SC-7 (Boundary Protection)); CA-3 (System Interconnections), CA-9 (Internal System Connections), PL-2 (System Security Plan), PL-8 (Information Security Architecture), RA-3 (Risk Assessment), AC-5 (Separation of Duties), AC-6 (Least Privilege), AC-14, (Permitted Actions without Identification or Authentication), AC-17 (Remote Access), AC-20 (Use of External Information Systems), CM-5 (Access Restrictions for Change), CM-7 (Least Functionality), and SA-9 (External Information System Services). In addition, the Appendices to NIST Special Publication 800-47, “Security Guide for Interconnecting Information Technology Systems,” describes a formally documented interconnection that details responsibilities, logical protections and controls, and other issues that are relevant to the NIST 800-53, Rev. 4 control CA-3 (System Interconnections)). See Staff Guidance on Current SCI Industry Standards, November 19, 2014, available at sec. gov/rules/final/2014/staff-guidance-current-sci-industry-standards. pdf (listing NIST 800-53 Rev. 4 as one example of a publication that an SCI entity could look to in developing reasonable policies and procedures to comply with Rule 1001(a) of Regulation SCI).

[14] See SCI Adopting Release, 79 FR at 72271.

[15] See SCI Adopting Release, 79 FR at 72275-76. These contracts may be with another SCI entity, as in the case of a regulatory services agreement, or with a non-SCI entity.

[16] Rule 1000 defines SCI systems as “all computer, network, electronic, technical, automated, or similar systems of, or operated by or on behalf of, an SCI entity that, with respect to securities, directly support trading, clearance and settlement, order routing, market data, market regulation, or market surveillance.”

[17] See SCI Adopting Release, 79 FR at 72275-76.

[18] Appropriate due diligence and oversight by the Contracting SCI Entity in such case could include, among other things: (1) reviewing the policies and procedures developed by the Operating Entity; (2) discussing any concerns it identifies with the Operating Entity and working with the Operating Entity to ensure that the policies and procedures comply with Regulation SCI; and (3) periodically reviewing the maintenance and enforcement of the policies and procedures by the Operating Entity, including through assessing the reports of SCI reviews, which should include any weaknesses in such policies and procedures. The Contracting SCI Entity could also incorporate the policies and procedures of the Operating Entity into its own policies and procedures and detail its policies and procedures for conducting appropriate due diligence and overseeing the performance of the Operating Entity under Regulation SCI. However, the Staff does not believe it would be sufficient for the Contracting SCI Entity to solely rely on representations of the Operating Entity with respect to the adequacy of its policies and procedures, or to merely assume they are being maintained and enforced by the Operating Entity in accordance with Regulation SCI.

[19] In cases where the Operating Entity is itself an SCI entity (“Operating SCI Entity”) and, for example, the Operating SCI Entity uses a market surveillance system for itself as well as on behalf of the Contracting SCI Entity such that the system is an SCI system of each SCI entity, the Staff believes that it would be acceptable for the Operating SCI Entity to provide immediate notifications of SCI events to the Commission via phone or email on behalf of the Contracting SCI Entity. In such cases, it would be appropriate that the SCI entities have written agreements in place to authorize the Operating SCI Entity to provide such immediate notifications on behalf of the Contracting SCI Entity, as well as itself, including designating appropriate personnel of the Operating SCI Entity as “responsible SCI personnel” for the limited purpose of immediate notifications under Rule 1002(b)(1). In addition, such agreements should ensure that the Contracting SCI Entity is immediately informed of such communications (for example, a notification submitted via email could be sent to the Contracting SCI Entity at the same time that it is sent to the Commission). The Staff notes that if the SCI entities choose to use the EFFS system for such immediate notifications, each would have to individually submit a Form SCI for the SCI event ( i. e. , in this example, both the Contracting SCI Entity and the Operating SCI Entity). Ultimately, however, each SCI entity remains responsible for ensuring its own compliance with Regulation SCI, including ensuring both the timely submission of any required SCI event notification, as well as the accuracy and completeness of such notifications.

[20] For example, the Contracting SCI Entity and the Operating Entity may agree that it is appropriate for the Operating Entity to take certain corrective actions, as required by Rule 1002(a), following SCI events. In such cases, among other things, the Contracting SCI Entity could be notified of the SCI event and the action to be taken, and the Contracting SCI Entity could periodically review and assess the Operating Entity’s performance with regard to corrective action taken in response to SCI events. Further, with respect to reporting systems changes pursuant to Rule 1003(a), as with the notifications required by Rules 1002(b)(2)-(4), the Operating Entity may determine to, for example, provide the Contracting SCI Entity with a draft of the applicable submission, which the Contracting SCI Entity could submit to the Commission after performing its own appropriate due diligence, including review of and any revisions to such draft it deemed appropriate. In addition, where the third party operating the SCI system is an Operating SCI Entity, the Contracting SCI Entity may also determine that it is appropriate to allow the Operating SCI Entity’s objective personnel to conduct the SCI review (or employ third party objective personnel to conduct such SCI review) and prepare the report of the SCI review as required by Rule 1003(b). In such instances, the Contracting SCI Entity would need to exercise appropriate due diligence, which could include, but is not necessarily limited to, among other things, ensuring that the SCI review is conducted in accordance with the requirements of Regulation SCI ( e. g. , that it is performed by experienced, objective personnel), as well as reviewing the SCI report and taking appropriate action to ensure that any noted deficiencies are appropriately remedied.

[21] The Staff notes that the analysis in Question 2.04 regarding the types of systems that “directly support” order routing is limited to the order routing function. A different analysis may apply to systems supporting the other key functions covered by Regulation SCI – trading, clearance and settlement, market data, market regulation, and market surveillance – which involve different processes and risks.

[23] Sections 6(b), 15A, and 17A(b)(3) of the Exchange Act impose obligations on national securities exchanges, national securities associations, and clearing agencies, respectively, to be “so organized” and “[have] the capacity to…carry out the purposes of [the Exchange Act].” See Sections 6(b)(1), 15A(b)(2), and 17A(b)(3) of the Exchange Act, 15 U. S.C. 78f(b)(1), 78 o -3(b)(2), 78q-1(b)(3), respectively.

[24] In adopting Regulation SCI, the Commission similarly narrowed the definition of SCI systems to include those systems relating to “market regulation,” rather than the broader term “regulation” as was proposed. See Rule 1000 of Regulation SCI.

[25] See SCI Adopting Release, 79 FR at 72275.

[26] The Staff notes that a market surveillance system need not be used exclusively by an SCI ATS to be considered an SCI system. For example, a market surveillance system used to surveil trading activity on an SCI ATS that is also used to surveil trading by the customers of its broker-dealer operator or other affiliates would be an SCI system. However, to the extent certain components of such a market surveillance system are used exclusively to surveil trading activity of the customers of its broker-dealer operator or other affiliates, those components of the market surveillance system would not be an SCI system.

Further, the Staff notes that whether a system used for market surveillance meets the definition of SCI system is not dependent on whether such system conducts real-time surveillance. In the SCI Adopting Release, the Commission expressly stated that it was not limiting the definition of SCI systems strictly to real-time systems because such a limitation could “exclude relevant systems, such as certain… market surveillance systems operated by or on behalf of an SCI entity, which the Commission views as integral to one or more of the six functions identified in the definition.” See SCI Adopting Release, 79 FR at 72274, n.226.

[30] See SCI Adopting Release, 79 FR at 72277.

[31] See SCI Adopting Release, 79 FR at 72279.

[33] See SCI Adopting Release, 79 FR at 72278, n.286.

[34] See SCI Adopting Release, 79 FR at 72278.

[35] See SCI Adopting Release, 79 FR at 72277.

[36] See SCI Adopting Release, 79 FR at 72275. Under Regulation SCI, market data systems may meet either the definition of “SCI systems” or “critical SCI systems.” Specifically, systems that “[d]irectly support functionality relating to … [t]he provision of consolidated market data” are “critical SCI systems,” while other types of market data systems, such as those that directly support proprietary market data systems, are “SCI systems.” In the Adopting Release, the Commission emphasized the importance of consolidated market data, noting that it “provides the public with ready access to a comprehensive and reliable source of information for the prices and volume of any NMS stock at any time during the trading day” and “helps to ensure that the public is aware of the best displayed prices for a stock, no matter where they may arise in the national market system.” See SCI Adopting Release, 79 FR at 72279.

[37] See SCI Adopting Release, 79 FR at 72275.

[38] In this regard, the Commission noted in the SCI Adopting Release that systems providing or directly supporting price transparency are within the scope of SCI systems, while systems solely providing or directly supporting other types of data, such as systems used by market participants to submit disclosure documents, are not within the scope of SCI systems, so long as they do not also directly support price transparency. See SCI Adopting Release, 79 FR at 72275.

[39] See SCI Adopting Release, 79 FR at 72255, nn. 31-33 (discussing market events that have involved market data-related systems issues that resulted in extended halts in trading on options exchanges, stock exchanges, and in the OTC equity securities markets).

[40] See SCI Adopting Release, 79 FR at 72275 (discussing the meaning of “market data” and concluding that both proprietary market data and consolidated market data are within the scope of the definition of SCI systems and subject to Regulation SCI).

[41] In contrast, as noted by the Commission in the SCI Adopting Release, the consolidated audit trail repository would fall within the definition of “SCI system” as a market regulation system. See SCI Adopting Release, 79 FR at 72275, n.246.

[42] See SCI Adopting Release, 79 FR at 72336 at n. 991.

[43] See SCI Adopting Release, 79 FR at 72354.

[44] Even when an email system is used to directly support one of the six enumerated areas, it does not necessarily mean that an SCI entity’s entire email system is subject to Regulation SCI. For example, if an SCI entity uses email to alert market participants of “self-help” issues, and the SCI entity determines that such functionality “directly supports” trading and/or routing, if the “self-help” functionality is effectively separated, such as through physical separation or the existence of appropriate safeguards, to ensure that the functionality is sufficiently segregated from the remainder of the corporate email system, then only the “self-help” email functionality would be subject to Regulation SCI, while the remainder of the corporate email system would not.

[45] See SCI Adopting Release, 79 FR at 72280-81.

[46] See SCI Adopting Release, 79 FR at 72288.

[47] Of course, for SCI events that are not major SCI events, an SCI entity is free (but is not required) to disseminate information about such events to all of its members or participants.

[48] In appropriate circumstances, one SCI Entity may contract with another SCI Entity to take steps to facilitate the meeting of certain obligations under Regulation SCI, including the immediate notification requirements with respect to SCI events. See supra note 19 (FAQ 2.03).

[49] See SCI Adopting Release, 79 FR at 72325.

[51] The information required to be disseminated for systems disruptions or systems compliance issues is set forth in Rule 1002(c)(1), and the information required to be disseminated for systems intrusions is set forth in Rule 1002(c)(2).

[52] A “major SCI event” is defined in Rule 1000 to mean “an SCI event that has had, or the SCI entity reasonably estimates would have: (a) any impact on a critical SCI system; or (b) a significant impact on the SCI entity’s operations or on market participants.”

[54] In this regard, paragraphs (c) and (d) of Rule 1004 both refer to the testing of “such plans,” i. e. , referencing the same BC/DR plans of an SCI entity.

[55] See SCI Adopting Release, 79 FR at 72354.

[56] See SCI Adopting Release, 79 FR at 72352.

[57] See SCI Adopting Release, 79 FR at 72352, n. 1182.

[58] However, penetration test reviews of the network, firewall, and production systems must be conducted at a frequency of not less than once every three years, and assessments of SCI systems directly supporting market regulation or market surveillance must be conducted at a frequency based upon a risk assessment, but not less than once every three years. See Rule 1003(b)(i)-(ii).

[60] The Staff notes that an ATS meeting the definition of SCI ATS as of the Effective Date does not receive an additional six months to comply with Regulation SCI after the November 3, 2015 compliance date. Rather, the six-month compliance period for SCI ATSs would give such an ATS until August 2015 to comply, but because the compliance date of Regulation SCI is November 3, 2015 for all entities, the ATS would not be required to comply with Regulation SCI until November 3, 2015. In other words, if the six-month compliance period for ATSs newly meeting the thresholds would result in a compliance date prior to the November 3, 2015 compliance date, such ATS will not be required to comply with Regulation SCI until the November 3, 2015.