ICI Comment Letter on SEC's Proposed Regulation Systems Compliance and Integrity

  July 12, 2013 Ms. Elizabeth M. Murphy Secretary U.S. Securities and Exchange Commission 100 F Street, N.E. Washington, D.C. 20549-1090 Re: Regulation Systems Compliance and Integrity (File No. S7–01–13) Dear Ms. Murphy: The Investment Company Institute1 is writing to respond to the issues raised by the Securities and Exchange Commission’s (“Commission” or “SEC”) proposed Regulation Systems Compliance and Integrity (“Regulation SCI”).2 ICI members and their shareholders have a significant interest in ensuring that the regulatory structure that governs the financial markets allows for the most effective system possible to address risks posed by technological developments in trading. Consistent with this goal, we strongly support the examination of issues that may impact the fair and orderly operation of the financial markets and investor confidence in those markets, and we therefore support the examination of the issues raised by the Commission in the Release. I. Background The proliferation of technology in recent years has caused funds and other institutional investors to modify their trading strategies. Funds heavily utilize the new technology and tools available to them when trading; funds are therefore impacted by the risks posed by technology due to the actions of other market participants and the increased volume of trading in general attributable to electronic trading. 1 The Investment Company Institute is the national association of U.S. investment companies, including mutual funds, closed-end funds, exchange-traded funds (ETFs), and unit investment trusts (UITs). ICI seeks to encourage adherence to high ethical standards, promote public understanding, and otherwise advance the interests of funds, their shareholders, directors, and advisers. Members of ICI manage total assets of $15.3 trillion and serve more than 90 million shareholders. 2 Securities Exchange Act Release No. 69077 (March 8, 2013), 78 FR 18084 (March 25, 2013) (“Release”). Ms. Elizabeth M. Murphy July 12, 2013 Page 2 of 5   Recent market infrastructure disruptions have highlighted the need for mechanisms to address risks raised by the use of technology in trading. Clearly, it is in everyone’s best interests to prevent technological errors, as well as examine the most efficient response to errors that occur. ICI has therefore supported efforts in this area; we believe many of the steps already taken to address market risks have improved the ability of markets to respond to market disruption events (e.g., steps taken after the flash crash and initiatives to address risks surrounding direct market access).3 We agree, however, that additional measures are necessary given that market disruption events continue to occur.4 As we have stated in previous comment letters on technology issues, as additional measures are examined, several basic principles should be considered. An intermediary or trading venue, as applicable, should have the ultimate responsibility for the orders sent to the market through its trading system and for the compliance of the orders with applicable regulatory requirements. This responsibility should include all aspects of the trading system including the design, development, deployment and operation of the system as well as the system’s reliability, security and capacity. Similarly, we support requirements for an intermediary or trading venue to ensure that a trading system and all modifications to the system are adequately tested before deployment and are regularly reviewed to ensure that the system and modifications are reliable. We also believe control measures must be in place to prevent systems from generating and sending orders to the market that may be erroneous as well as effective controls to enable the cancellation of unexecuted orders in the markets. II. Regulation SCI Regulation SCI would replace the SEC’s current voluntary Automation Review Policy (“ARP”) compliance program with rules requiring certain market participants to have policies and procedures in place surrounding their technological systems. Significantly, “SCI entities”5 would be required to, among other things, design, develop, test and maintain systems that are integral to their operations and 3 ICI strongly supported the Commission’s examination of practices surrounding market access and the implementation of risk management controls and supervisory procedures reasonably designed to manage the risks associated with market access. See Letter from Ari Burstein, Senior Counsel, Investment Company Institute, to Elizabeth M. Murphy, Secretary, Securities and Exchange Commission, dated March 29, 2010; available at http://www.ici.org/pdf/24210.pdf. 4 See Letter from Karrie McMillan, General Counsel, Investment Company Institute, to Elizabeth M. Murphy, Secretary, Securities and Exchange Commission, dated October 23, 2012; available at http://www.ici.org/pdf/26600.pdf. 5 Under the proposal, “SCI entities” would include: self-regulatory organizations (the registered national securities exchanges, registered clearing agencies, FINRA, and MSRB); alternative trading systems that exceed specified volume thresholds (SCI ATSs); disseminators of market data under certain National Market Systems plans (“plan processors”); and certain clearing agencies exempt from SEC registration. Ms. Elizabeth M. Murphy July 12, 2013 Page 3 of 5   ensure that their core technology meets certain standards, conduct business continuity testing, and provide certain notifications in the event of systems disruptions and other events.6 A. Comments and Recommendations ICI strongly supports Regulation SCI’s goal of enhancing the Commission’s oversight of the capacity, integrity, resiliency, availability and security of significant automated systems of entities important to the national market system. Nevertheless, we share concerns expressed by some commenters on the proposal regarding the scope of the proposal, the need for clarity surrounding certain requirements and definitions, and the need for further examination of the costs and burdens that may be presented by some of the proposed requirements. 1. Application of Regulation SCI to Additional Entities The Release requests comment on whether other entities, such as transfer agents, should be included in the definition of SCI entity, thereby subjecting them to some or all of the requirements under the Regulation. In determining whether Regulation SCI should be expanded to include other entities, ICI believes that the role of those entities in the securities markets and associated risks that they present must be taken into account. For example, transfer agents raise fewer risks to the markets than proposed SCI entities as they do not have systems that directly support the functions of concern to the Commission under the proposal, e.g., trading, clearance and settlement, order routing, and market data. Therefore, if a system disruption or other type of systems issue occurs at a transfer agent, we believe it is unlikely to have the same impact on the markets overall as a disruption occurring at an SCI entity. ICI therefore believes that, at this time, transfer agents should not be included in Regulation SCI. However, if the Commission determines that additional entities should be included in the definition of an “SCI entity,” we support consideration of this issue through the publication of a separate proposal. 6 Specifically, under the proposed rule, each SCI entity would be required to: (1) establish policies and procedures relating to the capacity, integrity, resiliency and security of its technology systems; (2) establish policies and procedures to ensure its systems operate in the manner intended, including in compliance with relevant federal securities laws and rules; (3) take timely corrective action in response to systems disruptions, systems compliance issues and systems intrusions; (4) notify and provide the SEC with detailed information when such systems issues occur as well as when there are material changes in its systems; (5) inform its members or participants about certain systems problems and provide information about the systems and market participants affected by the problem and the progress of corrective action; (6) conduct an annual review of its compliance with Regulation SCI, and submit a report of the annual review to its senior management and the SEC; (7) designate certain individuals or firms to participate in the testing of its business continuity and disaster recovery plans at least once annually, and coordinate such testing with other entities on an industry- or sector-wide basis; and (8) provide SEC staff with access to its systems to assess compliance with Regulation SCI. Ms. Elizabeth M. Murphy July 12, 2013 Page 4 of 5   2. Dissemination of Information to Members or Participants of an SCI Event Regulation SCI would require information relating to “dissemination SCI events” to be provided to members or participants of SCI entities including information about the systems and market participants affected by the event and the progress of any corrective action taken. ICI supports ensuring the transparency of SCI events to members and participants of an SCI entity. We believe such transparency would promote the understanding of the issues surrounding the SCI event, any resulting risks to the markets, and better inform the markets of action being taken to address the event. We share the recommendations of several commenters on the proposal, however, that the Commission only require the public dissemination of information about systems in significant circumstances where such information enhances investor protection. Dissemination should not be required where the information provided (e.g., regarding systems intrusions or issues with surveillance systems) may be misused to the detriment of the markets and investors in the markets. 3. Clarification of the Scope of Certain Regulation SCI Requirements Several commenters have raised questions regarding the scope of certain of the proposed definitions in Regulation SCI and requirements stemming from these definitions. For example, concerns have been raised regarding the scope of such terms as “SCI system,” “SCI security system,” “material system changes,” and “SCI events.” ICI supports narrowing the focus of several of these terms, and associated requirements, to more specifically focus on system events that are truly disruptive to the markets and the systems themselves that are likely to pose a risk to the fair and orderly operation of the markets or participants in the markets. * * * * * If you have any questions on our comment letter, please feel free to contact me directly at (202) 326-5815 or at kmcmillan@ici.org, or Ari Burstein at (202) 371-5408 or at aburstein@ici.org. Sincerely, /s/ Karrie McMillan Karrie McMillan General Counsel Ms. Elizabeth M. Murphy July 12, 2013 Page 5 of 5   cc: The Honorable Mary Jo White The Honorable Elisse B. Walter The Honorable Luis A. Aguilar The Honorable Troy A. Paredes The Honorable Daniel M. Gallagher John Ramsay, Acting Director, Division of Trading and Markets James R. Burns, Deputy Director, Division of Trading and Markets Heather Seidel, Association Director, Division of Trading and Markets David Shillman, Associate Director, Division of Trading and Markets Norm Champ, Director, Division of Investment Management