The SEC today published in the Federal Register its Regulation SCI (Regulation Systems Compliance and Integrity), which requires key market participants to have and implement written policies and procedures reasonably designed to ensure the availability, confidentiality and integrity of their systems as necessary to assure the fair and orderly operation of the markets. Among the specific requirements are periodic testing, annual systems review and disclosure of “SCI events” – including both functional and security issues. In addition to security issues, the new regulation is aimed in part at avoiding incidents like the “flash crash” of 2010 and the operational problems that occurred during the Facebook IPO in 2012.
A “systems intrusion” will be defined as “any unauthorized entry into the SCI systems or SCI security systems of an SCI entity.” While there is no materiality threshold, the SEC does make it clear that unsuccessful attempts at unauthorized entry will not be treated as a Systems Intrusion.
Latham will soon publish a detailed analysis of new Regulation SCI as a Client Alert that will be available here on the Global Privacy & Security Blog as well as on the firm’s website. If you would like to be sent a copy, please subscribe to the blog.