LawCast Covers SCI and SCI Events

Posted by on January 04, 2018

LawCast Covers SCI and SCI Events- The SEC adopted Regulation Systems Compliance and Integrity (Regulation SCI) on November 3, 2015 to improve regulatory standards and processes related to technology in the securities business including by financial services firms.

An SCI Event is defined as “an event at an SCI entity that constitutes: (1) a systems disruption; (2) a systems compliance issue; or (3) a systems intrusion.” A “systems disruption” is “an event in an SCI entity’s SCI systems that disrupts, or significantly degrades, the normal operation of an SCI system.” A “systems compliance issue” is defined as an “an event that has caused an SCI system to operate in a manner that does not comply with the [Securities Exchange] Act” and the rules and regulations thereunder and the entity’s rules and governing documents, as applicable. A “systems intrusion” is defined as “any unauthorized entry into the SCI systems or indirect SCI systems of an SCI entity.”

An SCI Event triggers certain obligations including taking corrective action, notifying the SEC and disseminating information. While the response to an SCI Event does not include a materiality analysis, it does include a risk-based analysis. Although the SEC provided for exceptions to the reporting and information requirements for events the de minimus or no impact on the SCI Entity’s operations or market participants, all disruptions require certain recordkeeping, assessment, and corrective measures regardless of how seemingly small they might be.

The SEC rightfully points out that outwardly inconsequential technological issues may later prove to have been a significant cause of larger issues. In addition, an SCI entity’s records of small events may prove useful to the SEC in identifying patterns, weaknesses or circumstances that result in significant issues. Along the same lines, the SEC requires recordkeeping and reporting related to both intentional and unintentional SCI Events.