Reg SCI rules by SEC addressed in new Exegy Inc. package

Low-latency technology provider Exegy Inc. developed a new package of managed services, product and remote management infrastructure features, compliant to Reg SCI, in partnership with two alternative trading system (ATS) operators in U.S. equities, as well as the International Securities Exchange (ISE) which operates three U.S. options exchanges.

Reg SCI stands for Regulation Systems Compliance and Integrity and, being one of the most substantial rules the US Securities Exchange Commission (SEC) has passed recently, its purpose is to minimize the rash of technology outages that has been affecting capital markets over the last five years, most spectacularly seen in 2012’s software glitch at Knight Capital Group (KCG) that cost the company approximately $440 million in 45 minutes on August 1.

Reg SCI has become effective since late 2015, with all stock exchanges, the DTCC, NSCC, FINRA and MSRB falling under its rule, as well as 12 ATSs, covering about 75% of all trading volume. The SEC estimates that each SCI will have to report 14 disruptions to its participants and the SEC: 500 events in total.

While there is a consensus that these rules safeguards markets from many of the occurrences and severity of major outages, by requiring more transparency and reporting, critics argue that some rules are too wide in scope and still wouldn’t be applied to KCG, deeming it unable to prevent the famous event in 2012.

Nevertheless, electronic trading firms will have to follow the rules and need compliant technology to do so. There’s where companies like Exegy come in, with updated software that allows its clients to respect requirements:

Jamie O’Donnell, CEO at Exegy said: “Our integrated managed service model enables us to stretch beyond the boundaries of typical vendor relationships in order to form strategic partnerships with our customers. We welcomed the opportunity to engage with our customers to sort through the requirements of Reg SCI and to develop the capabilities required by firms subject to the new regulations.

“It was an outstanding opportunity to enhance the value of our products and managed services. We are now prepared to assist additional firms that are seeking to develop or to improve their Reg SCI compliance regime, in addition to improving the performance and cost effectiveness of their mission-critical market data infrastructure,” added O’Donnell.

According to Exegy, the effort to achieve compliance can be significant, including the development of new controls and procedures concerning systems development, stress testing, system monitoring, data management, security, business continuity planning, and disaster recovery, as well as developing or extending existing documentation and implementing periodic reviews and risk assessments.

ISE CTO Thomas Reina said: “We chose Exegy over five years ago for their ability to deliver the performance, efficiency, stability, and continuous support that we require for mission-critical market data. They have served as a strategic partner through the launches of our ISE Gemini and ISE Mercury exchanges, as well as our efforts to build the necessary capabilities to achieve robust Reg SCI compliance in our feed handling infrastructure.”

Reg SCI compliant firms have improved mechanisms to confirm stability and resiliency of its technology infrastructure against potential vulnerabilities caused by natural disasters, technology failures, and discoveries of potential security threats.

Compliance to rules include: providing comprehensive and well-documented process for the design, development, testing, monitoring, and management of systems that are essential to their operations. Entities must also provide evidence of implementation and enforcement of policies and procedures to ensure sufficient capacity, integrity, resiliency, availability, and security of their systems subject to Reg SCI.

Exegy is also offering a premium package of product features and managed services that includes: a corpus of documentation addressing operational policies and procedures, enhanced incident management and escalation procedures, more rigorous Service Level Agreements, expanded reporting and audit services, enhanced security controls and transparency into its products and global managed services infrastructure, and dedicated infrastructure for Reg SCI entities that includes geographically distributed disaster recovery sites.