NYSE Fined $14 Million by SEC for Reg SCI Violations

The Securities and Exchange Commission (SEC) charges stem from five separate investigations—which include violations of Regulation Systems Compliance and Integrity (Reg SCI) and Regulation National Market System (Reg NMS) codes—and include NYSE, NYSE Arca and NYSE American, which neither admitted nor denied the findings in the SEC’s order.

The charges are significant because they represent the first filed for violations of Reg SCI, a series of rules designed to govern how securities exchanges manage their technology infrastructure and handle events such as outages.

The SEC alleges that the exchanges implemented a market-wide regulatory halt in error, misrepresented stock prices as automated, and applied price collars during a period of high volatility on August 24, 2015, without the rules in place to permit them to do so.

“We believe this settlement is in the best interest of the NYSE exchanges,” says a NYSE spokesperson. “We take our regulatory obligations seriously and remain focused on building and maintaining industry-leading technology and ensuring that our markets operate with the utmost integrity.”

The NYSE group’s parent company, the Intercontinental Exchange Group, had previously disclosed during its earnings announcement in February 2017 that the NYSE had received a Wells Notice from the SEC. The notice, which stated that SEC staff had recommended that the agency file an enforcement action, was in relation to the circumstances surrounding a market outage on July 8, 2015.

NYSE had originally received inquiries from the SEC’s enforcement staff in December 2015, ICE said, and the Wells Notice was issued in December 2016.

The SEC indicated that the charges, and the subsequent penalty, however, were more serious than the events of one day.

“Two NYSE exchanges previously settled rule-filing violations in 2014, and now we’ve found further problems,” said Steven Peikin, co-director of the SEC’s Division of Enforcement, in a statement announcing the charges. “NYSE’s violation of the prior SEC order was a significant factor in assessing the civil penalties in this matter.”

An Opaque Rule

Reg SCI was drawn up after increasing concern about the stability of systems used at exchanges culminated in a series of outages across major trading venues, as well as disruptive market events, such as the Flash Crash of May 2010.

“We’ve known this was coming for a while,” says a European exchange analyst, who asked not to be named. “The SEC telegraphed it pretty extensively with the [Wells Notice] to ICE, but I think it’s also sending a message here—it’s been criticized in the past for passing Reg SCI and then effectively not doing anything with it, even updating the firms subject to it. This should send a warning shot across the bows of other groups who may have had problems in recent years, in terms of outages, systems failures or regularly having self-help declared against them.”

Self-help is a mechanism by which orders are routed to alternative venues when an exchange is experiencing systems difficulties in processing trades. Such events tend to only last for short periods, but have been noticeably more frequent in recent years—on March 3, for instance, the Miami Options Exchange declared self-help against the Gemini Exchange.

Reg SCI has been somewhat controversial. Last August, US senator Mark Warner, a democrat from Virginia and the ranking member of the Senate Banking Subcommittee on Securities, Insurance, and Investment, wrote in a letter to the SEC that the regulatory body has not been transparent enough as to which firms have become subject to the rule. 

“Since its effective date, the SEC has not publicly disclosed which market centers have become subject to Reg SCI; nor has it required market centers to disclose whether they are or are not subject to Reg SCI,” said Warner, in the letter. “Hence, investors are unable to determine whether their orders are being routed to market centers which are being held to the requirements of having a strong, audited cybersecurity program.”

Some have also expressed doubt as to the need for such a regulation, as an outage is already punative for an exchange. While speaking with Waters just over a year ago, Jim Myers, senior manager of business consulting for Sapient, said that Reg SCI “is hard to characterize as useful. I don’t credit Reg SCI for this because it’s punitive for exchanges to have outages. It’s in nobody’s best interest if systems go down.” 

In the same article, Aite Group analyst Spencer Mindlin said the rule can even distract exchanges from tending to their systems. “The time spent complying with the regulation is time away from taking care of the house,” Mindlin says. “The regulation assumes that firms are not already applying 100 percent of their focus to ensure their systems do not break.”