The top U.S. securities regulator wants new rules to help protect exchanges and other trading venues from computer-generated volume spikes and hackers seeking to harm the country’s capital markets.
As high-speed electronic trading becomes more prevalent, Securities and Exchange Commission Chairman Mary Schapiro said a new mandatory compliance regime is more important than ever.
It is needed to ensure that trading venues have the capacity to deal with glitches that could send markets into a tailspin, she said.
Her comments come a little less than a year after the May 6 “flash crash,” which overwhelmed exchanges like NYSE Euronext and Nasdaq Omx Group and exposed the risks of the move to an electronic marketplace dominated by rapid-fire trading over the last decade.
More recently, investor confidence in U.S. markets faltered after Nasdaq said in February that last year hackers accessed an Internet-based client application. That incident is under investigation by the FBI, and it prompted the SEC to ask all exchanges for an audit of their information security policies.
“Today, with risks including algorithm-generated volume surges and malevolent hackers still very much with us, I believe the SEC should consider making (automation review policies) compliance mandatory,” Schapiro said in remarks presented via video at a Securities Industry and Financial Markets Association seminar on Wednesday.
“Such a regulation would require market participants to meet adequate standards for capacity, resiliency, and security of their automated systems,” she said.
The rules would apply to exchanges, alternative trading systems (ATS) “handling appreciable volume,” clearing agencies, depositories and securities information processors, she added.
Stock exchanges, almost completely electronic in North America and Europe, have run into systems problems in recent years.
A data glitch at Nasdaq knocked out quotes on two of its main indexes in January. In September, Chicago derivatives exchange CME Group Inc. inadvertently placed dummy test orders on its active energy and metals markets.
In Europe, the London Stock Exchange’s parent company suffered two embarrassing system glitches in a single week when trading failed to start on time on the London bourse and, days earlier, its Borsa Italiana was down for hours.
Despite some of these issues, Schapiro said the SEC has issued only “policy statements, not rules” about automated trading policies and practices.
Exchanges and other trading platform operators rely on these past policy statements by the SEC to ensure their systems are functional and not vulnerable to attack or a breakdown.
The policy statements also call for annual independent reviews and require participants to notify the SEC of outages or other problems.