REUTERS/Kevin Lamarque Sen. Mark Warner on Capitol Hill.
In a letter to the Securities and Exchange Commission chairman Jay Clayton dated August 1, he asked the SEC to provide more information on cybersecurity rules in the US securities market.
The letter is focused on Regulation Systems Compliance and Integrity (Reg SCI), a rule introduced in 2014.
"Reg SCI was intended to strengthen the technology infrastructure of the US securities markets by reducing the occurrence of systems issues, particularly following several high-profile outages that had the potential to cause considerable harm to investor confidence," he said.
Under Reg SCI, those trading venues subject to the regulation "must notify the SEC when system problems do occur, including compliance issues, system disruptions and system intrusions." The entities subject to the rule include all exchanges, clearinghouses, Securities Information Processors (SIPs), and those Alternative Trading Systems (ATS) that exceed certain thresholds.
Warner writes that the SEC has not publicly disclosed which market centers have become subject to Reg SCI, and as a result "investors are unable to determine whether their orders are being routed to market centers which are being held to the requirement of having a strong, audited cybersecurity program."
The letter said (emphasis added):
"This includes any broker-dealer operated ATS's, single-dealer internalizers, and wholesalers which handle a significant percentage of retail investor order flow and a high percentage of overall US average daily volume. If compromised, these market centers could destabilize markets by not having the protections in place tht the SEC has outlined in Reg SCI to strengthen the integrity of our markets. "
He urges the SEC to identify those in compliance with Reg SCI, and to require investment advisers and broker-dealers to consider compliance with Reg SCI when determining best execution.