(The news featured
below is a selection from the news covered in the Federal Securities Report
Letter, which is distributed to subscribers of the Federal
Securities Law Reports.)
SEC Agrees to Additional Steps to Ensure Financial Market Preparedness
SEC Chairman William Donaldson, responding to recommendations by the Government
Accountability Office, advised that he has directed the staff to begin an assessment of key broker-dealers' arrangements for their trading staff and
their ability to resume trading operations after a disaster. This assessment should be ready by mid-2005. Mr. Donaldson added that the Division of Market
Regulation is developing a rule proposal to require exchanges and clearing organizations to ensure compliance with the SEC's automation review policy.
The SEC will also assess the skills and expertise of the automation review policy staff and the organizational alignment of the automation review policy
program.
Three Congressional committees asked the GAO to review the progress of the financial markets to prepare for a wide-scale disaster since its last report
in February 2003. The committees specifically sought a progress report on the SEC's actions to improve its automation review policy program. Among the
GAO's recommendations is that the SEC fully analyze the readiness of the securities
markets to recover from major disruptions and assist the industry in preparing the markets to resume trading.
The GAO reviewed seven organizations that it deemed critical to the securities
markets' ability to resume operations after a disaster. The GAO also discussed with eight large broker-dealers and banks that represent a significant portion
of the trading and clearing volume on the U.S. securities markets their business
continuity capabilities. For security reasons, the GAO did not identify the organizations that were reviewed, their functions or their locations.
The GAO reported that all of the critical securities market organizations and trading firms had further reduced the risks of physical or electronic
attacks since its last review, and improved their ability to recover from such events. However, three organizations that are critical to the functioning
of the securities markets have backup facilities within the same geographic area as their primary facilities, putting them at a greater risk that a single,
wide-scale event could prevent them from operating at either site.
The GAO also found that four of the eight broker-dealers and banks had concentrations
of their key trading staff in a single location. These firms said they recognized
the risk, but that splitting or rotating the staff would decrease efficiency and increase costs to a degree that exceeded the risk of disruption.
The GAO reported that a new private communications network has been created to provide more reliable communications for broker-dealers, exchanges and
clearing organizations. The large telecommunications carriers that serve the financial district in Manhattan have also improved their network infrastructures.
The banking and securities regulators issued joint guidance that directed key clearing and settlement organizations to implement business continuity
best practices by the end of 2004. The GAO noted that the SEC cannot require broker-dealers to participate in the markets, so none of its new regulatory
guidance requires trading firms to develop capabilities to resume after a catastrophic event. The SEC has not completely analyzed whether a sufficient
number of trading firms are likely to resume trading after a wide-scale disruption,
the GAO continued, or whether firms outside of the affected area would be willing and able to trade at a level necessary to ensure fair and liquid markets
if the most active firms are unable to do so.
With respect to the automation review policy program, the GAO noted that the SEC has had problems in the past with organizations cooperating with its recommendations.
The GAO suggested in 2003 that compliance be mandatory. The SEC advised that cooperation has improved, but agreed that mandatory compliance with automation
review policy guidelines would ensure future compliance. The SEC staff has drafted such a rule, but has not yet presented it to the Commission.
The GAO also raised concerns about resources for the automation review policy
program, noting that the SEC in some instances had not ensured that entities took timely steps to address concerns raised during reviews. The GAO also
identified opportunities for improvements in information security that automation
review policy staff had failed to identify.
The automation review policy program was moved to a new office, called the Office of Market Continuity, within the Division of Market Regulation in November
2003. The GAO suggested that the SEC may wish to consider whether the program would be more beneficial if moved to the Office of Compliance Inspections
and Examinations or the Office of Information Technology.
Mr. Donaldson advised that the SEC performed an extensive assessment of the functions, duties and responsibilities of the entire Commission in 2003, including
the automation review policy program, which resulted in the creation of the Office of Market Continuity within the Division of Market Regulation. However,
he said the SEC will continue to assess the organizational alignment of the program as part of its routine strategic planning effort.
|