10:41 AM
Connect Directly

Regulators Weigh Fixes After Trading Debacles

Exchanges and other trading platforms would have to perform tests to prevent software errors from unleashing havoc on the market under proposed rules being crafted by regulators.

WASHINGTON -- Exchanges and other trading platforms would have to perform tests to prevent software errors from unleashing havoc on the market under proposed rules being crafted by regulators, U.S. Securities and Exchange Commission Chairman Elisse Walter said.

Walter offered details for the first time on the rules, which are being developed in response to a string of high-profile technology errors last year, in a speech Tuesday at American University's Washington College of Law.

Those debacles include Nasdaq's botched handling of the Facebook initial public offering and Knight Capital's $440 million losses due to a software error.

Walter's predecessor, Mary Schapiro, announced last year she was putting the rule-writing process on the fast track, shortly after Knight Capital nearly went bankrupt.

Walter said the rules will require exchanges, alternative trading systems and clearing agencies to provide notifications about systems disruptions and meet certain technological standards, as well as perform business continuity testing.

Entities could be punished if they fail to comply with any such tighter compliance rules.

"We saw how automated markets and computer-driven trading can go awry when technical issues in Knight Capital's trading and routing software caused it to erroneously establish positions in nearly 150 stocks, ultimately costing the company $440 million," Walter said.

The regulator will try to eliminate the causes of uncontrolled electronic trading, not just the problems, by concentrating on compliance and integrity, she said.

The SEC's proposed rules would replace a long-time voluntary standard known as "automation review policies" or ARP.

The SEC first developed ARP following the 1987 market crash. ARP sets forth guidance for exchanges, some alternative trading systems and clearing agencies to help ensure their systems are stable, secure and have the capacity to deal with glitches that can send markets into a tailspin.

In addition to converting the voluntary guidance into enforcement rules, the SEC is also considering whether to expand the program to apply to other entities, such as broker-dealers, advisers and dark pools. [ID nL1E8KE0YV]

Walter conceded that many market participants are already following ARP guidelines today, but said a voluntary policy does not go far enough.

"In my mind, a voluntary standard is no substitute for a mandate or a requirement that you must follow, and that you violate the law if you fail to follow it," she said.

Walter did not provide a timetable for the proposal's unveiling, saying some details remained under discussion. She later told reporters it is "top of mind and top of the agenda" and would be released "sooner rather than later."

It is unclear, however, if Mary Jo White, President Barack Obama's nominee to become the next SEC chairman, will also prioritize the rulemaking. Walter is expected to remain as chairman until the Senate confirms White, a former prosecutor and white-collar defense attorney.


The SEC has been exploring numerous possible market structure changes in response to the rise of automated trading.

It implemented a handful of reforms after the May 6, 2010 "flash crash," when the Dow Jones industrial average plunged about 700 points before rebounding.

The SEC is also exploring the policies surrounding high-frequency trading and its impact on investors.

The commission is capturing data for all orders, cancellations and trade executions through a Market Information Data Analytics System, or MIDAS, in an effort to better understand high-frequency trading, she said.

After the staff gets a chance to analyze it, Walter said the SEC will release some of its studies to the public.

Among the things she said staff may study include the impact of quote cancellations, changing the tick size, the depth of book for liquid and illiquid stocks, and intraday volatility.

(Reporting By Emily Stephenson and Sarah N. Lynch; Editing by Gerald E. McCormick, Nick Zieminski and Leslie Gevirtz)

Copyright 2010 by Reuters. All rights reserved.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Janice, I think I've got a message from the code father!
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.