The US Securities and Exchange Commission launched a broad investigation involving the technology issues at several major brokerage firms, including the NASDAQ Stock Exchange, the NYSE EURONEXT exchanges, and market maker Knight Capital.
Additionally, the Tokyo Stock Exchange suffered two outages in February 2012 and then again in August, a week after the Knight Capital system glitch, which resulted in a $440 million trading loss. The SEC threat should be taken seriously as the NYSE was recently fined $5 million for improperly distributing market data. As a result, the NYSE was ordered to retain an independent consultant to conduct a comprehensive review of their market data delivery systems.
According to the SEC, bolstering market technology standards is a priority as the agency cites the recent high-profile technical glitches costing US exchanges and trading firms hundreds of millions of dollars. The technology standards have long been established by the ISACA Cobit framework, including IT controls for separation of controls, change management, and control.
All of this means that US regulators are taking a deeper look at creating enforceable technology review standards for exchanges and market participants. In a related story, the SEC and Finra are reviewing the recent trading incident that impacted the much anticipated Facebook IPO, which resulted in NASDAQ's being sued. The initial SEC review of the Facebook IPO incident suggested technical failures as a root cause.
With high-profile failures threatening the very existence of these companies as well as the SEC penalties, firms are beginning to notice and retain industry experts such as IBM to review their existing practices. They also are seeking new leadership while establishing the appropriate controls using industry standards practices.
Bob Aiello is a consultant, a technical editor for CM Crossroads, and the author of Configuration Management Best Practices: Practical Methods that Work in the Real World. Bob has served as the vice chair of the IEEE 828 Standards working group and is a member of the IEEE Software and Systems Engineering Standards Committee (S2ESC) management board.