Tellefsen and Exactpro Systems Team Up to Help Clients with REG SCI
Meeting the demanding new requirements imposed upon firms by SEC Regulation SCI
is a key issue for many firms, especially in the areas of independent systems testing
and certification. Tellefsen and Company, L.L.C. (Tellefsen) and Exactpro Systems,
LLC (Exactpro) have today announced a marketing partnership in which both firms will
collaborate to provide key industry constituents with market structure consulting, financial
technology infrastructure testing and software quality assurance testing services.
Tellefsen is a management consulting firm founded in 1984 to provide counsel and
professional services to meet the growing needs of the financial services industry. The
firm’s principals and consultants have a wealth of experience in regulatory compliance
and U.S. market infrastructure (exchanges, ATS, dark pools etc). One of Tellefsen’s core
competencies has been is assisting firms with their regulatory compliance requirements
through technology analysis, planning, testing, and evidencing.
Exactpro is a rapidly growing quality assurance services firm specializing in market
infrastructure. Exactpro provides both functional and non-functional testing for global
exchanges, dark pools and clearing houses using a range of sophisticated in-house built
testing and evidencing tools.
John Rapa, President and CEO of Tellefsen, indicates: “The implementation of Reg SCI
is another example of market regulations where market participants must provide evidence
of their comprehensive infrastructure testing, policies and procedures and market oversight
compliance. We are delighted to team up with Exactpro whom we know from other customer
engagements. We are very impressed by their capabilities, diligence and effectiveness in
planning, executing and evidencing tests that prove regulatory compliance”.
Iosif Itkin, Co-Founder of Exactpro, says: “Our firm has a great set of tools and services that
we believe can help clients meet Regulation SCI in a cost effective manner. We are very
conversant with this domain and are delighted to be working with Tellefsen on this; our two
firms’ capabilities are entirely complementary”.
2. SEC Regulation SCI - Systems Compliance and Integrity
• On November 19, 2014 the SEC adopted new rules to require certain key
market participants to have comprehensive policies and procedures in
place surrounding their technology (Reg SCI).
• Regulation SCI under the Securities Act of 1934 (“Systems Compliance
and Integrity”) replaces the current voluntary ARP compliance program
with rules whose violation may be the subject to enforcement actions.
• SROs, selected alternative trading systems (ATS), plan processors, and
exempt clearing agencies are required to design, develop, test, maintain,
and oversee their mission-critical systems.
• The rules require them to ensure that their core technology meets
certain standards, conduct regular business continuity testing, and
provide certain notifications in the event of systems disruptions,
intrusions and other events.
Tellefsen and Company, L.L.C.
2013-2015
3. Reg SCI (Cont’d) …
• High-profile technical glitches in the securities markets including those
that arose during the 2010 Flash Crash, the initial public offerings of
Facebook and BATS Global Markets as well as the Knight Capital trading
incident have illustrated that investors can be at risk when technology
fails, and confidence in the markets can falter.
• The market closures following Hurricane Sandy in 2012 also highlighted
the importance of having a robust market technology infrastructure.
• These events, subsequent discussions and commentary from a cross
section of market participants have helped shape the development of
the new rulemaking.
Tellefsen and Company, L.L.C.
2013-2015
4. • The new regulations will present challenges to the Chief Technology
Officer and especially the Chief Compliance Officer, who is responsible
for the creation and enforcement of reasonable supervisory procedures
related to the implementation and maintenance of applicable
HW/SW/NW technologies and infrastructure.
• While these responsibilities are far from a routine compliance skill set,
Reg. SCI is a continuation of a trend by the SEC of placing increased
responsibility on compliance with respect to policies and procedures for
implementing and maintaining various types of technology.
• For the past two decades, SROs have followed a voluntary set of
principles articulated in the SEC’s Automation Review Policy and
participated in what is known as the ARP Inspection Program.
• Reg SCI now supersedes this (see final rulemaking in the Federal Register:
https://www.federalregister.gov/articles/2014/12/05/2014-27767/regulation-systems-compliance-and
)
Reg SCI (Cont’d) …
Tellefsen and Company, L.L.C.
2013-2015
5. The rulemaking was largely adopted as proposed, with the following
revisions and exceptions:
•The proposed 30 day advance reporting requirement was changed to
quarterly.
•The Direct Access requirement which would have required SCI Entities to
provide SEC staff with remote or on-site access to SCI Systems was not
adopted.
•Safe Harbor protection from liability is limited to those individuals who
reasonably discharge their responsibilities under Reg SCI.
•Senior management involved in the annual Reg SCI review will be required
to certify that they have implemented policies and procedures reasonably
designed to ensure compliance with the rulemaking.
Reg SCI – Final Rulemaking
Tellefsen and Company, L.L.C.
2013-2015
6. • Core technology of national securities exchanges, self-regulatory
organizations, significant alternative trading systems, clearing agencies,
and plan processors meets certain standards.
• That these entities conduct regular business continuity testing with their
members or participants.
• That they provide certain notifications regarding systems disruptions,
intrusions and other types of systems issues.
• The probability of technology problems is reduced, and key entities are
well-positioned to take appropriate, corrective action when problems
occur.
Reg SCI Is Designed to Ensure:
Tellefsen and Company, L.L.C.
2013-2015
7. • The proposed rule would apply to “SCI Entities” such as:
– Self-regulatory organizations (the registered national securities exchanges,
registered clearing agencies, FINRA, and MSRB).
– Alternative Trading Systems that exceed specified volume thresholds (SCI ATS).
– Disseminators of market data under certain National Market Systems plans
(“plan processors”).
– Certain clearing agencies exempt from SEC registration.
• It would apply primarily to the systems of SCI Entities that are core to the
functioning of the securities markets, such as those that directly support
trading, clearance and settlement, order routing, market data, regulation,
or surveillance.
• The SEC anticipates that 14 ATSs will be required to be compliant.
• It is unknown whether other business systems such as a shared drive
system or phone system are within the scope.
Reg SCI – Applicability
Tellefsen and Company, L.L.C.
2013-2015
8. Establish policies and supervisory procedures relating to the capacity,
integrity, resiliency and security of its technology systems.
Ensure its systems operate in the manner intended, including in
compliance with relevant federal securities laws and rules.
Take timely corrective action in response to systems disruptions, systems
compliance issues and systems intrusions.
Notify and provide the SEC with detailed information when such systems
issues occur, systems intrusions, and when there are material changes in
its systems. Written notices of “SCI Events” will be reported to members
and market participants and filed electronically to the SEC on Form SCI.
Inform its members or participants about certain systems problems and
provide information about the systems and market participants affected
by the problem and the progress of corrective action.
SCI Entities - Requirements:
Tellefsen and Company, L.L.C.
2013-2015
9. Provide quarterly notice to the SEC of any material system changes,
including completed, ongoing and planned material changes to SCI systems
and the security of indirect SCI systems, during the prior, current and
subsequent calendar quarters.
Conduct an annual review of its compliance with Regulation SCI, and
submit a report of the annual review to its senior management and the
SEC.
Plan and engage in annual business continuity and disaster recovery
testing.
Designate certain individuals or firms to participate in the testing of its
business continuity and disaster recovery plans, and coordinate such
testing with other entities on an industry- or sector-wide basis.
Demonstrate systems testing, test results and related capabilities to SEC
staff on-site during inspections.
SCI Entities Requirements (Cont’d)…
Tellefsen and Company, L.L.C.
2013-2015
10. The SEC has granted Safe Harbor protection from liability to individuals
within SCI Entities who reasonably discharge their Reg SCI compliance
responsibilities under their policies, procedures and controls.
Reg SCI is effective 60 days after publication in the Federal Register, and
SCI Entities must comply with the requirements within 9 months of the
effective date.
ATSs that satisfy volume threshold levels for the first time will be granted
an additional 6 months from that time to comply.
SCI Entities will have 21 months from the effective date to comply with the
industry or sector wide BC/DR testing requirement.
SCI Entities Requirements (Cont’d)…
Tellefsen and Company, L.L.C.
2013-2015
11. • Reg SCI entities need to ensure their written policies and procedures are
up to date.
• Problem tracking systems must actively capture problems, problem
identification, cause/effect and resolution.
• Regular reporting to the SEC is required:
– Ad-hoc incident reporting
– Quarterly reports of planned and material system changes
– Annual Reg SCI Review
Policies, Procedures and Reporting
Tellefsen and Company, L.L.C.
2013-2015
12. • Reg SCI entities need a comprehensive testing regimen in order to be
compliant.
• Functional and non-functional testing of applicable Reg SCI ecosystems.
• Comprehensive test regimens for quality assurance, regression, capacity,
stress, failover/recovery, user acceptance etc.
• Development and maintenance of a test repository and active analysis of
production data.
• Need for industry insight and domain market structure expertise in the
design, planning and execution of industry test initiatives.
• Independent test execution, oversight and reporting.
• Assistance with preparation of annual Reg SCI compliance report to SEC.
Reg SCI Testing and Oversight
Tellefsen and Company, L.L.C.
2013-2015
13. Exactpro Systems Company Overview
Exactpro is: Our clients’ location:
• A specialist firm focused on functional and non functional
testing of systems that process wholesale financial products,
particularly market infrastructure
• A US company registered and head-quartered in San Rafael,
California, with four QA & development centres in Russia and
sales support in the UK
• An independent company incorporated in 2009 with 10
people, has experienced phenomenal growth as satisfied
clients consume more services - now employing over 280
specialists
14. Exactpro Systems Existing Customers Include:
• Several major stock exchange & ATS
clients with low latency trading platforms
• A market leading Equities dark pool
• Several post trade clearing houses
• A leading SEF
• A leading global derivatives
(financial and commodities) broker
• A significant commodity exchange and its
clearing arm
• A major investment bank specializing in
emerging markets
• A global equities broker offering program and
single name execution
• A software provider of adaptive trading
technologies for international buy- and
sell-side firms
15. 100% Focused on Systems that Process Financial Products,
with Particular Focus on Electronic Trading
Financial Products
Platforms Pre and Post Trade;
-Commodities, Derivatives
Equities, Fixed
Income, FX
Deal Capture &
Position Keeping
Risk Management
Middle Office
Clearing and
Settlement
Messaging
Reference Data
Order and Execution
Management
Market Venue
Connectivity
Smart Order
Routing
Algorithmic
Trading
Matching Engines
Market Data
Distribution
16. Highly Effective in all of these Aspects of Quality Assurance
Quality Assurance:
test planning and
management
Latency & capacity
testing
Intelligent Management
of Large Data Sets
Process audit and test
coverage analysis
Automated regression
testing
Gathering requirements
and test scenario creation
(human, message & reporting interfaces)
Intelligent functional and
exploratory testing
Creating and productizing
state-of-the-art
test harnesses
Test automation
Test data management
Protocol level testing using
FIX/FAST, SOAP, HTTP, ITCH,
SWIFT, MQ, SQL, proprietary
binary and text based
data formats, etc.
17. Exactpro’s Bespoke Test Automation Suite
ClearTH:
• Post-Trade testing tool
• Verifies each stage of the DLC
• Integrated schedule
• Automated matrices
• Can create multiple days test
scenarios
• Concurrent multiple tests
• Integrated simulators
• SWIFT ISO protocol support
MiniRobots:
• Executes multithreaded java
code
• Complexity of test algorithms is
defined by the test developer
• Supports multiple client fix
connections, order entry and
market data via FIX
• Can use GUI to iterate through
sent and received messages
Dolphin:
• Model-based testing
of market surveillance
systems
• Production-scale
capacity and
throughput
• Interactive real-time
alerts and reports
Shsha:
• Post-transactional tool
• Analyzes clients' activity and forecasts system response
• Parses and displays logs in a user-friendly way
• Parses messages and then puts each to a data base
table where each column corresponds to each message
field
• Allows making summarized reports, etc
• Easy to understand GUI
Load Injector:
• Simulates multiple client connections with a specified load shape for each connection or a group of connections
• Up to 75K messages / second from a single CPU core
• Measures latencies in microsecond range
• Performance test reports
Sailfish:
• Can test Order Entry, Market Data and Post
Trade connections in one test scenario
• Each test scenario is independent
• Allows running test scripts in any sequence
• Simulation of multiple user connections
• Server simulators
• All messages are stored into a data base
• Generates test reports
19. • Exactpro Systems has introduced a marketing partnership with Tellefsen
and Company (TCL), a management consulting firm founded in 1984 to
provide counsel and professional services to meet the growing needs of
the financial services industry.
• TCL has a market structure practice and core competency and depth of
experience in assisting exchanges, clearing houses and ATS in complying
with regulatory guidelines.
• TCL has conducted numerous technology reviews for clients in the last
several years, including investment management firms, ATS, clearing
houses and exchanges.
• TCL has also counseled and guided our clients through the preparation
for regulatory designation reviews and inspections by the CFTC, FINRA
and the SEC.
• TCL’s mission-critical systems expertise includes trading systems, market
data dissemination, clearing, risk management and market surveillance
components.
Marketing Partnership with Tellefsen and Company
Tellefsen and Company, L.L.C.
2013-2015
20. • Experience with prior client assignments has included the development of
testing, compliance documentation and procedures for trading and
operations management, including:
Business impact analysis
Business continuity management
Capacity planning
Systems development methodology
Acceptance testing
Configuration and release management
Network management
Problem management/problem tracking
Information and physical security
Failover, stress and capacity testing
TCL’s Market Structure, Compliance and Automation Review Expertise
Tellefsen and Company, L.L.C.
2013-2015
21. • Our firm brings unique market insight and market micro structure
experience to client assignments
• Development and audit of business continuity plans, systems failover and
fall back testing strategies and plans are a core competency of our firm, as
is systems quality assurance and acceptance testing
• We have provided independent test oversight and test results attestation
for various exchanges, clearing houses and numerous market participants.
TCL’s Market Structure Expertise (Cont’d) …
Tellefsen and Company, L.L.C.
2013-2015
22. How Does This Apply to Regulation SCI
Experienced people with great tools that can hit the ground running to test and provide
evidence in a cost effective fashion
A range of well organised testing services that cover several of the aspects essential
for Reg SCI compliance
- All test evidence captured from an easy to report from test repository
1. Conventional Non Functional
Testing:
• Load test to establish the
reasonable current and future
capacity planning estimates
• Capacity stress tests of systems
to determine their ability to
process transactions in an
accurate, timely, and efficient
manner
• Failover & recovery tests to
verify backup, contingency and
disaster recovery capabilities,
including geographically diverse
locations
2. Conventional Functional
Testing:
• Efficient testing to exercise all
key functionality and data set-up
• Positive and negative tests to
identify vulnerabilities pertaining
to internal and external threats,
physical hazards, and natural or
manmade disasters
• All test evidence per run
stored within an easy to access
and report test repository
• Automated Regression testing
of subsequent releases and
reporting of all relevant changes
within the system
3. Testing at the Confluence
of Functional and Non
Functional Testing:
• High frequency and
algorithmic trading activity
simulations
• Testing to assure systems
capacity, integrity, resiliency,
availability and security
under realistic participants
load
• Modeling of all data inputs
and outputs from system to
evaluate the behavior within
normal operational and
outage scenarios
4. Production Data Analysis:
• Capture and Analyze data
from production to
understand real usage
• Monitor and investigate
production events
• Feedback to refine test
coverage for subsequent
versions
• Bringing QA perspective
into operational support
23. Tellefsen and Company, L.L.C.
John Rapa, President/CEO
1-212 809 3800
JJR@Tellefsen.com
http://www.tellefsen.com
Exactpro Systems, LLC
Iosif Itkin, Co-Founder/Co-CEO
+7 495 640 2460
iosif.itkin@exactprosystems.com
http://www.exactpro.com/
For More Information, Contact