Regulamento SCI (Conformidade e Integridade dos Sistemas de Regulação)
Obtenha informações detalhadas sobre o desempenho do servidor com a infraestrutura convergente - Dell EMC facilita a conformidade com o gerenciamento do ciclo de vida de dados & ndash; Iron Mountain Veja Mais.
Conformidade e integridade dos sistemas de regulamentação (Regulation SCI) é um conjunto de regras criadas pela Comissão de Valores Mobiliários dos Estados Unidos para monitorar a segurança e as capacidades da infra-estrutura tecnológica dos mercados de valores dos EUA.
Download: Principais perguntas frequentes sobre o impacto de quatro regulamentações comuns de conformidade.
Às vezes, as operações de TI são inesperadamente afetadas pelos principais regulamentos de auditoria - sua equipe de TI está preparada? Explore o papel fundamental que sua equipe de TI desempenha na garantia da conformidade e analise as penalidades para a não conformidade baixando este guia eletrônico GRATUITO, que abrange todas as dúvidas que você possa ter em relação a quatro importantes regulamentações legislativas.
Ao enviar suas informações pessoais, você concorda que a TechTarget e seus parceiros podem entrar em contato com você sobre conteúdo relevante, produtos e ofertas especiais.
Você também concorda que suas informações pessoais podem ser transferidas e processadas nos Estados Unidos, e que você leu e concorda com os Termos de Uso e a Política de Privacidade.
A SEC projetou a Regulation SCI em resposta aos mercados de títulos sendo cada vez mais dependentes de tecnologia e sistemas automatizados. Regulamentação A SCI se esforça para reduzir o número de perturbações do mercado decorrentes dessa dependência de tecnologia, bem como acelerar a recuperação quando ocorrem perturbações. Estas perturbaï¿½es, conhecidas como "eventos SCI" sob o regulamento, incluem interrupções de sistemas, problemas de conformidade e intrusões de segurança.
O regulamento SCI é obrigatório para o que o SEC se refere como “entidades de SCI.” Entidades da SCI incluem organizações de auto-regulação, processadores de planos, agências de compensação e alguns sistemas alternativos de negociação (ATSes).
Sob a regra, as entidades da SCI devem projetar, implementar, testar e manter políticas e procedimentos de TI para a capacidade, integridade, resiliência, disponibilidade e segurança de seus sistemas. Se ocorrer um evento SCI, a entidade SCI deve tomar imediatamente uma ação corretiva, bem como notificar a SEC da ocorrência. As entidades da SCI também devem notificar a SEC quando planejarem fazer qualquer alteração em seus sistemas de TI.
Para ajudar a garantir a conformidade, as entidades da SCI devem realizar revisões anuais de seus processos de regulamentação da SCI e enviar o relatório à SEC. A Regulation SCI também exige que as entidades da SCI mantenham registros de conformidade de TI para comprovar a aderência às regras.
O regulamento SCI foi aprovado em fevereiro de 2015. O regulamento entrou oficialmente em vigor no início de novembro de 2015.
Nota do editor: Em outubro de 2015, a SEC atualizou sua página de Perguntas frequentes sobre a Regulamentação SCI, abordando dois pontos. Primeiro, aborda se os ATS podem ter sistemas de vigilância de regulação de mercado. Segundo a definição da Reg SCI de sistemas SCI, as ATS que atendem ao limite de volume da regulamentação são consideradas entidades SCI. No entanto, no contexto da Reg SCI, a SEC disse que os sistemas de regulação do mercado se referem apenas àqueles usados para realizar responsabilidades auto-regulatórias, que as ATSs não possuem. Assim, a SEC acredita que é improvável que um ATS tenha sistemas que se qualifiquem como sistemas de regulação de mercado.
Em segundo lugar, o FAQ foi atualizado para esclarecer quais sistemas SCI relacionados à comunicação de "negociação é interrompida". sï¿½ considerados "sistema SCI crï¿½ico". Em primeiro lugar, a SEC define as paradas de negociação à medida que as paradas de mercado (por exemplo, paralisações regulatórias), em vez de as paradas de negociação em um mercado individual. Dada esta definição, os sistemas SCI críticos são definidos pela Regulation SCI como qualquer sistema SCI que seja operado por ou em nome de uma entidade SCI que suporte diretamente a funcionalidade relacionada a interrupções comerciais e que dissemine comunicações relacionadas a interrupções comerciais em todo o mercado entre mercados .
Continue lendo sobre o Regulamento SCI (Conformidade e Integridade dos Sistemas de Regulação)
Termos relacionados.
Saiba mais sobre os requisitos específicos do setor para conformidade.
Os regulamentos dos drones evoluem à medida que a adoção da empresa se aquece.
A indústria de drones encontra aliado, cão de guarda na FAA.
Os regulamentos de segurança da informação podem ter como alvo o IoT, drones.
FTC (Federal Trade Commission)
A indústria de drones encontra aliado, cão de guarda na FAA.
O Snapchat observa o mercado de hardware com novos óculos de gravação de vídeo.
A supervisão da SEC atinge novos níveis sob o Regulamento SCI.
Os novos regulamentos de neutralidade da rede estimularão o investimento e a inovação?
Os regulamentos de segurança da informação podem ter como alvo o IoT, drones.
FTC (Federal Trade Commission)
As propostas da FCC continuam a estimular o debate sobre a neutralidade da rede.
Como o FTC objetivou melhorias na privacidade e segurança de dados?
Os regulamentos dos drones evoluem à medida que a adoção da empresa se aquece.
A indústria de drones encontra aliado, cão de guarda na FAA.
Os regulamentos de segurança da informação podem ter como alvo o IoT, drones.
FAQ: O projeto de lei exigirá o acesso a informações criptografadas?
FTC: Analisar big data cria risco de discriminação.
A influência do dispositivo móvel nos mandatos de conformidade regulamentar.
FAQ: As empresas podem combater pedidos de informações de vigilância secreta?
Novas e não tão novas mudanças na segurança no Ato de Segurança Cibernética de 2012.
Como o FTC buscou melhorias na privacidade e segurança de dados?
A influência do dispositivo móvel nos mandatos de conformidade regulamentar.
FAQ: As empresas podem combater pedidos de informações de vigilância secreta?
Novas e não tão novas mudanças na segurança no Ato de Segurança Cibernética de 2012.
Quais serão as maiores mudanças para as empresas que têm que cumprir o Regulamento SCI?
Participe da conversa.
Sua senha foi enviada para:
Ao enviar você concorda em receber e-mails da TechTarget e seus parceiros. Se você reside fora dos Estados Unidos, você consente que seus dados pessoais sejam transferidos e processados nos Estados Unidos. Privacidade.
Por favor, crie um nome de usuário para comentar.
-ANÚNCIOS DO GOOGLE.
Extensões de arquivos e formatos de arquivo.
Recursos mais recentes do TechTarget.
Pesquisar CIO.
CISOs, dê ao seu programa de segurança cibernética um senso de propósito.
"Derrote o inimigo que você pode ver ... então prepare-se para o próximo compromisso." Phillip Miller, da Brooks Brothers, dá aos colegas CISOs uma novidade.
Quem está falando? Agente conversacional vs. chatbot vs. assistente virtual.
Pense um agente de conversação, chatbot e assistente virtual são os mesmos? Pense de novo. O Vice-Presidente e CTO da IBM Watson, Rob High, explica.
Neurala afirma que “redes neurais profundas ao longo da vida” não esquecem.
A startup de Boston Neurala diz que desenvolveu redes neurais profundas que podem aprender na hora. O COO de Neurala, Heather Ames, explica.
Pesquise em TI de saúde.
Ao implementar o VDI, observe os aprimoramentos de armazenamento.
Hospitais que analisam a infraestrutura de desktops virtuais podem obter um aliado em recursos aprimorados de armazenamento. Armazenamento Flash, em.
AI um grande benefício de dados para mudar para a nuvem para cuidados de saúde.
AI um grande benefício de dados para mudar para a nuvem para cuidados de saúde.
Os provedores e grandes fornecedores são cautelosos, mas os cuidados de saúde na nuvem e os benefícios que a inteligência artificial proporciona estimularão um.
Pesquisar Cloud Computing.
A aquisição da VMware continua em direção à segurança na nuvem.
As ferramentas de segurança em nuvem da VMware serão impulsionadas pela aquisição da CloudCoreo, uma startup de segurança e gerenciamento da empresa.
A automação da liberação de aplicativos é transferida para a nuvem.
As iniciativas de CI / CD estimularão o aumento da adoção de ferramentas de automação de lançamento de aplicativos este ano, incluindo aquelas hospedadas na nuvem,.
Os desafios de autoatendimento do usuário são montados em computação em várias nuvens.
O provisionamento de autoatendimento apresenta desafios com um único provedor de nuvem, e uma estratégia de várias nuvens apenas os amplia.
Data Center de pesquisa.
Avalie casos de uso de leitura intensiva de leitura e SSD com uso intensivo de gravação.
Considere escrever desgaste, desempenho e outros fatores ao escolher entre leitura intensiva, gravação intensiva e uso misto.
Alguns casos de uso de infraestrutura hiperconvergente apresentam armadilhas.
A adoção de infraestrutura hiperconvergente está aumentando vertiginosamente, mas isso não significa que a tecnologia seja a melhor opção para todos.
O reorg hiper-convergente da Dell simplifica os produtos, aumenta as probabilidades de CI.
As pressões do mercado e as sinergias de fabricação levaram a Dell a integrar seus produtos HCI e CI com suas principais unidades de negócios, mas.
Gerenciamento de dados de pesquisa.
O Hyperledger Fabric oferece um caminho para o futuro do blockchain corporativo.
Blockchain surgiu de bitcoin, mas está procurando um lugar na empresa. Estruturas como o Hyperledger Fabric podem.
O MongoDB 4.0 leva as transações do ACID ao nível de vários documentos.
O MongoDB está dando um passo mais profundo nas águas de processamento no estilo SQL com uma atualização 4.0 que traz suporte aprimorado para.
O conceito de data lake precisa de uma mão firme para pagar dividendos de big data.
Os lagos de dados representam desafios de implantação de tecnologia e gerenciamento de dados que podem deixar os usuários de análise altos e secos se o.
Segurança de pesquisa.
O malware do Destruidor Olímpico é mais complexo do que se pensava inicialmente.
Roundup de notícias: O malware do Destroyer Olímpico é mais sofisticado do que os pesquisadores pensavam. Além disso, a Microsoft parece mudar.
SonicWall detecta quebras de Meltdown com tecnologia de aprendizado de máquina.
A SonicWall diz que sua nova tecnologia de inspeção de memória profunda, que alimenta o serviço de sandbox do Capture Cloud, pode bloquear.
Os programas de recompensas de bugs da Intel aumentaram após o Meltdown e o Specter.
O programa de recompensas de bugs da Intel expandiu seu escopo e recompensas por bugs em todos os produtos da Intel, e a empresa adicionou um novo programa.
Todos os direitos reservados, Copyright 2009 - 2018, TechTarget.

PHILIPPINE TAX TALK ESTE DIA E ALÉM.
Atualizações de impostos filipinos e além, como parte do crescimento para a próxima geração de Start-Up e Business People.
Terça-feira, 29 de abril de 2014.
Prazo final na Apresentação do Formulário Geral para Demonstrações Financeiras (GFFS) "Parent" ou "Consolidado" ou Formulário Especial para Demonstrações Financeiras (SFFS)
Sem comentários:
Publique um comentário.
Uma empresa que fornece uma ampla gama de serviços jurídicos em áreas onde eles têm superioridade técnica e profundidade de experiência. Endereço: 30º andar, Tycoon Center Pearl Drive, cidade de Ortigas Pasig 1605 Filipinas Telefone: + 63 (02) 634 & # 8211; 6678 + 63 (02) 638 e # 8211; 2030 a 32.
Guardiões filipinos Brotherhood Inc.
A Organização acredita na Divina Providência como a fonte de todas as criações, poder e autoridade.
Suprema Corte das Filipinas.
Escritório de Informações Públicas do 3º andar, Novo Anexo do Edifício da Suprema Corte, Rua Padre Faura, Ermita, 1000 Manila. Telefone (02) 522-5090; 522-5094 Telefax (02) 526-8129 Email pio@sc. judiciary. gov. ph.
PROJETO DE CAFÉ.
Beba seu caminho para seus doces favoritos.
Ayala Malls.
Parque Natural da aventura da parte superior da árvore.
Tree Top Adventure é um destino turístico obrigatório em Northern Luzon, nas Filipinas. Com dois ramos & # 8211; TREE TOP SUBIC e ÁRVORE TOP BAGUIO & # 8212; o nosso parque de tirolesa traz a você todos os confortos de segurança, enquanto mantém as emoções usando nossos conhecimentos e experiência em engenharia.
Azalea Hotels & amp; Residências BAGUIO.
Faça de cada viagem à Cidade dos Pinheiros uma experiência para se hospedar no Azalea Residences, primeiro e único hotel 4 estrelas de Baguio, que fará com que todas as férias em família, refúgio em grupo ou retiro romântico sejam mais memoráveis. Delicie-se com as modernas e generosas instalações do Azalea, equipadas com equipamento de cozinha, área de refeições e entretenimento.
TAPAddiction por Mom's Breaktime.
Localizado no Buendia Food pelo Tribunal Sen. Gil Puyat Avenue esquina Bautista e Finlandia Streets, Brgy. San Isidro, cidade de Makati.
Buendia ALIMENTO pelo TRIBUNAL.
Jante, relaxe e jogue basquete! Endereço: The Buendia Food Pelo Tribunal Sen. Gil Puyat Avenue esquina Bautista e Finlandia Streets, Brgy. San Isidro, Makati City Telemóvel: 0917.5576959 Email: buendiafoodbythecourt @ gmail.
SUDECO CONDOMÍNIO PARA ALUGAR.
Alugar um condomínio para Anvaya Cove Great Experience! Tel. No. (632) (02) 814-0711.
A primeira plataforma multimídia digital SparkUp é um espaço para a comunidade de jovens empreendedores apaixonados e ambiciosos.
DULDULAO DOT NET.
Negócios, Alimentos, Estilo de Vida, Tecnologia, Viagens e Outros Tópicos em Geral.

PHILIPPINE TAX TALK ESTE DIA E ALÉM.
Atualizações de impostos filipinos e além, como parte do crescimento para a próxima geração de Start-Up e Business People.
Terça-feira, 26 de abril de 2016.
Modelos de Demonstrativos Financeiros da SEC.
Sem comentários:
Publique um comentário.
Uma empresa que fornece uma ampla gama de serviços jurídicos em áreas onde eles têm superioridade técnica e profundidade de experiência. Endereço: 30º andar, Tycoon Center Pearl Drive, cidade de Ortigas Pasig 1605 Filipinas Telefone: + 63 (02) 634 & # 8211; 6678 + 63 (02) 638 & # 8211; 2030 a 32.
Guardiões filipinos Brotherhood Inc.
A Organização acredita na Divina Providência como a fonte de todas as criações, poder e autoridade.
Suprema Corte das Filipinas.
Escritório de Informações Públicas do 3º andar, Novo Anexo do Edifício da Suprema Corte, Rua Padre Faura, Ermita, 1000 Manila. Telefone (02) 522-5090; 522-5094 Telefax (02) 526-8129 Email pio@sc. judiciary. gov. ph.
PROJETO DE CAFÉ.
Beba seu caminho para seus doces favoritos.
Ayala Malls.
Parque Natural da aventura da parte superior da árvore.
Tree Top Adventure é um destino turístico obrigatório em Northern Luzon, nas Filipinas. Com dois ramos & # 8211; TREE TOP SUBIC e ÁRVORE TOP BAGUIO & # 8212; o nosso parque de tirolesa traz a você todos os confortos de segurança, enquanto mantém as emoções usando nossos conhecimentos e experiência em engenharia.
Azalea Hotels & amp; Residências BAGUIO.
Faça de cada viagem à Cidade dos Pinheiros uma experiência para se hospedar no Azalea Residences, primeiro e único hotel 4 estrelas de Baguio, que fará com que todas as férias em família, refúgio em grupo ou retiro romântico sejam mais memoráveis. Delicie-se com as modernas e generosas instalações do Azalea, equipadas com equipamento de cozinha, área de refeições e entretenimento.
TAPAddiction por Mom's Breaktime.
Localizado no Buendia Food pelo Tribunal Sen. Gil Puyat Avenue esquina Bautista e Finlandia Streets, Brgy. San Isidro, cidade de Makati.
Buendia ALIMENTO pelo TRIBUNAL.
Jante, relaxe e jogue basquete! Endereço: The Buendia Food Pelo Tribunal Sen. Gil Puyat Avenue esquina Bautista e Finlandia Streets, Brgy. San Isidro, Makati City Telemóvel: 0917.5576959 Email: buendiafoodbythecourt @ gmail.
SUDECO CONDOMÍNIO PARA ALUGAR.
Alugar um condomínio para Anvaya Cove Great Experience! Tel. No. (632) (02) 814-0711.
A primeira plataforma multimídia digital SparkUp é um espaço para a comunidade de jovens empreendedores apaixonados e ambiciosos.
DULDULAO DOT NET.
Negócios, Alimentos, Estilo de Vida, Tecnologia, Viagens e Outros Tópicos em Geral.

Sincronizando relógios de negociação para conformidade regulatória - suas redes estão prontas?
Este tipo de arquivo inclui gráficos e esquemas de alta resolução, quando aplicável.
Paul Skoog, gerente sênior de marketing de produtos da Microsemi Corp.
A exigência cada vez mais rígida do setor para o tempo de rede altamente preciso e rastreável é a norma atual para confirmar quando as transações ocorrem e fornecer trilhas de auditoria de pedidos. Na União Europeia, por exemplo, a Autoridade Europeia dos Valores Mobiliários e dos Mercados (ESMA) adotou a sua Diretiva relativa aos mercados de instrumentos financeiros 2 (MiFID 2). A partir de janeiro de 2018, o MiFID 2 requer a sincronização de sistemas de negociação de alta frequência para dentro de 100 μs do UTC com granularidade de precisão de 1 μs.
Da mesma forma, nos Estados Unidos, a Comissão de Valores Mobiliários dos Estados Unidos (SEC, na sigla em inglês) está fortalecendo os requisitos relacionados à precisão do relógio, granularidade e desvio máximo do relógio nos sistemas de negociação financeira. Por exemplo, para pedidos manuais, a SEC exige que as transações de ações sejam marcadas com data e hora com uma precisão de um segundo ou melhor, rastreáveis com o tempo universal coordenado (UTC) do Instituto Nacional de Padrões e Tecnologia (NIST).
Para quaisquer outros “relógios de negócios” usados no sistema para registrar a data e a hora dos eventos reportáveis, conforme exigido pelas regulamentações do setor, tanto o FINRA Reg. O Aviso 14-21 e a Regra SEC 613 aumentam a precisão e a granularidade do relógio de negociação. O último mandato da SEC chega a especificar o desvio máximo do clock. A identificação de descontinuidades no tempo de comercialização, muitas vezes relacionadas a atividades comerciais ilegais, é um dos principais objetivos subjacentes com diretivas, como os requisitos do SEC Consolidated Audit Trail e a auditoria em tempo real pelos sistemas SEC.
Tais regulamentos representam enormes desafios de sincronização para as empresas de valores mobiliários sujeitas a conformidade. Este artigo examinará a tecnologia do sistema necessária para sincronizar os relógios de negociação em conformidade com os requisitos financeiros do setor, aproveitando os recursos mais recentes do relógio atômico e o software usado para monitorar o tempo no sistema de rede, manter uma trilha de auditoria de precisão de sincronização entre sistemas e fornecer alertas se algum relógio estiver fora dos limites de precisão predefinidos.
Uma fonte de tempo precisa é imperativa.
Fundamentalmente, o tempo de rede é tão preciso quanto a sua fonte de tempo. Como observado acima, os tipos de aplicações e operações financeiras ditarão parâmetros de precisão de tempo. Para a maioria das operações de rede, como atualizações de arquivos de log ou segurança online, a precisão deve estar no intervalo de 1 a 10 ms. Esse requisito é mais rigoroso para a maioria das transações financeiras, com precisão típica para o nível de microssegundos e abaixo.
As organizações financeiras geralmente obtêm o UTC a partir de satélites de GPS, da Internet de um serviço terceirizado ou de um serviço de horário do governo, como fornecido pelo próprio NIST. No entanto, a UTC por meio do GPS continua a ser a maneira mais confiável de obter a precisão de tempo exigida para atender aos requisitos do setor financeiro.
O uso do tempo dos satélites de GPS requer um servidor de hora referenciado por GPS que fornece tempo para a rede local, que é então distribuída para os clientes da rede. Os servidores com melhor tempo geralmente estão dentro de alguns nanossegundos do UTC. As instituições que dependem de fontes de tempo baseadas na Internet podem usar o Network Time Protocol (NTP) para sincronização de relógio em máquinas clientes com relógios do servidor de horário da rede. No entanto, vale a pena observar que os servidores NTP "gratuitos" também estão entre os destinos mais comuns de negação de serviço distribuída (DDoS) na Internet. Com base em possíveis problemas de precisão e confiabilidade, esta última alternativa não é uma opção para as entidades que devem cumprir os mandatos regulamentares.
Questões de arquitetura de tempo para confiabilidade e conformidade.
A confiabilidade da sua arquitetura de cronometragem é um fator crítico para manter a conformidade com os requisitos regulamentares. As trilhas de auditoria dependem da precisão do arquivo de log, juntamente com a comprovação da precisão da sincronização de tempo entre os sistemas.
Usar o GPS como uma fonte para o UTC envolve retirar o sinal do ar para distribuição a clientes da rede - estações de trabalho, PCs, controladores, servidores, etc. - que precisam de um tempo preciso para estampa de tempo e sincronização de eventos. No entanto, o software de sincronização de tempo de rede preciso e confiável é algo que relativamente poucos clientes possuem nativamente. Para atender aos mandatos financeiros, as organizações precisam distribuir o tempo de forma confiável dos receptores GPS aos clientes da rede. Isto requer uma rede de distribuição de tempo, idealmente composta de servidores de tempo e clientes de tempo, para adquirir e distribuir tempo do receptor GPS em resposta a solicitações de tempo do cliente.
Do lado do cliente, os relógios que mantêm o tempo nos computadores são infames para derivação. Muitas vezes, com base em um oscilador de baixo custo ou relógio de cristal de quartzo baseado em bateria, o desvio do relógio do computador pode facilmente variar de segundos a até mesmo minutos por dia, dependendo do tipo de oscilador. O preço e o desempenho, neste caso, são altamente correlacionados. No entanto, a utilização de protocolos de sincronização de tempo NTP ou Precision Time Protocol (PTP) em conjunto com um receptor baseado em GPS pode resolver facilmente este problema.
Embora o GPS como fonte de tempo seja altamente preciso, os sistemas de tempo referenciados por GPS ainda são vulneráveis a interrupções de sinais, sejam eles maliciosos ou acidentais. A melhor defesa contra a perda de GPS é um oscilador de alta qualidade, como um relógio atômico, instalado em seu servidor de horário de rede. No caso em que a referência GPS é temporariamente interrompida, uma rede deve ser capaz de manter um tempo preciso, ou remanescente, para garantir a integridade de suas operações de rede.
Felizmente, o uso de um servidor de horário de rede moderno com registro de data e hora de hardware e um relógio atômico de rubídio acessível para resguardos protege contra essa vulnerabilidade a interrupções, pois mantêm a precisão de tempo e a granularidade necessárias. O relógio atômico permite que o sistema mantenha um tempo preciso por um longo período se o GPS não estiver disponível, reduzindo a probabilidade de exceder o limite de desvio do cliente antes que a equipe de TI tenha a chance de resolver o problema. O software também possibilita monitorar o tempo em sistemas de rede, manter uma trilha de auditoria de precisão de sincronização entre sistemas e fornecer alertas se algum relógio se desviar dos limites de precisão predefinidos.
A arquitetura de rede - baseada na combinação certa de receptor GPS e servidor de horário de rede, relógio atômico e software - é a chave para entregar um tempo preciso à rede financeira. Isso permite que a precisão e o desempenho de desvio necessários mantenham as instituições financeiras bem dentro dos mandatos dos órgãos reguladores de valores mobiliários.
Preocupações de segurança permanecem primordiais.
Como em todos os sistemas de rede, a segurança e a acessibilidade sempre serão prioridades para qualquer instituição financeira. A precisão de uma arquitetura de cronometragem pode ser irrelevante se o tempo da rede puder ser vulnerável a ataques ou expor outras partes da rede à infiltração.
No entanto, vários recursos de segurança implementados em servidores NTP modernos podem conter essas vulnerabilidades. Os fundamentos incluem listas de controle de acesso e acesso seguro ao gerenciamento, por exemplo, para proteger contra o uso não autorizado do servidor ou a entrada como vetor de ataque da rede. Recursos avançados mais notáveis que defendem contra ataques DDoS alavancam a marcação de tempo totalmente baseada em hardware e a limitação de largura de banda da CPU.
A tabela descreve os recursos de segurança que podem ser incluídos nos servidores NTP mais recentes.
Escolhendo o caminho certo para frente.
É possível superar os requisitos regulatórios financeiros com a combinação certa de servidor de horário de rede, relógio atômico e software para registro de tempo baseado em hardware, retenção de GPS e desempenho de desvio. No entanto, não haverá solução “one size fits all” para redes financeiras. O que está claro é que a precisão do tempo da rede deve ser uma prioridade consciente para as instituições financeiras, onde suas escolhas de arquitetura de cronometragem de rede e infraestrutura de sincronização de tempo auditável podem ter impacto de longo prazo. Fazer as escolhas certas agora ajudará as redes à prova do futuro, à medida que os requisitos de tempo regulamentar se tornarem cada vez mais rigorosos.

Códigos da Classe de Entrada Padrão (SEC).
Aplicações para o consumidor.
ARC - Entrada de Contas a Receber - Este Código de Classe de Entrada Padrão permite que os originadores convertam em uma Entrada Única um cheque de ACH recebido pelo correio dos EUA ou em um local da caixa de depósito para o pagamento de mercadorias ou serviços. O documento de origem do consumidor (ou seja, o cheque) é usado para coletar o número de roteamento do consumidor, o número da conta, o número de série do cheque e o valor em dólar da transação.
CIE - Entrada iniciada pelo cliente - As entradas iniciadas pelo cliente limitam-se a solicitações de crédito em que o consumidor inicia a transferência de fundos para uma empresa para pagamento de fundos devidos a essa empresa, normalmente por meio de algum tipo de provedor de serviços bancários.
MTE - Entrada de Transferência de Máquina - A Rede ACH suporta a compensação de transações de caixas eletrônicos, ou seja, Entradas de Transferência de Máquina (MTE).
PBR - Pagamento transfronteiriço ao consumidor - Este Código de Classe de Entrada Padrão é utilizado para a transmissão de entradas de crédito e débito ACH transfronteiriços do consumidor. Este Código SEC permite que os pagamentos transfronteiriços sejam prontamente identificados para que as instituições financeiras possam aplicar requisitos especiais de tratamento para pagamentos transnacionais, conforme desejado. O formato PBR acomoda informações detalhadas exclusivas para pagamentos transfronteiriços (por exemplo, conversão de moeda estrangeira, moeda de originação e destino, códigos de país, etc.).
POP - Entrada de Ponto de Compra - Este aplicativo de débito ACH é usado pelos originadores como um método de pagamento para a compra em pessoa de bens ou serviços pelos consumidores. Essas entradas de débito de entrada única são iniciadas pelo originador com base em uma autorização por escrito e informações de conta retiradas do documento de origem (um cheque) obtido do consumidor no ponto de venda. O documento de origem, que é anulado pelo comerciante e devolvido ao consumidor no ponto de compra, é usado para coletar o número de roteamento, o número da conta e o número de série do consumidor que será usado para gerar a entrada de débito para a conta do consumidor.
PPD - pagamento pré-arranjado & amp; Entrada de Depósito.
Depósito direto (crédito) - Depósito direto é um aplicativo de crédito que transfere fundos para uma conta de consumidor na Instituição financeira de depósito receptora. Os fundos depositados podem representar uma variedade de produtos, como folha de pagamento, juros, pensão, dividendos, etc. Pagamento de fatura pré-autorizado (débito) - o pagamento pré-autorizado é um aplicativo de débito. Empresas com operações de faturamento podem participar da ACH através da transferência eletrônica (débito direto) das entradas de pagamento de contas. Através de autorizações permanentes, o consumidor concede a autoridade da empresa para iniciar cobranças periódicas em sua conta como contas vencidas. Este conceito encontrou um sucesso apreciável em situações em que as faturas recorrentes são regulares e não variam em quantidade & mdash; prêmios de seguro, pagamentos de hipoteca e pagamentos de empréstimos parcelados são os exemplos mais proeminentes. As autorizações permanentes também foram bem-sucedidas para faturas em que o valor varia, como pagamentos de serviços públicos.
POS / SHR - Entrada de ponto de venda / transação de rede compartilhada - Esses dois códigos de classe de entrada padrão representam aplicativos de débito de ponto de venda em um ambiente compartilhado (SHR) ou não compartilhado (POS). Essas transações são geralmente iniciadas pelo consumidor através de um cartão de acesso de plástico.
RCK - Entrada de Cheque Re-apresentada - Uma Entrada de Cheque Re-apresentada é uma aplicação de débito ACH de Entrada Única usada pelos originadores para reapresentar um cheque que foi processado pelo sistema de coleta de cheques e devolvido devido a fundos insuficientes ou não cobrados. Esse método de coleta por meio da rede ACH, comparado ao processo de coleta de cheques, oferece aos criadores o potencial de melhorias na eficiência de processamento (como o controle do tempo de início da entrada no débito) e redução de custos.
TEL - Entrada iniciada por telefone - Este Código de Classe de Entrada Padrão é utilizado para a originação de uma transação de débito de Entrada Única em uma conta do consumidor, de acordo com uma autorização oral obtida do consumidor por telefone. Este tipo de transacção só pode ser originado quando existe (1) uma relação existente entre o originador e o receptor, ou (2) nenhuma relação existente entre o originador e o receptor, mas o receptor iniciou a chamada telefónica. Este Código SEC facilita o acesso à Rede ACH, fornecendo um método de autorização alternativo, autorização oral por telefone, para certos tipos de entradas de débito do consumidor.
WEB - Entrada iniciada pela Internet - Este Código de Classe de Entrada Padrão é usado para a originação de entradas de débito (Entrada Única ou Recorrente) em uma conta do consumidor, de acordo com uma autorização que é obtida do Receptor através da Internet. Este Código SEC ajuda a abordar questões de risco exclusivas inerentes ao ambiente de pagamento pela Internet, por meio de requisitos para procedimentos e obrigações adicionais de segurança.
Aplicativos corporativos.
CBR - Pagamento Corporativo Transfronteiriço - Este Código de Classe de Entrada Padrão é usado para a transmissão de entradas de crédito e débito transfronteiriças corporativas da ACH. Este Código SEC permite que os pagamentos transfronteiriços sejam prontamente identificados para que as instituições financeiras possam aplicar requisitos especiais de tratamento para pagamentos transnacionais, conforme desejado. O formato CBR acomoda informações detalhadas exclusivas para pagamentos internacionais (por exemplo, conversão de moeda estrangeira, moeda de originação e destino, códigos de país, etc.).
CCD - Concentração ou Desembolso de Caixa - Este aplicativo, Concentração de Caixa ou Desembolso, pode ser um aplicativo de crédito ou débito em que os fundos são distribuídos ou consolidados entre entidades corporativas. Este aplicativo pode servir como uma transferência de fundos independente ou pode suportar uma quantidade limitada de dados relacionados a pagamentos com a transferência de fundos.
CTX - Corporate Trade Exchange - O aplicativo Corporate Trade Exchange suporta a transferência de fundos (débito ou crédito) dentro de um relacionamento de parceiro comercial no qual uma mensagem ANSI ASC X12 completa ou pagamento relacionado às informações UN / EDIFACT é enviada com a transferência de fundos. A mensagem ANSI ASC X12 ou informações relacionadas ao pagamento de UN / EDIFACT são colocadas em vários registros de adendos.
Outras aplicações.
ACK / ATX - Entradas de Confirmação - Estes Códigos de Classe de Entrada Padrão opcionais estão disponíveis para uso pelo RDFI para confirmar o recebimento de pagamentos de crédito ACH originados usando os formatos CCD ou CTX. Estes reconhecimentos indicam ao originador que o pagamento foi recebido e que o RDFI tentará lançar o pagamento na conta do Depositário. Entradas de confirmação iniciadas em resposta a uma entrada de crédito CCD utilizam o formato ACK. Reconhecimentos iniciados em resposta a uma entrada de crédito do CTX utilizam o formato ATX.
ADV - Automated Accounting Advice - Este Código de Classe de Entrada Padrão representa um serviço opcional a ser fornecido pelos operadores ACH que identifica os avisos contábeis automatizados de informações contábeis ACH em formato legível por máquina para facilitar a automação das informações contábeis para as DFIs participantes.
COR - Notificação Automatizada de Alteração ou Recusa Notificação de Alteração - Este Código de Classe de Entrada Padrão é usado por um RDFI ou ODFI ao originar uma Notificação de Alteração ou Recusada Notificação de Alteração em formato automatizado. Ele também é usado pelo operador ACH que converte as notificações de alteração de papel em formato automatizado.
DNE - Entrada de Notificação de Morte - Esta aplicação é utilizada por uma agência do governo federal (por exemplo, Administração da Previdência Social) para notificar uma instituição financeira depositária de que o recebedor de um pagamento de benefício do governo morreu.
ENR - Inscrição de Inscrição Automatizada - Este Código SEC opcional permite que uma instituição financeira depositária transmita informações de inscrição da ACH para agências do governo federal através da ACH Network para futuras aplicações de crédito e débito em nome de consumidores e empresas.
TRC / TRX - Entradas Truncadas - Este Código de Classe de Entrada Padrão é usado para identificar lotes de verificações truncadas. Para obter mais informações sobre o truncamento de cheques, consulte a NACHA (National Association for Check Storage Guidelines) disponível.
XCK - Entrada de Cheque Destruído - Este aplicativo pode ser utilizado por uma instituição coletora para a coleta de certos cheques quando esses cheques forem destruídos.

Sistemas de negociação alternativos com formatos arquivados com o segundo
AGÊNCIA: Commodity Futures Trading Commission.
DATA EFETIVA: [Inserir data 30 dias após a data de publicação no REGISTO FEDERAL].
PARA MAIS INFORMAÇÕES, CONTATO: Edson G. Case, Advogado, ou Laurie Plessala Duperier, Advogada Especial, Divisão de Negociações e Mercados, Comissão de Negociação de Futuros de Commodities, Three Lafayette Center, 1155 21st Street, NW, Washington, DC 20581. Telefone (202) 418-5430.
Em 5 de junho de 1998, a Comissão de Negociação de Futuros de Commodities ("Comissão" ou "CFTC") publicou uma Notificação do Federal Register propondo várias alterações aos requisitos de registro do Regulamento da Comissão 1.31 (a "Proposta"). (1) À luz do número significativo de registandos da Comissão sujeitos aos requisitos de conservação de documentos da Comissão dos Valores Mobiliários dos Estados Unidos da América ("SEC"), a proposta incluía muitas disposições semelhantes às adoptadas pela SEC em 1997. (2) Proposal's overall design reflected the Commission's dual goals of "maximiz[ing] the cost-reduction and time-savings arising from technological developments in the area of electronic storage media" and maintaining the type of safeguards that "ensure the reliability of the recordkeeping process. ">(3) The comment period on the Proposal originally was due to expire on August 4, 1998. Upon request from the Futures Industry Association ("FIA"), the Commission extended the deadline to August 18, 1998, to encourage comment by interested persons.
The Commission is publishing final rules that respond to comments expressed by industry participants and that track closely the SEC's recordkeeping requirements. While the final rules are similar to the Proposal in most respects, the Commission intends to modify certain staff practices in light of the comments received. The final rules and modifications to staff practices will provide recordkeepers with opportunities to reduce costs and improve both the efficiency and security of their recordkeeping systems by initiating a transition to electronic storage of Commission-required records.
The Commission recognizes the important role improved technology can play in the continued development of the futures industry. Minimizing unnecessary regulatory obstacles to the adoption of improved technology is a goal of industry members, customers, and the Commission. Indeed, the pace of technological changes will require the Commission continually to review the standards articulated in this rule to ensure that the recordkeeping requirements reflect to the extent possible the reality of established technological innovation. The Commission therefore welcomes consultation with industry participants and specific proposals regarding how the regulations might be amended in the future to permit the futures industry to use available technology and to respond to the Commission's legitimate need to have access to complete and accurate records when necessary.
II. Nature of the Proposal.
A. Current Rule 1.31.
Commission Regulation 1.31 sets forth certain recordkeeping requirements imposed by the CEA and Commission regulations. Subsection (a) describes the general rule. It mandates that all records required to be kept by the Act or Commission regulations ("required records") be maintained for five years and be kept "readily accessible" during the first two years. It also defines the inspection and production rights of representatives of the Commission and the Department of Justice. (4)
Subsections (b) and (c) establish alternative requirements for required records that are stored as reproductions. Recordkeepers that fulfill the conditions for alternative treatment may dispose of original required records. Eligibility for alternative treatment is limited to particular classes of records that are reproduced on microfilm, microfiche, or optical disk. Computer and machine generated records are immediately eligible for reproduction and storage on one of the alternative media. Most other required records become eligible after two years of storage. Trading cards and written customer orders are ineligible; originals must be maintained for the full five-year period. Subsection (c) describes the special inspection and production conditions applicable to recordkeepers that choose to store reproductions rather than original required records. (5)
B. Proposed Rules.
The Proposal would eliminate the current requirement that the original of most required records be maintained for two years. (6) Immediate storage of reproductions maintained on micrographic or electronic storage media will enable recordkeepers to lower storage costs significantly by discarding original records following the successful storage of a reproduction. Moreover, the Proposal gave recordkeepers increased flexibility in selecting the advanced technology best suited to their business requirements by substituting the less restrictive category "electronic storage media" for "optical disk" in describing the storage media recordkeepers could employ. (7) As a result, recordkeepers may now take advantage of electronic storage technologies such as digital tape. (8)
In addition, consistent with both the SEC's approach and current Commission requirements, the Proposal set forth several conditions on recordkeepers who choose to meet their obligations by retaining reproductions rather than original records including safeguards to ensure timely access to the reproductions and the Commission's ability to maintain its access to required records despite catastrophic events. (9)
The Proposal articulated additional conditions on recordkeepers that choose to meet their obligations by retaining reproductions on electronic storage media rather than micrographic storage media. First, to ensure that there was an effective check on the reliability of the transfer process, the Proposal required electronic recordkeepers to maintain written operational procedures and controls that would provide accountability over both the initial entry of required records to the electronic storage media and the entry of each change made to any such records. (10) Second, due to practical limitations on the Commission's ability to process data stored in the full range of available formats and coding structures on the full range of storage media available to recordkeepers, the Proposal required electronic recordkeepers to provide copies of requested records on "Commission compatible machine-readable media" with the format and coding structure specified in the request. (11)
Third, like the SEC's rules, the Proposal required recordkeepers using electronic storage media to keep available for inspection "all information necessary to access records and indexes maintained on electronic storage media. . . ." (12)
The Proposal contained a final, additional condition on recordkeepers who stored all required records or all of a particular class of required records solely on electronic storage media. To address those situations in which such a recordkeeper was unable or unwilling to provide Commission representatives with an appropriate means to view and copy specified records and failed to maintain or permit inspection of the information necessary to access requested records, the Proposal required such recordkeepers to enter into an arrangement with a third-party Technical Consultant. (13)
The Commission received nine comments on the Proposal. Commenters included the National Futures Association ("NFA"), four designated futures exchanges, two commodity industry associations, and First Options of Chicago, Inc. ("FOC"), a registered futures commission merchant ("FCM"), which submitted two comments. (14) Most commenters praised the Commission for proposing revisions to its recordkeeping requirements. One commodity exchange praised the Proposal for giving recordkeepers "flexibility to use technological advances in the electronic storage media to reduce the costs associated with record retention." (15) A commodity industry association commended the Commission for moving toward a more generic, performance-based approach to the definition of permissible record storage technology. Another commodity exchange agreed that aspects of the Proposal could lead to improvement in both the security and availability of required records. NFA characterized the Proposal as "a significant step in the right direction . . . . (16)
In view of the significant number of firms subject to regulation under both the federal commodity and securities laws, the final regulations recognize the value of maintaining consistency, where possible, between the Commission's approach to recordkeeping and that of the SEC. The regulations do not reflect strict conformity with the regulations the SEC adopted in 1997, however, because the Commission concluded that there were significant differences between the commodities and securities industry that justified retaining certain of its current rules. (17)
The comments focused primarily on five areas, each of which is discussed below.
A. Maintaining Original Written Trading Cards and Order Tickets.
The Proposal permitted recordkeepers to transfer most categories of records to micrographic or electronic storage media immediately, eliminating the need to keep original records for two years. However, original trading cards and customer order tickets were required to be maintained for the full five-year period. A majority of commenters cited cost, efficiency and security concerns in questioning why the Commission declined to permit written trading cards and customer orders to be stored electronically. Both commodity industry associations emphasized that firms incur significant costs organizing, indexing, and storing order tickets and trading cards. FOC noted that firms also incur significant costs to retrieve such records, and one exchange estimated that it expended $100,000 each year to retrieve records requested under Commission Regulation 1.31. Commenters also questioned why retention of original trading cards and order tickets is an important element of an effective audit trail for futures transactions, particularly since the SEC permits electronic storage of written trading cards and order tickets. One commodity industry association urged the Commission to "consider whether the high cost and burden of maintaining original written orders and trading cards is disproportionate to the limited use of these documents in enforcement cases." (18)
The Commission recognizes that electronic storage of written trading cards and order tickets could reduce storage costs, increase the efficiency of the retrieval process, and help eliminate certain security problems attendant to the storage of paper records. Nevertheless, given the importance these original records continue to play in the futures industry, the Commission believes that it would be imprudent to rely solely on electronic versions of these records at this time. Although the SEC permitted electronic storage of these documents, it recognized the need for caution in this area and rested its decision to eliminate the requirement that recordkeepers maintain originals largely on the diminished role such written records play due to the prevalence of electronic order routing in the securities industry. (19)
Review of written trading records for differences in the instrument used to record apparently contemporaneous information remains a regular feature of investigations focusing on potential trade practice or allocation violations. (20) FOC contended that current technology can produce superb reproductions that make differences in hand writing and time stamps clearly visible. Even if we assume this to be true, (21) this argument does not address the full range of material information Commission auditors and investigators may gather by examining original written trading records. For example, the Commission's Division of Enforcement often examines these records in the context of a variety of alleged violations. (22) If only electronically stored records were available, errors in the scanning process, such as failing to process information on both sides of a written order ticket, would deprive investigators of material information. Moreover, even properly scanned records could deprive investigators of currently available information. For example, it is unlikely that investigators could distinguish ink colors on scanned documents or detect either erasure or the use of products such as white out. This type of discrepancy may be important in establishing that a participant in the transaction inserted some information on a trading card or order ticket after the bulk of the information had already been recorded. (23)
Many commenters offered support for a compromise position suggested by the FIA. Under this proposal, original written trading records would be retained for one year. During this period, the written trading records would be stored on "high-quality micrographic or electronic storage media that are reasonably able to detect alterations." (24) After the initial year, recordkeepers would be free to destroy original written trading records and to fulfill their obligations under Regulation 1.31 by producing reproductions of the stored records.
The FIA proposal rests on an assumption that is not necessarily correct. According to FIA, the experience of futures exchanges indicates that auditors or compliance investigators generally request access to written trading documents within one year of their creation. FIA's implicit assumption is that there is no practical need to retain original written trading documents for more than a year because the experience of Commission auditors and investigators is fully consistent with their exchange counterparts.
The Commission's experience with audits and investigations indicates that there is no reliable basis for predicting the period of time that any particular original written trading record will be needed. For example, investigations of trade practice allegations are frequently lengthy due to both the complexity of the underlying transactions and efforts by many participants to disguise their intent in entering the transactions. Information may not come to the Commission's attention within a year of the wrongdoing, and the suspicious activity often spans more than a one-year period. Moreover, review of written trading records from a multi-year period may reveal the type of pattern of suspicious trading that facilitates prosecution of trade practice violations. (25)
Given the legitimate needs of its auditors and investigators, the Commission cannot endorse the one-year retention period proposed by FIA. Nevertheless, the Commission is modifying staff audit and investigative practices in order to permit recordkeepers to take advantage of some of the benefits of electronic storage technology, yet protect the Commission's interest in maintaining access to original trading records. Under the revised practice, if a recordkeeper chooses to transfer trading cards and customer order tickets to electronic media, a recordkeeper initially may respond to a request for written trading cards and order tickets by producing reproductions maintained on electronic storage media unless the staff request specifically provides to the contrary. Staff generally will review these reproductions prior to requesting production of original written trading cards or order tickets. (26) If this review confirms that further investigation or examination of original trading records is unwarranted, the recordkeeper's original trading cards and order tickets may remain in storage.
While recordkeepers transferring original written trading documents to electronic storage media will incur some additional costs, they also may obtain substantial benefits from this change in policy. For example, recordkeepers should be able to reduce retrieval costs, to locate requested records more expeditiously, and to improve the security of their stored original records. (27) Commission auditors and investigators should also benefit by obtaining more expeditious and complete responses to their requests. Of course, the success of this process will depend on the ability of recordkeepers not only to select electronic storage systems that will produce high quality reproductions, but also to manage the implementation challenges likely to arise in transitioning from a paper-based system properly. In addition, Commission experience with recordkeepers who choose to make records available on electronic storage media pursuant to this policy should provide a basis for reassessing the continued need for retention of original trading cards and order tickets. (28)
B. Timeliness of Responses to Production Requests.
Under current requirements, original records must be produced "promptly" and reproductions stored on micrographic media or optical disk must be produced "immediately." Some commenters believed that "immediately" is an unduly vague standard. Commenters also emphasized that this standard does not acknowledge the relevance of practical circumstances that can delay production by even cooperative recordkeepers. Thus, many commenters urged the Commission to require that both original records and reproductions stored on micrographic or electronic storage media be produced "promptly."
There is no evidence that the current dual production standard has created any practical problems. While the rule grants Commission staff broad discretion in determining when specified records should be produced, none of the commenters has claimed that Commission staff have abused this discretion by establishing arbitrary deadlines that ignored relevant circumstances. (29) Indeed, FIA's comment stated that Commission staff "typically exhibits flexibility when requesting documents to accommodate practical considerations." (30)
The "immediately" standard provides recordkeepers with notice of the highest level of timeliness Commission representatives may demand in seeking production. As indicated in the Proposal, Regulation 1.31 requires that reproductions stored on micrographic or electronic storage media be produced "immediately" rather than "promptly" because, in general, it is easier to locate and to produce such reproductions than to locate and to produce original records. The dual standards make it clear that Commission auditors and investigators are authorized to demand that reproductions be produced more quickly than original records. At the same time, they require auditors and investigators to weigh a recordkeeper's potentially more limited ability to locate and produce original records in establishing a deadline for their production.
The Commission recognizes that applicable deadlines should reflect an evaluation of factors such as the volume of documents covered by a request, competing requests from other regulators, or unusual and unforeseeable circumstances that prevent the recordkeeper from accessing electronically controlled records. Staff discretion, however, plays a necessary role in an effective production process, and there is no indication that staff has failed to exercise their discretion sensibly. (31) On the current record, there is no basis for imposing further limitations on the discretion exercised by Commission auditors and investigators.
C. Retention of a Consultant.
As noted above, the Proposal, like the SEC rules, required recordkeepers who stored all required records or all of a particular class of required records solely on electronic storage media to enter into an arrangement with a third-party Technical Consultant. (32) Commenters criticized this aspect of the Proposal for imposing a costly burden that will discourage transition to electronic storage systems. Commenters also argued that this safeguard will threaten the confidentiality of information maintained by recordkeepers.
The Commission has decided to adopt this aspect of the Proposal without change. The SEC has required this type of safeguard since 1993. (33) A significant number of Commission registrants are subject to the SEC's recordkeeping requirements, and none of the comments on the Proposal describes any problems with the implementation of this safeguard under the SEC's rules. Recordkeepers are only required to enter an arrangement with a Technical Consultant if they choose to store all required records or all of a particular class of required records solely on electronic storage media. As a result, recordkeepers may protect themselves from costs related to retaining a Technical Consultant by maintaining backup copies of electronically stored records in either a hard copy or micrographic version. As to confidentiality concerns relating to a Technical Consultant's access to required records, recordkeepers may protect themselves by entering into appropriate confidentiality agreements with their Technical Consultants. In short, the objections that have been raised by commenters do not establish that there are circumstances unique to the futures industry that warrant a deviation from the SEC policy. (34)
D. Production on Commission Compatible Machine-Readable Media.
The Proposal required recordkeepers using electronic storage media to provide copies of requested records on Commission compatible machine-readable media (as defined by Commission Regulation 15.00(l)) (35) with the format and coding structure specified in the request. Two commenters stated that neither the Proposal nor Regulation 15.00(l) provides adequate notice of either the range of media that the Commission will deem compatible or the range of formats and coding structures that may be required. In response to these comments, the Commission has decided to provide guidance about the intent underlying this provision and to direct staff to take steps to provide recordkeepers with ongoing notice of the applicable requirements. (36)
The requirement that recordkeepers provide documents to the Commission in one of the many identified formats arises out of practical limitations on the Commission's ability to process data stored in the full range of available formats and coding structures on the full range of storage media available to recordkeepers. The Commission uses standard desktop tools including Microsoft Office Professional 97. Recordkeepers using storage systems with compatible format and coding structures should not experience significant problems providing Commission auditors and investigators with acceptable machine-readable media. Records that include data files and images will be acceptable if accompanied by appropriate information. (37) Where the records are from a relational data base management system, the Commission would prefer that the recordkeeper convert the records to an acceptable data file format. Under appropriate conditions, however, the Commission will also accept such records in another format. (38) Where the records are from a different source, providers will need to coordinate with the Commission to determine acceptability.
Recordkeepers can provide information to the Commission on a number of different media. Clearly, a small file can be placed on a diskette or set of diskettes. CD-ROM, 4mm tape, 30 GB DLT tape, nine-track tape and IBM 3490 cartridge tapes are also acceptable. Absent security concerns, email attachments and FTP transmitted files are acceptable. Providers will need to coordinate with the Commission if different media are contemplated.
Of course the Commission's capabilities in this regard will change over time. To provide affected recordkeepers with continuous notice of what is currently acceptable, the Commission is modifying current staff practice to require preparation of an updated list of formats and coding structures as changes are made. Notice of any changes to the list will be available both in writing and on the Commission's web page, and an updated list will be published in the Federal Register .
E. Waiver of Privilege.
Consistent with current Commission requirements, the Proposal provided that recordkeepers employing micrographic or electronic storage systems must agree to waive any privilege, claim of confidentiality or other objection to the disclosure of non-Commission-required records stored on the same individual medium as Commission-required documents. Some commenters characterized this approach as inflexible and urged the Commission to adopt an approach modeled on ABA Op. No. 92-368 (Standing Committee on Ethics and Professional Responsibility Nov. 10, 1992). (39)
The Commission has decided that the waiver language should be deleted from Regulation 1.31. While courts are not in agreement about the proper application of the "inadvertent waiver" theory discussed in the ABA's Opinion, the Commission does not believe that a recordkeeper should be precluded by rule from raising a question about privilege if a privileged document has been inadvertently stored and/or produced on the same medium as Commission-required documents. (40) In an effort to avoid this problem, the deleted waiver language will be replaced with the current Commission requirement that recordkeepers store Commission-required records on a separate individual medium from non-Commission-required records. Waiver, however, will no longer be a mandatory consequence of failing to fulfill this segregation requirement, at least by operation of regulation.
1. Generic standards.
Several commenters urged the Commission to adopt generic standards of accessibility, security, and reliability that do not distinguish between original records and eligible substitutes. One of the commodity industry associations argued that the adoption of generic performance standards would increase flexibility and decrease the likelihood that the applicable standards would become "outdated" due to continued technological developments. One exchange commenter claimed that such a unitary approach would ensure consistency and lessen confusion.
A generic approach may have certain advantages in an area likely to be affected by rapid technological change. Some comments on the Proposal, however, illustrate the weaknesses of any approach that fails to provide sufficiently specific notice of the procedures the Commission considers necessary to a reliable system of records. These comments suggest that, absent specific guidance, many industry participants would interpret their recordkeeping duties in a manner the Commission views as incompatible with the public interest. (41)
More importantly, none of the commentators that urged adoption of more generic standards offered the type of specific proposal that would permit the Commission to make a reasoned evaluation of the practical costs and benefits of a more generic approach. Indeed, none of the commenters cited to generic standards adopted by a state or federal regulatory body with responsibilities comparable to those the CEA entrusts to the Commission. The absence of any specific proposals may be a product of the futures industry's limited experience with.
the design or implementation of large-scale electronic storage systems. (42) We emphasize that movement toward more generic standards may well be appropriate as industry experience and expertise develop. Indeed, as part of its ongoing evaluation of developments warranting additional amendments to its recordkeeping requirements, the Commission encourages the submission of specific proposals for generic standards that both provide recordkeepers with the flexibility necessary to maximize the cost reduction and time savings available from improved storage technology and ensure that Commission auditors and investigators maintain timely access to a reliable system of records.
2. Format of Storage Media.
One exchange commenter noted that one of the Proposal's four characteristics for defining electronic storage media could be misconstrued as requiring that the storage system itself exclusively preserve records in a non-rewritable, non-erasable format. It suggests that such an interpretation could disqualify CD-ROM storage systems with rewritable CD-ROM capabilities. The Commission agrees that the medium, not the storage system itself, must exclusively preserve records in a non-rewritable, non-erasable format.
3. Escrow agreements.
Two exchange commenters opposed the Proposal's requirement that recordkeepers using electronic storage media keep available for inspection all information necessary to access records and indexes maintained on electronic storage media or, in the alternative, place such information in escrow and, as necessary, update the information. These commenters raised the possibility that third-party vendors may be unwilling to enter into source code escrow agreements. As noted in the Proposal, however, such escrow agreements are a common feature of software licensing agreements. There is no indication that the similar safeguard in the SEC's rules has resulted in problems with third-party vendors. Given the speculative nature of the information provided by the commenters, modification of this safeguard is not warranted.
4. Written Procedures.
Several commenters objected to the Proposal's requirement that electronic recordkeepers maintain written operational procedures and controls that would provide accountability over both the initial entry of required records to the electronic storage media and the entry of each change made to any such records. As noted in the Proposal, the Commission believes that all recordkeepers must have and enforce procedures to keep their required records from being altered or destroyed. (43) The Proposal's specific requirements for electronic storage systems reflect the special security/integrity concerns that attend the transition process from paper-based recordkeeping systems. While experience may prove these special precautions unnecessary, the arguments raised by the commenters do not warrant their deletion at this time.
5. Adjusting Requirements in Response to Technological Change.
Several commenters noted that some of the Proposal's requirements may quickly become outdated due to rapid developments in the technology underlying electronic storage media. These commenters observed that addressing the necessary adjustments through the rulemaking process may prove unduly slow, costly and inflexible.
The rulemaking process can play an important role in identifying and removing such obstacles. While the notice and comment process that underlies rulemaking can result in limited delays, this process helps ensure that the Commission's deliberations are informed by the perspectives of a broad range of interested parties. Moreover, as in this instance, the rulemaking process can play an important rule in harmonizing the approach different regulators take to common areas of concern, thereby minimizing the regulatory burden imposed on firms subject to dual regulation.
The Commission has adequate tools to address short-term inefficiencies in the regulatory process. On several occasions during the past two years, the Commission has provided interim relief from the current requirements of Rule 1.31 to Commission registrants using advanced technology. (44)
This relief has helped minimize obstacles to the adoption of new technology while the Commission addressed the need for final amendments to Rule 1.31. If circumstances warrant, similar relief can be made available in the future.
IV. Related Matters.
A. Regulatory Flexibility Act.
The Regulatory Flexibility Act ("RFA"), 5 U. S.C. § 601, et seq. , 611, requires that, in adopting rules and regulations, all federal agencies consider their impact on small entities. In accordance with Section 601(3) of the RFA, the Commission published a "Policy Statement of Definitions of Small Entities for Purposes of the Regulatory Flexibility Act," 47 FR 18618 (Apr. 30, 1982). In that statement, (45) the Commission indicated that some classes of persons were excluded from the definition of small entities. These include: futures commission merchants registered or required to be registered; floor brokers employed by registered futures commission merchants; commodity pool operators registered or required to be registered; and large traders in the futures market. The Commission considers other entities to be small under particular facts and circumstances. These include: futures commission merchants exempt from registration; commodity pool operators exempt from registration; introducing brokers; floor brokers not employed by futures commission merchants; floor traders; and commodity trading advisors. Because the rules discussed herein will affect the full spectrum of Commission registrants, it is likely that small entities within the meaning of the RFA will be affected.
The final rules would generally expand the category of record storage systems permissible under the Commission's rules. The Commission anticipates that these rules will increase small entities' freedom to tailor their record storage systems to the overall needs of their businesses. The final rules will have no impact on a small entity that chooses to maintain a paper-based record storage system. However, if a small entity chooses to use micrographic storage media, it may incur costs related to creation of the duplicate record and storage at a location separate from the micrographic record. Costs can be reduced by moving the hard copies of the records to a separate location.
The final rules will permit small entities that choose to use electronic storage media for their storage record systems to select systems that may be less costly and simpler to manage. The final rules will impose limited additional burdens on these entities, including requirements that the recordkeeper: (1) provide a representation that the system meets pertinent regulatory requirements prior to converting to an electronic storage system; (2) create a duplicate of both required records and an index of those records and maintain the duplicate at a separate location; (3) create and maintain an audit system for transferring records to electronic storage media; (4) take steps to ensure Commission access to information necessary to download records from the electronic storage media; and (5) provide an independent source for the downloading of records that are maintained solely on electronic storage media. The Commission anticipates that small entities will not convert their recordkeeping systems to electronic storage media unless the accompanying burdens are outweighed by the financial savings and operational efficiency that would result from the change to electronic storage media.
The Chairperson, on behalf of the Commission, hereby certifies, pursuant to 5 U. S.C. 605(b), that the action taken herein will not have a significant economic impact on a substantial number of small entities.
B. Paperwork Reduction Act.
When publishing final rules, the Paperwork Reduction Act of 1995 (46) ("PRA") imposes certain requirements on federal agencies (including the Commission) in connection with their conducting or sponsoring any collection of information as defined by the PRA. In compliance with the PRA, these final rules and/or their associated information collection requirement inform the public of:
(1) The reasons the information is planned to be and/or has been collected; (2) the way such information is planned to be and/or has been used to further the proper performance of the functions of the agency; (3) an estimate, to the extent practicable, of the average burden of the collection (together with a request that the public direct to the agency any comments concerning the accuracy of this burden estimate and any suggestions for reducing this burden); (4) whether responses to the collection of information are voluntary, required to obtain or retain a benefit or mandatory; (5) the nature and extent of confidentiality to be provided, if any; and (6) the fact that an agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a current valid OMB control number.
The Commission previously submitted these rules in proposed form and their associated information collection requirement to the Office of Management and Budget. The Office of Management and Budget approved the collection of information associated with these rules on October 24, 1998, and assigned OMB control number 3038-0022, Rules Pertaining to Contract.
Markets and Their Members, to these rules. The burden associated with this entire collection 3038-0022, including these final rule amendments, is as follows:
Average burden hours per response: 3,609.89.
Number of respondents: 15,893.
Frequency of response: On occasion.
The burden associated with the final rule amendments, is as follows:
Average burden hours per response: 17.50.
Number of respondents: 3,412.
Frequency or response: On occasion.
Persons wishing to comment on the information required by these final rules should contact the Desk Officer, CFTC, Office of Management and Budget, Room 10202, NEOB, Washington, DC 20503, (202) 395-7340. Copies of the information collection submission to OMB are available from the CFTC Clearance Officer, 1155 21st Street N. W., Washington, DC 20581, (202) 418-5160.
List of Subjects.
Part 1 -- GENERAL REGULATIONS UNDER THE COMMODITY EXCHANGE ACT.
1. The authority citation for Part 1 continues to read as follows:
Authority: 7 U. S.C. 1a, 2, 2a, 4, 4a, 6, 6a, 6b, 6c, 6d, 6e, 6f, 6g, 6h, 6i, 6j, 6k, 6l, 6m, 6n, 6o, 6p, 7, 7a, 7b, 8, 9, 12, 12a, 12c, 13a, 13a-1, 16, 16a, 19, 21, 23, 24.
2. Section 1.31 is amended by revising paragraphs (b), (c), and (d) to read as follows:
§ 1.31 Books and records, keeping and inspection.
(b) Except as provided in paragraph (d) of this section, immediate reproductions on either "micrographic media" (as defined in paragraph (b)(1)(i) of this section) or "electronic storage media" (as defined in paragraph (b)(1)(ii) this section) may be kept in that form for the required time period under the conditions set forth in this paragraph (b).
(1) For purposes of this section:
(i) The term "micrographic media" means microfilm or microfiche or any similar medium.
(ii) The term "electronic storage media" means any digital storage medium or system that:
(A) Preserves the records exclusively in a non-rewritable, non-erasable format;
(B) Verifies automatically the quality and accuracy of the storage media recording process;
(C) Serializes the original and, if applicable, duplicate units of storage media and creates a time-date record for the required period of retention for the information placed on such electronic storage media; e.
(D) Permits the immediate downloading of indexes and records preserved on the electronic storage media onto paper, microfilm, microfiche or other medium acceptable under this paragraph upon the request of representatives of the Commission or the Department of Justice.
(2) Persons who use either micrographic media or electronic storage media to maintain records in accordance with this section must:
(i) Have available at all times, for examination by representatives of the Commission or the Department of Justice, facilities for immediate, easily readable projection or production of micrographic media or electronic storage media images;
(ii) Be ready at all times to provide, and immediately provide at the expense of the person required to keep such records, any easily readable hard-copy image that representatives of the Commission or Department of Justice may request;
(iii) Keep only Commission-required records on the individual medium employed (e. g., a disk or sheet of microfiche);
(iv) Store a duplicate of the record, in any medium acceptable under this regulation, at a location separate from the original for the period of time required for maintenance of the original; e.
(v) Organize and maintain an accurate index of all information maintained on both the original and duplicate storage media such that:
(A) The location of any particular record stored on the media may be immediately ascertained;
(B) The index is available at all times for immediate examination by representatives of the Commission or the Department of Justice;
(C) A duplicate of the index is stored at a location separate from the original index; e.
(D) Both the original index and the duplicate index are preserved for the time period required for the records included in the index.
(3) In addition to the foregoing conditions, persons using electronic storage media must:
(i) Be ready at all times to provide, and immediately provide at the expense of the person required to keep such records, copies of such records on such approved machine-readable media as defined in Section 15.00(l) of this chapter which any representative of the Commission or the Department of Justice may request. Records must use a format and coding structure specified in the request.
(ii) Develop and maintain written operational procedures and controls (an "audit system") designed to provide accountability over both the initial entry of required records to the electronic storage media and the entry of each change made to any original or duplicate record maintained on the electronic storage media such that:
(A) The results of such audit system are available at all times for immediate examination by representatives of the Commission or the Department of Justice;
(B) The results of such audit system are preserved for the time period required for the records maintained on the electronic storage media; e.
(C) The written operational procedures and controls are available at all times for immediate examination by representatives of the Commission or the Department of Justice.
(A) Maintain, keep current, and make available at all times for immediate examination by representatives of the Commission or Department of Justice all information necessary to access records and indexes maintained on the electronic storage media; ou.
(B) Place in escrow and keep current a copy of the physical and logical format of the electronic storage media, the file format of all different information types maintained on the electronic storage media and the source code, documentation, and information necessary to access the records and indexes maintained on the electronic storage media.
(4) In addition to the foregoing conditions, any person who uses only electronic storage media to preserve some or all of its required records ("Electronic Recordkeeper") shall, prior to the media's use, enter into an arrangement with at least one third party technical consultant ("Technical Consultant") who has the technical and financial capability to perform the undertakings described in this paragraph (b)(4). The arrangement shall provide that the Technical Consultant will have access to, and the ability to download, information from the Electronic Recordkeeper's electronic storage media to any medium acceptable under this regulation.
(i) The Technical Consultant must file with the Commission an undertaking in a form acceptable to the Commission, signed by the Technical Consultant or a person duly authorized by the Technical Consultant. An acceptable undertaking must include the following provision with respect to the Electronic Recordkeeper:
With respect to any books and records maintained or preserved on behalf of the Electronic Recordkeeper, the undersigned hereby undertakes to furnish promptly to any representative of the United States Commodity Futures Trading Commission or the United States Department of Justice (the "Representative"), upon reasonable request, such information as is deemed necessary by the Representative to download information kept on the Electronic Recordkeeper's electronic storage media to any medium acceptable under 17 CFR § 1.31. The undersigned also undertakes to take reasonable steps to provide access to information contained on the Electronic Recordkeeper's electronic storage media, including, as appropriate, arrangements for the downloading of any record required to be maintained under the Commodity Exchange Act or the rules, regulations, or orders of the United States Commodity Futures Trading Commission, in a format acceptable to the Representative. In the event the Electronic Recordkeeper fails to download a record into a readable format and after reasonable notice to the Electronic Recordkeeper, upon being provided with the appropriate electronic storage medium, the undersigned will undertake to do so, at no charge to the United States, as the Representative may request.
(c) Persons employing an electronic storage system shall provide a representation to the Commission prior to the initial use of the system. The representation shall be made by the person required to maintain the records, the storage system vendor, or another third party with appropriate expertise and shall state that the selected electronic storage system meets the requirements set forth in paragraph (b)(1)(ii) of this section. Persons employing an electronic storage system using media other than optical disk or CD-ROM technology shall so state. The representation shall be accompanied by the type of oath or affirmation described in Section 1.10(d)(4).
(d) Trading cards, documents on which trade information is originally recorded in writing, and written orders required to be kept pursuant to § 1.35(a), (a-1)(1), (a-1)(2) and (d) must be retained in hard-copy for the required time period.
Issued in Washington, DC on by the Commission.
Jean A. Webb, Secretary of the Commission.
2 62 FR 6469 (Feb. 12, 1997). The SEC's rulemaking involved reporting requirements for brokers or dealers under the Securities Exchange Act of 1934. The Commission has relied on these rules in addressing recordkeeping issues on prior occasions. See , e. g. , 62 FR 39104 (July 22, 1997) (interpreting Commission requirements affecting the use of electronic media by commodity pool operators ("CPOs") and commodity trading advisors ("CTAs") and amending Part 4 of the Commission's Rules in light of the interpretation); 62 FR 31507 (June 10, 1997) (issuing guidance regarding a futures commission merchant's ("FCM's") electronic delivery of confirmation, purchase-and-sale, and monthly statements to customers and the related recordkeeping requirements); 62 FR 7675 (February 20, 1997) (permitting the use of electronic records of customer orders generated by an electronic order-routing system).
4 For example, Regulation 1.31(a) provides that all required records shall be open to inspection by such representatives. It also requires recordkeepers to provide copies or originals of any required record "promptly," upon request.
5 For example, persons maintaining reproductions must maintain indexes of the records and have facilities that permit representatives of the Commission and the Department of Justice to view and obtain hard copies of the records immediately. For records stored on optical disk, Regulation 1.31(c)(1)(iii) also mandates that a copy of each record be immediately provided "on Commission compatible machine-readable media as defined in [Commission Regulation] 15.00(l) . . . ."
6 The Proposal retained the current regulation's requirement that original trading cards and written customer orders be retained for the full five-year period. Proposal at 30669-70. It also sought to clarify the type of records ineligible for micrographic or electronic storage by referring to "written orders" rather than "written customer orders" and to "documents on which trade information is originally recorded in writing" rather than "trading cards." The documents included in the Proposal's revised category are among the "original source documents" that Commission Regulation 1.35(a) requires to be retained and produced. Proposal at 30671.
7 The current rule's definition of acceptable optical storage systems, for example, requires that the system write files in ASCII or EBCDIC format and use removable disks. The Proposal, however, permitted recordkeepers to employ any digital storage medium or system that meets four generic requirements: (1) preserves records exclusively in a non-rewritable, non-erasable format; (2) verifies automatically the quality and accuracy of the recording process; (3) serializes the units of storage media and creates a time-date record whenever information is placed on the storage media; and (4) permits the immediate downloading of indexes and records maintained on the storage media to any of the media permitted by the regulation (paper, micrographic media or electronic media).
8 The Proposal did not require Commission approval of plans to convert to a system that maintains records on electronic storage media. Recordkeepers, however, must submit a representation to the Commission that the selected electronic storage system meets the four generic requirements.
9 Recordkeepers were required to: (1) maintain facilities that allow immediate production of both an easily readable image of the stored records and an easily readable hard-copy; (2) maintain an index of stored documents that permits immediate location of a particular document; and (3) waive any privilege, claim of confidentiality or other objection to disclosure of non-Commission-required documents stored on the same individual medium as Commission-required documents. In regard to catastrophic events, the Proposal noted that the Commission had lost access to required records due to a fire at a Chicago storage warehouse in 1996. Proposal at 30669 n.12. To avoid this problem in the future, the Proposal required recordkeepers to maintain a duplicate of both stored records and required indexes at a separate location.
10 The Proposal indicated that the written operational procedures and controls should provide for the systematic collection of data that includes the identities of individuals inputting records and making changes as well as the identity of any new document created and record changed.
11 Proposal at 30699. The Proposal noted that "compatible machine-readable media" would be defined in accordance with Commission Regulation 15.00(l).
12 Proposal at 30674. This condition anticipated situations in which electronic recordkeepers had stored required records but were unable or unwilling to provide Commission representatives with an appropriate means to view and copy specified documents. The Proposal did recognize that the required information might not be freely available to recordkeepers that obtained their storage technology from third-party vendors. As a result, the Proposal permitted recordkeepers to employ escrow agreements to protect the third-party vendor's proprietary rights.
13 Such recordkeepers must provide the Technical Consultant with access to the storage media containing their required records, and the Technical Consultant must (1) have the ability to download information from the recordkeeper's storage media to any medium acceptable under Regulation 1.31 and (2) undertake to provide Commission representatives with access to the records stored on the recordkeeper's storage media including, as appropriate, arrangement for downloading the records in the format designated by Commission representatives.
14 One of FOC's submissions was a petition to amend Regulation 1.31, which was received shortly before the Commission published its Proposal. To avoid undue delay, the Commission decided to publish the Proposal and to treat this submission as a general comment on the issues raised. FOC later filed a written submission responding more specifically to the issues raised in the Proposal.
15 Chicago Board of Trade Comment at 1.
17 In addition to the mandate that original written trading cards and order tickets be maintained for five years, these include requirements that recordkeepers: (1) maintain indexes of electronically stored records that are available for immediate examination and permit the location of any particular record to be immediately ascertained; (2) keep the information necessary to access electronically stored records and indexes available for immediate examination; and (3) provide copies of specified records on Commission-compatible machine-readable media with the format and coding structure specified in the request.
20 Indeed, Commission precedent indicates that such differences usually detected by noting differences in the color of the ink on the document can play an important evidentiary role in cases raising trade practice allegations. See In re Russo , [Current Transfer Binder] Comm. Fut. L. Rep. (CCH) 27,133 at 45,303 n. 9 (CFTC Aug. 20, 1997).
21 FOC submitted reproductions of two order tickets in support of its contention. The limited nature of FOC's sample raises significant questions about the validity of the broad inference it draws. Moreover, the information recorded on the order tickets is displayed in black and white. Aside from these limitations, FOC's comment does not address even straight-forward implementation problems such as ensuring that all material information is scanned and stored including time stamps and written information on the back of order tickets.
22 Such violations include wash trading, accommodation trading, direct or indirect trading ahead of or against customer orders, offsetting or matching customer orders, unauthorized trading, and inappropriate trade allocation.
23 For example, if information about the price, quantity and contract is recorded on a written order ticket in one color ink, and the number designating the identity of the customer is written in a different color ink, an investigator might suspect that the trade was allocated to a customer after it was executed and search for additional indications that orders were being improperly allocated.
24 FIA Comment at 5. FIA indicates that the Commission could maintain a check on the quality of available reproductions by publishing a list of acceptable media or permitting recordkeepers to seek Commission approval of a particular record storage medium or system.
25 Participants in a suspicious transaction often seek to undermine the significance of suspicious circumstances by claiming that they are the product of peculiar market forces at the time of the challenged transactions. Proof that the participants have been involved in a pattern of suspicious transactions undertaken under varying market conditions over a period of months or years is often the most effective rebuttal to such a claim.
26 If staff is at a point in its review that indicates a request for original written trading records is inevitable, it need not waste either its own or the recordkeeper's resources by initially requesting reproductions.
27 For example, if access to stored original records is rarely necessary, it will be less likely that records will be lost or misplaced in the process of locating requested records.
28 Implementation of this policy change does not require any revision to the rules. By holding out the prospect of reduced retrieval costs, the policy encourages recordkeepers to begin the transition to electronic storage systems that promise greater efficiency and security. Nevertheless, recordkeepers will still be obliged to maintain the original version of trading cards, documents on which trade information is originally recorded in writing, and written orders required to be kept pursuant to Commission Regulation 1.35(a), (a-1)(1), (a-1)(2) and (d) for five years and to produce those records in response to a request by an appropriate Commission representative.
29 The current standards do not describe a level of timeliness that staff auditors and investigators must invariably demand from recordkeepers. Indeed, Commission representatives frequently tailor the deadline applicable to a particular document request in light of the scope and nature of the request, as well as unusual or unforeseen circumstances affecting a recordkeeper's ability to respond quickly or completely. Nonetheless, because delay in the production of required records can sometimes represent an undue threat to the public interest, Regulation 1.31 grants Commission representatives the discretion to specify production deadlines sufficient to address such threats.
31 One commenter indicated that the production process under Regulation 1.31 should be modeled on the discovery process in an adjudicatory proceeding. The Regulation 1.31 process, however, is specifically designed to avoid both the delay and diversion of resources common to such an adversarial process. As a result, Regulation 1.31 does not provide that a response can be delayed until a recordkeeper's counsel has had an opportunity to review requested records. Nor does it establish a process for settling objections over issues such as breadth or relevance. Moreover, recordkeepers are expected to manage their affairs in a manner that permits them to fulfill the duties described in Regulation 1.31. For example, recordkeepers using micrographic or electronic storage systems are expected to retain a sufficient number of expert personnel to meet their regulatory responsibilities. The absence of a single individual due to sickness or vacation should not make it impossible for the recordkeeper to make an immediate response to an auditor's or investigator's request in the infrequent circumstance when immediacy is a critical component of the request, e. g. in a financial crisis or where customer positions or other assets are at risk.
32 Such recordkeepers must provide the Technical Consultant with access to the storage media containing their required records, and the Technical Consultant must (1) have the ability to download information from the recordkeeper's storage media to any medium acceptable under Regulation 1.31 and (2) undertake to provide Commission representatives with access to the records stored on the recordkeeper's storage media including, as appropriate, arrangement for downloading the records in the format designated by Commission representatives.
33 As noted above, the SEC adopted this safeguard as part of its 1997 rulemaking. In June 1993, however, the SEC's Division of Market Regulation issued a no-action letter allowing broker-dealers to utilize optical storage technology for recordkeeping under certain conditions. The availability of a third-party backup was one of the conditions to this relief. See Letter from Michael A. Macchiaroli, Associate Director, Division of Market Regulation, SEC to Michael D. Udoff, Chairman, Ad Hoc Record Retention Committee, Securities Industry Association (June 18, 1993), 1993 WL 246230 (SEC).
34 The Commission does not intend that Commission investigators or auditors regularly seek required records from Technical Consultants. Indeed, staff will only seek performance of the Technical Consultant's undertaking with the Commission when the recordkeeper itself has shown that it is unable or unwilling to meet its regulatory obligations.
35 Commission Regulation 15.00(l) provides that the term compatible data processing media means:
36 When the Commission amended Regulation 15.00(l) in 1997, it deleted references to specific media in light of comments suggesting that a regulatory definition was impractical because electronic media are evolving at such a rapid pace. 62 FR 24026, 24028 (May 2, 1997).
37 For records that include data files, the required information includes:
(1) how to identify individual records and record types;
(2) how to identify individual fields within records;
(3) how the individual fields and record types are defined; e.
(4) the format of each quantitative field and the meaning of each field value for other fields.
(2) how to identify individual images; e.
(3) the format of the images.
(2) this software will run under Windows NT or Windows 95/98;
(3) this software can be freely provided to the Commission under the terms of the provider's licensing agreements with the concerned software vendor(s); e.
(4) information is provided on how individual images can be accessed.
38 The applicable conditions include:
(1) the records are accompanied by software that makes it feasible to access the records using standard office tools,
(2) this software will run under Windows NT or Windows 95/98,
(3) this software can be freely provided to the Commission under the terms of the provider's licensing agreements with the concerned software vendor(s),
(4) information is provided on how the individual fields and record types are defined, and.
(5) information is provided on the format of each quantitative field and the meaning of each field value for other fields.
39 In that opinion, the American Bar Association Standing Committee on Ethics and Professional Responsibility addressed circumstances in which an attorney inadvertently sends another lawyer privileged or otherwise confidential materials belonging to an opposing party. The committee found that a lawyer receiving such confidential material has a professional obligation, when he or she recognizes opposing counsel's error, to avoid further review of the material. The committee also concluded that the affected lawyer should notify opposing counsel of the error and follow counsel's directions as to the disposition of the material.
40 As is currently the case with all Commission-required records, recordkeepers may not deny authorized Commission representatives access to any individual storage medium that includes Commission-required records or delay production while the individual storage medium is reviewed for the presence of privileged material. The final rule merely eliminates the regulatory inference that the commingling of Commission-required records with non-Commission-required records necessarily amounts to a waiver of any privilege otherwise covering the latter category of records.
41 FOC argued that any required record should be deemed accessible if produced within 10 days. One commodity industry association noted that Regulation 1.31 does not include any requirements for the security and integrity of paper records and argued that firms have no duty to supervise the security and reliability of hard copy records under the generic standard set forth in Commission Regulation 166.3. One exchange commenter indicated that it would be burdensome to require recordkeepers to maintain an accurate and complete index of records stored on micrographic or electronic storage media.
42 Even if the capabilities of electronic storage systems meet the high expectations of their proponents, the Commission expects that the transition process from paper-based systems to electronic-based systems will involve implementation problems requiring significant adjustments. If the security, reliability, and accessibility of the recordkeeping process are to be protected during this period of learning and adjustment, it is important that recordkeepers have clear notice of their ongoing obligations under Regulation 1.31. It is equally important that recordkeepers keep the Commission informed of the experience gained during this period so that the Commission can develop a reliable basis for making necessary adjustments to its rules.
44 The Commission has permitted these registrants to substitute compliance with the SEC's recordkeeping requirements for compliance with the current requirements of Rule 1.31. See note 2, supra.
45 The Commission subsequently clarified some of the definitions. See 48 FR 35276 (Aug. 3, 1983); 55 FR 13550 (Apr. 11, 1990); 58 FR 40347 (Jul. 28, 1993).

Search This Blog

Comércio de opções binárias Camaçari

Sistemas de negociação alternativos com formatos arquivados com o segundo

Comments

Post a Comment

Popular posts from this blog

Revisão do sistema de negociação lci