Stock Markets: Information Vendors Need SEC Oversight to Control Automation Risks
IMTEC-92-16
Published: Jan 29, 1992. Publicly Released: Jan 29, 1992.
Skip to Highlights
Highlights
GAO reviewed the: (1) adequacy of controls in place to protect against automation risks at seven information dissemination vendors that transmit stock data to investors; and (2) Securities and Exchange Commission's (SEC) involvement in assessing such operations.
Recommendations
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| United States Securities and Exchange Commission | Because of the importance of maintaining the flow of vital information between stock markets and investors, SEC should identify all information dissemination vendors and inform them of the Commission's oversight responsibilities. |
Closed – Implemented
SEC is: (1) establishing and maintaining a list of all information dissemination vendors; and (2) informing them of SEC oversight (automation review) responsibilities. Major vendors have already been contacted.
|
| United States Securities and Exchange Commission | Because of the importance of maintaining the flow of vital information between stock markets and investors, SEC should inform such vendors of the policies they should follow to address automation risk, including controls to ensure the correct processing of data and responsive, secure, and continuous operation. |
Closed – Implemented
SEC is meeting with vendors to discuss the possibility of developing policies to address automation risk. SEC intends to work with industry to develop common understandings concerning the business practices necessary to assess and control automation risks in securities information dissemination systems.
|
| United States Securities and Exchange Commission | Because of the importance of maintaining the flow of vital information between stock markets and investors, SEC should determine whether vendors' automation practices are having an adverse effect on the investment community. This could be accomplished by such steps as analyzing the effect of system failures and potential system failures on investors and assessing whether investors view vendors' security weaknesses as posing a substantial risk to them. |
Closed – Implemented
SEC intends to work with the vendor community to expand its capacity to identify systems disruptions and assess their impact on investors. SEC already monitors and assesses the impact of systems disruptions at major vendors.
|
| United States Securities and Exchange Commission | Upon completion of these actions, SEC should decide whether further oversight actions should be taken. |
Closed – Implemented
SEC intends to decide whether further oversight actions are needed, once it has implemented the GAO recommendations. SEC has recently decided to substantially increase the size of the technical staff in the Office of Automation and International Markets. This expansion is intended to address SEC automation oversight responsibilities.
|
Full Report
Office of Public Affairs
Topics
Brokerage industryComputer securityGovernment informationInformation systemsSalesSecurities regulationStock exchangesStocks (securities)Automated security systemsData automation