Skip to main content

Financial Markets: Computer Security Controls at Five Stock Exchanges Need Strengthening

IMTEC-91-56 Published: Aug 28, 1991. Publicly Released: Aug 28, 1991.
Jump To:

Highlights

GAO reviewed the automated order routing and execution systems and operations at the American Stock Exchange, National Association of Securities Dealers (NASD), New York Stock Exchange, Midwest Stock Exchange, Pacific Stock Exchange, and Philadelphia Stock Exchange to determine whether internal control weaknesses existed.

Recommendations

Recommendations for Executive Action

Agency Affected Recommendation Status
United States Securities and Exchange Commission The Chairman of the Securities and Exchange Commission (SEC) should ensure, as part of the Commission's oversight responsibilities, that the American, New York, Midwest, Pacific, and Philadelphia stock exchanges take corrective action to control the weaknesses found during the GAO review.
Closed – Implemented
A GAO review of the automated operations at the American, Midwest, New York, Pacific, and Philadelphia stock exchanges identified 68 security and control weaknesses. The exchanges have corrected 22 of these weaknesses. SEC plans to monitor and assess the exchanges' actions on the remaining 46 weaknesses.
United States Securities and Exchange Commission The Chairman, SEC, should ensure, as part of the Commission's oversight responsibilities, that the Midwest Stock Exchange has an independent risk assessment performed to evaluate the areas where GAO was denied access, and that appropriate corrective action is taken to control any weaknesses found.
Closed – Implemented
SEC noted that the Midwest Stock Exchange will have an independent review of all of the security control areas covered in the GAO report. In addition, the finding of the independent review will be verified by the SEC Office of Automation and International Markets.
United States Securities and Exchange Commission The Chairman, SEC, should ensure, as part of the Commission's oversight responsibilities, that the stock markets keep the Commission apprised of the market risks associated with any outstanding weaknesses that are not corrected.
Closed – Implemented
SEC is taking steps to monitor security control weaknesses. SEC will provide the oversight needed to ensure that: (1) risks are reduced through the actions taken to correct weaknesses; or (2) an assessment is conducted of the vulnerability related to weaknesses when the exchanges decide to assume the risk.

Full Report

Full Report (20 pages)

Office of Public Affairs

Topics

Information Security
Brokerage industryComputer securityEmergency preparednessFacility securityInformation systemsInternal controlsSecurities regulationStock exchangesSystems managementSecurities