Effective February 2015, the Securities and Exchange Commission (SEC) published Regulation Systems Compliance and Integrity (Reg SCI). Reg SCI is a robust and extensive regulation that requires certain market participants that are essential to the US securities market function to have “robust technology controls and to promptly take corrective action when problems arise.” It was created in response to the increasing dependence on technology and heightened concerns of cyber security.

Efforts to comply with Reg SCI continue to push the risk management and compliance agenda. For example, there is increased pressure on the material accuracy of the Reg SCI report produced by the entity as senior management (i.e., the Chief Executive Officer, Chief Technology Officer, Chief Information Officer, Chief Compliance Officer, and General Counsel) and the board must submit statements to any material inaccuracies or omissions in the report.

SCI entities must also:

  • Review and determine the criticality of systems
  • Evaluate the design of software and system architecture
  • Assess the completeness and any weaknesses in policies and procedures
  • Review and evaluate the availability and capacity of operations and systems
  • Evaluate and remediate any dependencies on vendors/3rd parties of systems and software
  • Test and evaluate the efficacy of organizational business continuity and disaster recovery plans


BWise offers a suite of Governance, Risk, and Compliance (GRC) solutions that can assist SCI entities in complying with the components of Reg SCI. Each solution has the capacity to support the end-to-end process of specific risk management topics applicable to Reg SCI such as:

Additionally, the solutions can be integrated to produce a holistic picture of the efficacy of compliance activities.

The BWise software can enable, support, and sustain the organization’s compliance and risk management processes. Illustrative solution capabilities include the following, and allow users to:

  • Centralize risk data to mine, store for an audit trail, and monitor in real-time
  • Configure dashboards and reports
  • View portlets depicting particular end-user needs 
  • Seamlessly integrate vendor, 3rd party, or regulatory feeds
  • Incorporate, evaluate, and summarize threats and vulnerabilities (e.g., cyber)
  • Facilitate the organization’s risk and business impact assessment and analysis processes
  • Support the governance process, including policy and procedure management
  • Codify, simplify, execute, monitor, and summarize risk treatment and issue management activities
  • Centralize, summarize, and evaluate controls and management activities

For more information, please contact us. 

More information

Scroll up