Skip to main content

Perspectives Home / CTO Stack

Why the SEC’s T+1 Recent Rule Change Matters for Tech Leaders in Financial Services

By May 2024, brokerages will have half the time they do now to complete a trade. Here’s what leaders need to know to be proactive about the change.

A woman holds a credit card and a cell phone in each hand, looks to the side

Every once in a while, new banking regulations come out that compel every financial services institution (FSI) in a region to change their practices to meet the compliance requirements of the law. Past examples include MiFID in Europe and the U.S. Dodd Frank Act in 2010, which held banks to a higher standard for available liquidity.

FSI in the United States (and all global institutions that trade securities with U.S.-based FSIs) are facing another major change: “T+1.

In the past, when a trade was confirmed, the FSI had two days to settle it (“T+2”), which means funds are deposited in the seller’s accounts and the securities or assets are now part of the buyer’s portfolio. If anything technically goes wrong during the settlement process, as long as the issues are resolved within 48 hours of the confirmed trade and it is settled, all is legally well. But in February 2023, the Securities and Exchange Commission adopted a rule that halves the time to complete a standard settlement cycle for broker-dealer transactions — shifting from two business days to one. This law takes effect on May 28, 2024. There were also improvements to the processing of institutional trades and a new requirement to facilitate straight-through processing.

“Taken together, these amendments will make our market plumbing more resilient, timely, orderly, and efficient,” said SEC Chair Gary Gensler in a press release.

Technology effects on the industry

To comply with this regulation, financial institutions need better resilience strategies throughout the trade settlement process. That starts with an easier integrated visibility into the digital world of trade settlement. Companies may also need updates to infrastructure, processes both manual and automated, networks and applications. If anything fails in the process and endangers the 24-hour settlement requirement, your organization might not just be dealing with penalties involved with failing compliance. It could lead to loss of reputation — no one wants to be told their trade didn’t settle because of technical reasons.

This may be a new FSI regulation in the U.S. markets, but the compliance impact is far-reaching. Consumers to site reliability engineers to FSI managing directors and beyond could all be affected. Managing the resilience of digital infrastructures of trade settlement platforms, whether hosted on-prem or in hybrid clouds, becomes even more critical as companies now have half the time to resolve any issues in the process. Infrastructure needs to support upgrades and fixes in half the time. To speed up trade settlements, orgs may have to change certain system components, as well. For instance, some may choose to re-architecture their current processes to use faster microservice for compliance responses rather than single-threaded legacy applications.

What can go wrong with the wrong tool

The average daily trade volume can be in the millions or higher. Every trade settlement has to be monitored closely. Each trade has the same settlement requirement. This means we cannot sample which trade settlement to monitor, regardless of the scale. Missing the wrong one through sampling could lead to millions of dollars being lost for an important trade that does not settle in the compliance-allowed time. Handling settlement at scale with full fidelity monitoring builds better resilience.

Recently, I spoke to a developer, working in a large FSI in algorithmic trading systems, who essentially used applications to initiate trades and straight-through processing to get to the settlement stage, which means human interaction is minimal or non-existent. They had 25 to 50 high-end physical machines to do most of the work. When asked what happens if something goes wrong in the software, we were told they could log into any machine and quickly look at the traces and logs to find the issue.

This sounds like a decades-old troubleshooting solution. In this situation, a lot can go wrong. And given the complex infrastructures modern enterprises are dealing with — hybrid clouds, containers, edge computing, multicloud — any physical machine, VM or container can exacerbate problems because hardware is hardware and software is software.

What most people do is put agents on machines monitoring the hardware and agents to collect log data. Those worked great in the days of monolithic applications, but in modern architectures that use distributed applications and possibly ephemeral containers, the data may not even exist — it’s virtual and ephemeral!

Moreover, applications have changed because infrastructures have changed. Applications are no longer just sitting in one location. They’re distributed. If an application is distributed with hundreds of components in distributed systems and possibly containers, finding out which components are running (as it may float among containers) in which container or VM, makes it very difficult to troubleshoot.

We started this piece about finding the trade. Good luck also finding the container without modernized approaches.

Finally, some of the compliance checks for trade settlement may involve querying third-party APIs, such as, “Is the customer on a sanctions list?” What if the third-party API is having latency issues or responding very slowly. The trade settlement process still has to continue. Continuously monitoring partners’ APIs for potential problems becomes just as important as monitoring your own software and hardware.

A modernized approach is critical — and incorporates observability

We realize many companies have already started the process of addressing T+1. In that same spirit, we would like to add to the discussion for making the effort to become T+1 compliant and more resilient. As compliance rules like T+1 evolve, we have to have a modernized approach — visibility and problem solving need to be almost as instantaneous as the trades themselves. Humans can’t handle it alone. Especially if the problem is a big outage because of something like bad code or denial of service. We might be able to figure out one outage. But what if there were many? The stakes are too high to leave it to chance, or rely on virtual war rooms. If we have half the time to solve a problem, we have to figure out the root cause and remediate using the most cutting-edge monitoring capabilities out there.

A modern approach incorporates observability. Observability is used to discover assets and provide instrumentation, identify active components, their performance and health, and contextual knowledge on the system. The single pane of glass that can monitor any trade in the settlement process and handle scale is the solution. A bonus is also observing the security of all trade settlement assets and their associated identities’ behavior, who may have access to the assets, adds to the resilience of the modern approach that is required for T+1.

It’s just too much for humans to solve at once. The faster we detect when an issue hits, the faster we are going to solve the problem.

An opportunity to build resilience

T+1 is a compliance directive, but the implementation of the regulation is an opportunity to modernize applications and their associated monitoring. For something this high stakes, we need a solution that’s seamless and centralized, rather than relying on the methods briefly described here from yesteryear. Flying partially blind is not an option. This SEC ruling ultimately is an opportunity for banks and brokerages to change their entire approach to monitoring to make it comprehensive and proactively solve a problem that is definitely going to be a problem if it is business as usual. Compliance for T+1 may be in May 2024, but if trade settlement processes and systems are not assessed now, delays may occur in meeting the requirements when they are finally here. What if in a few years the industry moves to T+0 (same day)? Planning and implementing for future efficiencies can only help the cause. Let’s seize the opportunity to make things better for better business outcomes for ourselves and consumers.

Read more Perspectives by Splunk

July 18, 2023  •  2 Minute Read

The Security Detail Download: Cyber Threats to the Telecommunications Sector

Former CISO Ian Keller talks cyber hygiene, 6G, APTs and more in the latest episode of The Security Detail with SURGe.

July 11, 2023  •  3 Minute Read

The Best Pieces We’ve Read (And Watched) This Year — So Far

Splunk’s thought leaders share the most valuable reports, blogs, webcasts and articles they’ve encountered in 2023.

July 11, 2023  •  5 Minute Read

Strategic Investments CISOs Should Make for Long-term Success

Philadelphia’s new deputy CISO shares tips on training the next generation of security leaders and more.

Get more perspectives from security, IT and engineering leaders delivered straight to your inbox.