The SEC has taken Direct Edge to task for two snafus that revealed weaknesses in order processes and compliance, resulting in million of losses by trading clients.  The exchange has agreed to a battery of remedial measures, without admitting or denying guilt. The two incidents:   

• On Nov. 8, 2010, untested computer code changes resulted in EDGA and EDGX overfilling orders submitted by three members. The unwanted trades involved an estimated 27 million shares in about 1,000 stocks, totaling roughly $773 million. At the exchanges' instruction, one member traded out of the overfilled shares and submitted a claim of $105,000 of losses. "When the other members refused to do likewise, the exchanges assumed and traded out of the overfilled shares through the routing broker's error account, in violation of their own rules." The SEC also found that in resolving the overfilled trades, which cost the exchanges about $2.1 million, DE Route "failed to mark the orders as short or mismarked them as long, and failed in its Regulation SHO obligation to ascertain if shares were available to borrow.  
• On April 13, 2011, an EDGX database administrator inadvertently disabled database connections, disrupting the exchange's ability to process incoming orders, modifications, and cancellations. Several EDGX members to file claims for more than $668,000 in losses. "EDGX received internal alerts immediately and got external notifications soon after," including from members seeking to cancel unfilled trades and from numerous trading centers that were bypassing EDGX. EDGX waited 24 minutes after the outage to remove its quotations from public market data, and violated the Regulation NMS "by failing to immediately identify its quotations as manual quotations." 

The agreed-upon remedy involves basic GRC practices. The firm has among other things agreed to implement an ERM framework and an information security program. It will hire an information security director, a corporate training director, and a chief compliance officer. In addition, it will enhance their systems to prevent recurrences. 

For more:
- here's the release

Related articles:
Time to delay the ban on naked access?  
Exchange mergers highlight the role of technology