Why the absence of oversight?

Given all this, by now you're probably wondering why these companies aren't more closely regulated. After all, these vulnerabilities, if successfully exploited, could either result in enormous and systematic consequences to the financial markets or, at the very least, enable individual instances of fraud.

It's not that the financial news and trading terminal service companies are deliberately overlooked by regulatory watchdogs; it's just that they fall between the cracks. If they're private companies they don't have any oversight from Sarbanes-Oxley. The US Federal Reserve and the Office of the Comptroller of the Currency don't regulate them because they aren't banks. If they provide only the front-end interface (that is, the terminal), they can foist any potential SEC enquiries about trading operations onto the brokerage firms to which they've outsourced the back-office operations. They thus can rebuff just about any US federal and state regulatory entity.

Given the current backlash against Sarbanes-Oxley, the financial services industry has a noticeable lack of appetite to undertake any new regulatory measures. So, although these security vulnerabilities exist and at great risk to the financial markets, the industry will probably muddle along until the day they actually cause the damage described in this article. Until then, the industry will continue to whistle past the graveyard.