There are a number of pending US Securities and Exchange Commission (SEC) proposals that need to be finalized, not the least of which is the August 2020 data security proposal for the Consolidated Audit Trail (CAT), according to Kenneth Bentsen, president and CEO of the Securities Industry and Financial Markets Association (SIFMA).
The CAT began collecting all equity and options trade data in 2020 and beginning in July, the CAT’s Customer and Account Information System will start operations. This system will collect related personally identifiable information (PII) for every retail and institutional investor in the US. Once fully operational, the CAT will be the largest database regarding securities transactions ever built, containing a treasure trove of valuable and potentially vulnerable information.
Importantly, as mandated by the SEC, the CAT is owned and operated by 25 self-regulatory organizations (SROs) including several exchanges owned by for-profit, publicly-traded holding companies. As currently configured, once broker-dealers report trade and PII data to the CAT, as mandated by the SEC, control, access and protection of that information shifts to these organizations and their thousands of employees.
Given the impending go-live date of the CAT Customer and Account Information System and the target value of the data held within it, it is critically important that the SEC finalize the proposal immediately. The value of the CAT data is immeasurable, and as the recent SolarWinds and ransomware attacks have highlighted, the SEC and the federal government must do everything in their power to ensure that the data is protected and secure. In addition, SIFMA noted that the Financial Industry Regulatory Authority (FINRA), which operates and maintains the CAT system through its subsidiary FINRA CAT, has a key role to play to ensure that CAT data is secure.