It’s Time for the SEC to Take Direct Control of the CAT

The SEC’s April 2026 concept release on the Consolidated Audit Trail (CAT) is an important milestone in the Commission’s ongoing comprehensive review of the CAT. For many years, SIFMA has urged the Commission to address privacy and data risks as well as the funding and governance flaws that have led to the CAT’s insular decision making and significant cost overruns. In our June 2026 letter in response to the SEC’s concept release, we laid out several recommendations for how the SEC can fix the CAT’s funding and governance problems. These include:
- The SEC should eliminate the current CAT funding model and fund the CAT itself through its congressional budget request. Ultimately, the SEC should eliminate the CAT NMS Plan and directly control the CAT.
- The SEC should continue to rein in CAT costs, but further cost reductions must not result in cost-shifting to market participants or undermine the retirement of duplicative legacy systems.
- The SEC should revisit its 2020 Data Security Proposal to ensure CAT data is protected to the greatest extent possible, include broader representation of stakeholders on the CAT Advisory Committee, and fully retire Electronic Blue Sheets (EBS) for equities and listed options transactions.
After more than a decade of the CAT, its structural flaws are obvious. The broker-dealers that fund the vast majority of the CAT’s costs have regulatory obligations but no authority or direct say in how it is run, while the SEC, which is the primary beneficiary of the CAT through its use of CAT data to support its surveillance, enforcement, and rulemaking functions, has no incentive to control what it costs. The CAT was originally estimated to cost between $36 million and $56 million annually. Instead, the CAT’s 2026 annual budget stood at approximately $147 million as of March 2026, even after recent cost-reduction efforts. SIFMA members and their customers bear the overwhelming majority of those costs, with no ability to influence how that money is spent.
SIFMA’s primary recommendation is a structural break from the CAT’s current funding and governance models. We’re calling on the Commission to immediately eliminate the current CAT funding model and assume sole responsibility for CAT costs by including in its annual budget request to Congress the amount necessary to fully fund the CAT. This will provide accountable oversight of the CAT. Once that funding shift happens, we believe the Commission should eliminate the CAT NMS Plan altogether and take direct control of the CAT. After the SEC becomes responsible for CAT’s funding and operations, the CAT will be subject to centralized oversight and budgetary control processes that are designed to incentivize disciplined spending.
After years of highlighting risks posed by the CAT’s collection of individual investors’ personally identifiable information (PII), SIFMA welcomed the significant steps the Commission has taken to remove PII from CAT. Nevertheless, CAT data security remains a significant concern for SIFMA. The CAT contains extremely sensitive order lifecycle data and is a rich target for hackers. We believe the current access model, which we understand allows regulators to bulk-download broad datasets into separate systems, multiplies the number of environments where that data could be breached. 1 We’re urging the SEC to revisit its 2020 CAT Data Security Proposal, including the concept of a secure analytical workspace that would prevent regulators from bulk-downloading CAT data into separate systems.
A central promise of the CAT was the retirement of duplicative legacy systems such as EBS once the CAT was fully functional. Instead, EBS persists and market participants still receive many EBS requests for equities and listed options transaction information. This results in significant duplication of time and costs by requiring firms to both report to the CAT and to respond to EBS requests, as there is substantial overlapping transactional information between the two reporting regimes. We encourage the SEC to retire EBS for equities and listed options transactions, which is much less secure than the current CAT, and to implement a separate, streamlined request-response system in its place that will enable regulators to securely correspond with broker-dealers to identify account holders associated with potentially problematic trading activity identified in the CAT. SIFMA first proposed this option almost a decade ago, and we still believe it is the best approach to protect investors.
Even after the SEC assumes control of the CAT, we support increased representation of a broader range of stakeholders on the CAT Advisory Committee that includes alternative trading systems, retail brokers, market makers, SROs, and information security and technology experts. The SEC should view the Advisory Committee as a trusted resource to enable the efficient and successful operation of the CAT.
The SEC’s concept release and focus on comprehensive CAT reform is a genuine opportunity for the Commission to put the CAT on a sustainable foundation with accountable oversight and prudent investor protection. Doing so will help address the longstanding funding and governance issues that have led to the excessive system costs and insulated decision-making processes that have come to define the CAT while ensuring sensitive data is appropriately protected. After more than a decade of cost overruns, governance disputes, and deferred reforms, we welcome the SEC’s renewed focus and look forward to supporting the Commission as it works through these necessary reforms.
Authors
Related Resources
CAT and Other Audit Trails and Data Sources
Concept Release on Consolidated Audit Trail and Other Audit Trails and Data Sources
Footnotes
- For SIFMA and other non-SRO commenters, it has been very challenging if not impossible to understand CAT data security practices because they have never been disclosed. This non-disclosure may be understandable from a data security perspective. However, it also has the effect of preventing industry experts with significant experience implementing secure financial data systems from providing meaningful input regarding these practices to CAT and oversight of these practices by Congress.

