Paul Atkins, the new Chairman of the Securities and Exchange Commission (SEC), announced in a recent speech that he has instructed SEC staff to undertake a comprehensive review of the Consolidated Audit Trail (CAT), including an examination of the costs of the database, the reporting requirements, and the scope of what is collected and stored.

SIFMA wholeheartedly agrees that a public review of the CAT is long overdue particularly considering that the SEC and the self-regulatory organizations (SROs) have had several years of experience operating and using it for regulatory purposes.  SIFMA notes that many concerns regarding the CAT remain, including the protection of sensitive data, transparency around the costs to build and operate the CAT, and a seriously flawed funding scheme.

Importantly, the Commission should disclose the scope and timeline of its review and subsequently provide clear guidance to the public as to how it intends to proceed with the CAT so the industry can adjust accordingly.  There are many important questions that only the Commission can answer, including its intention with respect to the CAT Customer & Account Information System (CAIS), which currently holds customer personally identifiable information (PII), and the CAT Customer ID (CCID), which is a transformed customer identifier that is part of the CAIS database.

In advance of the SEC’s review, SIFMA has provided comments related to the SROs’ recent proposed amendment to the CAT NMS Plan and a request for rulemaking by certain SROs.  In March, the SROs filed an amendment to the CAT NMS Plan that included a prohibition on the collection of PII and provided for the destruction of PII stored in the CAT.  SIFMA supports the SROs’ proposed amendment but we call on the SEC to provide market participants with further direction regarding how it plans to proceed with the CAT CAIS database.  In mid-June, the SROs proposed changes to that March amendment that would, among other things, change the name of the CAIS database to the Reference Database to “more accurately describe the limited nature, scope, and function of this database” in light of the SROs’ amendment and the SEC’s February order that exempted firms from having to report certain PII to the CAT.  Recently, Nasdaq/CBOE and NYSE submitted letters to the SEC recommending reforms designed to further control costs.  SIFMA agrees with and supports many of the recommendations in these recent letters and we encourage the Commission to act expeditiously on CAT reform recommendations with widespread agreement.  SIFMA’s comments also included several high-level CAT reform recommendations.

In addition to requesting that the SEC inform the public of its future intentions for the CAT, we are including below these reform recommendations for the SEC’s consideration (with some slight modifications in light of the recent regulatory actions).

Our recommendations include:

1. Commission Leadership and Permanent Exemptive Relief for Certain Items
   

• SIFMA urges the SEC to lead CAT reform efforts through a public process and, as needed, rely on its direct authority under Rule 608 of Regulation NMS to make the necessary changes to the CAT NMS Plan to implement the reforms.
• The SEC should review all of its orders granting temporary exemptive relief from CAT reporting requirements with a view to making them permanent (e.g. representative orders). In addition, full cost-benefit analyses should be required for any future CAT guidance and rulemakings that impose new requirements.

2. Optimize CAT Reporting
   

• Current deadlines to submit, process, and correct CAT data are onerous and costly and can be relaxed without compromising CAT’s regulatory purpose. Relaxing the current timelines by 9-24 hours could lead to significant operational and technology cost savings.
• The CAT transaction technical specifications and resulting database are unnecessarily large and complex. They could be scaled back to include only essential transactions, errors, and data elements.  These changes should make CAT reporting and processing more efficient and less costly without affecting its regulatory purpose.

3. CAT Data Security
   

• Given the extreme sensitivity of the data held within the CAT, SIFMA continues to believe the SEC should require the CAT to adopt security measures to protect CAT data to the maximum extent possible. SIFMA recognizes the SEC’s withdrawal of its 2020 CAT data security proposal, and acknowledges that the recent PII changes may alter the need for certain aspects of the 2020 proposal, but continues to believe that the CAT should be held to the highest security standards.  We expect data security will be discussed as part of the holistic CAT review and believe the SEC should consider issuing a new CAT data security proposal based on the 2020 proposal, taking into account the recent PII changes and other developments since the 2020 proposal was issued.

4. CAT Funding
   

• Subject to pending litigation,¹ just as the SEC does for all other projects, the SEC should include the CAT in its budget as it is a regulatory system that is used by the SEC. The CAT ultimately should be subject to the checks and balances of the Congressional appropriations process used to fund the SEC’s budget.  While the industry will still pay for the CAT through Section 31 fees (where the industry reimburses the SEC for its budget), including CAT in the SEC’s budget will better align incentives to control CAT costs and address longstanding concerns about ineffective CAT governance.  We also strongly believe there should be more transparency in the budget process to enable the industry to better understand how its funds are used in operating the CAT.

5. Holistic External Review
   

• In addition to the concrete suggestions for reducing CAT costs SIFMA provided to the SEC in its recent comment, the SEC should require the SROs to engage an independent external technology firm at their expense (subject to appropriate security measures to protect CAT data and processes), with input from industry-member experts, to complete a holistic review of the current operations of CAT—including its regulatory uses by the SEC and SROs—to identify ways to further optimize and improve CAT and reduce its costs. This type of third-party review is a common practice in managing and optimizing large technology systems.  SIFMA expects that such a review would include an evaluation of the CAT’s use of the cloud, which is CAT’s biggest expense, and ways to optimize that use to reduce costs.

Consistent with certain of the recommendations by Nasdaq/Cboe and NYSE, we believe our high-level recommendations would lead to a more efficient and cost-effective CAT without compromising its intended regulatory purpose.  Subject to the pending challenge on CAT funding and the funding model, we also recommend that the SEC fund the CAT through its annual budget, as it is a regulatory system the SEC uses and ultimately controls.  We would welcome the opportunity to discuss these recommendations in greater detail with the Commission and the SROs and for the SEC to require that industry members be included in any CAT reform efforts.

Authors

Joe Corcoran is Managing Director and Associate General Counsel in SIFMA’s Capital Markets Group. 

Gerald O’Hara is Vice President and Assistant General Counsel in SIFMA’s Capital Markets Group.

Footnotes

1. SIFMA notes that CAT funding and the CAT funding model currently are subject to litigation, and SIFMA continues to believe that the Commission’s order approving the funding model for the CAT is contrary to the Securities Exchange Act of 1934 and arbitrary and capricious.  See Brief of Amicus Curiae SIFMA, Am. Sec. Ass’n v. SEC, No. 23-13396 (11th Cir.) (filed Feb. 15, 2024). SIFMA accordingly reserves all rights. [↩]

Related Resources

• Speech

  Paul S. Atkins, Chairman Prepared Remarks Before SEC Speaks

• Comment Letter

  Recommendations on Reforms to the Consolidated Audit Trail