In this episode of The SIFMA Podcast, SIFMA President and CEO Kenneth E. Bentsen, Jr., is joined by colleague Joe Corcoran, Managing Director and Associate General Counsel, to discuss SIFMA’s recommendations to the Securities and Exchange Commission on how to reform the Consolidated Audit Trail, or the CAT.

Transcript

Edited for clarity

Kenneth E. Bentsen Jr.: I’m Ken Bentsen, SIFMA President and CEO – welcome to our latest episode of The SIFMA Podcast.

I’m joined here today by my SIFMA colleague Joe Corcoran, managing director and associate general counsel, to talk about SIFMA’s suggestions to the Securities and Exchange Commission on how to reform the Consolidated Audit Trail, or the CAT.

Let’s jump right in. Joe, the Consolidated Audit Trail was created by the SEC in 2012 to enable regulators to track all order and trading activity throughout the U.S. markets for listed equities and options. It is run by 25 self-regulatory organizations, or SROs and it became fully operational in 2021. SIFMA has supported the goals of the CAT from the beginning, but there have been many twists and turns over the past 13 years. Can you walk us through some of those, leading to why it’s in the spotlight today?

Joe Corcoran: So, as you mentioned, one of the biggest, issues that, has been concerned about with regard to the CAT is its collection. Personally identifiable information or PII. The CAT collects, you know, persons, names, addresses. And it used to collect, person Social Security numbers. The SEC, I think, recognize concerns about, privacy and data security associated with collecting Social Security numbers. So, back in 2020, the SEC, issued exempt app for leaf. That no longer, required the CAT to collect individual’s Social Security numbers.

Anyway, another issue that, we’ve been focused on, for a long time with regard to the CAT is, the CAT funding. So as long advocated for a fair funding model, with cost shared, fairly between the self-regulatory organizations and the industry. The SEC approved a funding model for the CAT back in 2023. That we believe is not fair. That funding model is currently subject to a challenge in the 11th circuit. And Cipollone supports that challenge. You know, in effect, the funding model, allows for or allows the, SRO essentially to, put all the CAT cost on the industry.

The other issue that we’ve been focused on for many years, and it also relates to the CAT’s collection of PII is data security. You know, given the sensitive nature, the data held within the CAT, SIFMA has long called upon the SEC to ensure that the data is protected, to the maximum extent possible. The SEC put forward a good proposal back in August of 2020 to, enhance CAT data security. Although the SEC recently withdrew that proposal, we’re going to talk about that in a little bit.

Most recently, you know, the Astros actually, proposed an amendment, back in March. That would, remove, PII from the CAT, database. The Soros amendment followed an SEC action back in February of this year in which the SEC exempted, the reporting of certain PII to the CAT. The SROs in March proposed its amendment, in which it expanded, the SEC action to cover all PII reported to the CAT by customers, as well as, proposing that the CAT delete all PII that currently resides within, within that, SIFMA supports both of these actions.

Ken, so the latest on the CAT developments is, SEC Chairman Paul Atkins calling for a comprehensive review of that CAT just last month. It will include an examination of the cost of the database, the reporting requirements in the scope of what is collected and stored. As you look at this review from a holistic perspective, Ken, why do you think Chair Atkins is calling for this now? And what is SIFMA’s overarching view?

Bentsen: First I would say that Chairman Atkins, announcement on this is really long overdue. The the CAT has had a really tortured, development, process and sickness weighed in repeatedly, with concerns as you issue outlined over the years, you know, since 2012, you know, whether it’s been trying to, you know, keep, customer PII out of the CAT, protect other sensitive data that’s in the CAT, deal with issues around who has liability, once the data is collected, because our members are required to submit the data, they have no control over the data once it’s submitted. In fact, at one point, the SRO sought to put a limitation of liability. So we had all the obligation to wear a record and had we’re taking a lot of the risk and had no authority whatsoever. And then, of course, you pointed out the funding scheme, which is we believe it’s been inherently flawed from the get-go.

So this is a, you know, what was designed to be, market surveillance tool, which, you know, maybe the only positive thing that’s come out of it over the years was the retirement of the FINRA OTC. But it’s still, has a lot of flaws and a lot of risks to it and so for many years, you know, we’ve been eager for the SEC to take a more, aggressive oversight approach.

The other thing I’d point out is in the, in the governance structure of, of the CAT, because it is run under the, it is an NMS plan and overseen, as you mentioned, you know, 25, as we mentioned, by 25, SROs, you know, everybody’s in charge, nobody’s in charge but in particular, from the industry standpoint, you know, we have no, line of sight really into the governance to the budgeting, the cost, have been, you know, as you would expect, had lots of overruns. So this is it really is incumbent upon the commission to step in and find out what’s going on here, or what are they doing? Do they need all the data that they’re collecting? Do they need all of this PII even as it’s been modified? What do they really want to accomplish with that? And what’s really the best, most fair way, to fund it. So, we’re really encouraged, that the chair, Chairman Atkins, is undertaking this, and we really hope that the Commission does a very comprehensive review and then tells the marketplace what they want. What do they want from the CAT, how they intend to do it. How do they intend to protect the information that they collect? Do they really need all the stuff that, that they, that the CAT’s been trying to get?

So maybe, Joe, you know, you talked about, you know, the most recent, SROs, proposed amendments to the case around, PII, and maybe you could walk through of what’s being asked about on this?

Corcoran: So the Commission actually on the PII, proposal from the SRO is back in March. They just extended, their time for consideration of the SROs proposal. The Commission is, seeking further comment on, you know, the cost that the proposal would save the industry as well as the SROs.

They are also seeking comment on, the ability of the Commission to do its, oversight of the markets given that the changes the SROs are proposing regarding PII within the CAT. You know, as you mentioned, you know, we strongly, support the SROs. Proposal and we’d like to see the commission act on it, though, as Ken you know, that, we really think the SEC should, give direction to the industry regarding what it expects as far as CAT reforms. I note that the SEC has, directed authority, to make changes to NMS plans, which the CAT, as you noted, is an NMS plan. And it has used this authority in the past, back in 2020, the SEC was frustrated with the SROs slow pace and standing up the CAT and so they, impose financial, penalties, essentially accountability milestones on the SROs, you know, for the SROs to complete the CAT in a timely manner.

As you mentioned, I think, you know, those, financial accountability milestones did lead to the CAT, being stood up rather rapidly, but I think it did so in a way that didn’t really focused on cost or efficiencies and so, as you mentioned, we really call on the SEC, to lead all CAT reform efforts. It is an NMS plan. But, you know, from our perspective, the SEC, does have the authority, you know, to make changes to NMS plans and, and from our perspective, has made a lot of the significant policy choices related to CAT even though, it theoretically is operated by the SROs.

You know, one other thing I should note. We’ve asked for the SEC, to review as part of this review process that it’s conducting, to take a look at all the temporary exemptive relief it’s granted over the years and make the those, that relief, permanent. You know, there have been aspects of the CAT, I think for various reasons where, it’s challenging, if not impossible for the industry to report certain information, such as, the collection, verbal quote data, you know, calls and, and verbal transactions on floors and so that has been exempted. But, you know, we really call on the SEC to take a look in all the exempt of relief with a view towards making it permanent

Bentsen: Yeah. Just a couple of things I on that I’d point out. I mean, I think the, you know, in the proposed amendments, you know, one of the key things, is, is, you know, where the SEC previously gave exemption of not having to, submit PII. The proposed amendments would ban the submitting PII. That’s a really good start. The other thing is it would have the SROs destroy everything they’ve already collected. And that’s also important. So but these questions are being asked are important as well.

The second thing on your point about, you know, that the SEC does have authority to amend, you know, in NMS plans on its own we should remember, you know, the SROs did not come up with this idea on their own. The CAT was a creation by the by the SEC. They did it through the NMS plan. So what type of changes might be made depending again, on what the SEC thinks they want to do with the CAT. What other changes might they make that could, add more efficiency, reduce costs and protect, investor?

Corcoran: The CAT essentially, since it was stood up, requires, the SROs to produce the regulatory data for the SEC review on a par five basis. SEC through the CAT NMS plan has imposed, certain processing deadlines on the SROs to get the data right ready on it in term basis prior to that, T+5 deadline. We think that the, SEC could relax some of those in term processing deadlines and, you know, the CAT would still serve its, regulatory purpose. And by doing that, we think the CAT would actually, save a lot of cost.

Also note that the CAT, tech specs or technical specifications, that’s the, information that the, broker dealers are required to report to CAT are exceedingly complicated and hundreds, if not a thousand pages long. We believe that the tech specs can be scaled back, in a way that, you know, maintains the utility of the audit trail, but also, reduces the cost of our members reporting, certain information to the CAT.

One of the other areas that we’ve identified for, reform is data security and privacy in the CAT, which you’ve talked about many, many times over the years, noting that the CAT needs to be held to the highest, data security standards, as I mentioned. The SEC, you know, recently withdrew a proposal from, 2020, which would, significantly enhance the, data security of the CAT You know, what are our concerns or our members concerns regarding, the data held within CAT and what do you think about the SEC’s recent withdrawal of its data security proposal?

Bentsen: By some estimates, the CAT may well be the largest, one of the largest databases in the world. And so it’s obviously an environment rich target for bad actors and hackers and the like and as we mentioned, you know, it’s run by FINRA, an affiliate of FINRA, the regulator, it’s overseen by 25 SROs, including all of the, all of the equity exchanges. And, you know, by one estimate, you know, 4000 employees across all of those roles have access to CAT data. So by its very nature, you know, there’s a lot of risk around that.

The 2020 proposal we thought was actually quite good and and limiting who could have access to the data. One exchange could have access to another exchange’s data that that, you know, that it was held tightly within FINRA CAT. It wasn’t a fail safe, but it was better than where we are. And well, we might have been disappointed that it was withdrawn, I think that’s in some ways understandable, because that rule proposal languished for so many years and the SEC is trying to figure out, what it wants to do with CAT. That rule proposal should have been adopted iIn our view, you know, many years ago. And it’s unfortunate the Commission did not do it. All the more reason for, again, for doing the holistic review and thinking about, what should be reported, what is absolutely necessary to be reported, who should have access to that data, and so, this should be a key component of the SEC’s holistic review and and then, you know, future plans for the CAT, not only what are they going to collect, but how are they going to protect that data that they do collect? So we will be we’ll be watching that very closely.

Corcoran: So one of the other items that we have discussed, as I mentioned, for many years, is CAT funding. As I noted, the funding model that was approved by the SEC back in 2023 essentially allows the SROs to shift up pretty much all CAT costs on to the industry. We have called for the SEC to take on the funding obligation for the CAT it really is a regulatory system, that’s used by the commission, for the commission to do its or fulfill its regulatory mission. Ken, what are your thoughts about, you know, CAT funding and SEC taking over the funding obligation?

Bentsen: Our thinking on this is really evolved over time with our members after we, you know, battled over the constant, funding scheme proposals, from the SROs that we found just to be patently unfair. And, obviously the most recent iteration approved by the SEC is subject to litigation so we’ll have to see what the outcome of that litigation is. But, our members view has been that, and I should add, as I mentioned before as well, the fact that the industry which has been basically stuck with the bill, has no oversight or authority with respect to annual budgets, the cost, the amount of costs that were put in in the first place when they went to one vendor, then another vendor and so our members have come to the conclusion that this would really be better funded through the normal SEC budget, through its section 31 fees that would put it under, SEC direct oversight as well as Congress, direct oversight and bring more accountability. It would then pass through a section 31 fees do through the industry but it would be a more prudent approach to funding, in the way that the SEC other functions are funded.

So I think, you know, we made clear that, CAT’s costs should be reduced or should be better oversight. There should be, more robust protection of the data collected. There really needs to be an analysis of what really needs to be collected. But maybe, Joe, you can walk through how, some of the thoughts about what can what can be done to help?

Corcoran: So one of the ideas that we’ve actually suggested to the SEC, is that the CAT hire an external, technology, consulting firm to, conduct a holistic review of the CAT, its operations, its spending with a view towards figuring out ways the CAT can become more efficient, and reduce its cost. You know, this is a common practice within the technology industry, we understand to hire outside consultants to look at large systems and figure out ways to make them more efficient.

One of the things that I should note is the majority of the cost incurred by the CAT are, through its use of the cloud. And, you know, cloud processing, I think is is still somewhat, new and I think there’s ways, for a consultant to figure out how to make, potentially make, the CAT more efficient in that regard and so we think that, the SROs should pay for this but we do think that there would be tremendous benefit, to having the SROs, you know, hire such a vendor.

Bentsen: Well, with that Joe, I want to thank you, and our listeners for being with us today. And, and we hope that our listeners found these conversations to be as valuable as we did. Comments and questions are always welcome. Listeners can reach us via email at [email protected]. And for more information on our our views with respect to the CAT, please go to our website at sigma.org

—

You can listen to this conversation by following “The SIFMA Podcast” on Apple, Spotify, YouTube, or wherever you get your podcasts. Sign up to receive new episodes, delivered right to your inbox.

Related Resources

• Blog

  The CAT’s Out of Sync: Why the Audit Trail Needs a Tune-Up