SIFMA Asks SEC to Pause Activity in the CAT to Assess Need to Collect Investors’ Personally Identifiable information

Washington, D.C., January 28, 2021 – In a letter to the Securities and Exchange Commission (SEC) today, SIFMA requested that the SEC immediately order a temporary pause related to the further development and implementation of the final full Customer & Account Information System (CAIS) technical specification on customer and account reporting to the Consolidated Audit Trail (CAT).  This pause would allow for an assessment of whether the personally identifiable information (PII) and other customer-related data planned to be reported to and maintained within the customer database is necessary or appropriate to fulfill the purpose of the CAT, particularly in light of the evolving risk landscape.

“SIFMA member firms continually voice concerns about the type and amount of PII data to be reported to and maintained in the CAIS database of the CAT,” said Kenneth E. Bentsen, Jr., SIFMA president and CEO.  “Those concerns have only increased with and been validated by the SolarWinds hack, which has been reported to include systems at the Treasury, Commerce and Energy Departments, as well as the systems of other governmental agencies.  Given the size and scope of the CAT, it is imperative the CAT be held to the highest security standards, not only to maximize the efficacy of the system itself, but also to bolster the confidence of market participants reporting into the system, and to ensure investors their personally identifiable information will not be at risk of a data breach.  We continue to have grave concerns about the need for and security of customer data provided to and maintained in the CAT, and we continue to believe there are more secure alternatives.  Pausing now, while the full CAIS technical specification is being finalized and implemented, would allow the Commission to assess whether the PII and other customer-related data to be reported to and maintained within the CAIS database is necessary or appropriate to fulfill the purpose of the CAT, particularly given the current threat environment.”

SIFMA notes its members have been diligently working to implement the CAT transaction database despite their concerns over the amount of PII data to be collected and the security of that collective data.  When it’s completed, the CAT will become the world’s largest database of equity securities and listed options transactions, including personal information for every retail brokerage client in America, totaling over 100 million institutional and retail accounts; order details on every stock transaction in America, including trades for all retail customers, pension funds, and mutual funds; and order details on every options transaction in America.

In 2017, SIFMA developed an alternative approach to the CAT collecting and maintaining investors’ PII in response to a request from former Chairman Clayton.  We believe that the requested pause will allow the Commission to consider whether the alternative approach may make sense in light of information learned from the SolarWinds hack.

Halting the further development and implementation of the final CAIS specification would in no way impede the ongoing collection of transaction data which commenced last year, nor would it delay the implementation of the CAT because the customer and account reporting portion of the CAT is not scheduled to go live until July 2022.

-30-

SIFMA is the leading trade association for broker-dealers, investment banks and asset managers operating in the U.S. and global capital markets. On behalf of our industry’s nearly 1 million employees, we advocate for legislation, regulation and business policy, affecting retail and institutional investors, equity and fixed income markets and related products and services. We serve as an industry coordinating body to promote fair and orderly markets, informed regulatory compliance, and efficient market operations and resiliency. We also provide a forum for industry policy and professional development. SIFMA, with offices in New York and Washington, D.C., is the U.S. regional member of the Global Financial Markets Association (GFMA). For more information, visit http://www.sifma.org.