November 8, 2017

Chairman Jay Clayton
U.S. Securities and Exchange Commission
100 F Street, N.E.
Washington, D.C. 20549-1090

Re: Rule 613 Consolidated Audit Trail (Adopting Release No. 34-67457; July 18, 2012) and Consolidated Audit Trail NMS Plan (Release No. 34-79318; File No. 4-698) – Request for Extension of Compliance Date and Consideration of Targeted Changes to the Rule

Dear Chairman Clayton:

The Securities Industry and Financial Markets Association (SIFMA)1 appreciates the opportunity to share our concerns regarding the Consolidated Audit Trail (CAT) with the Securities and Exchange Commission (“SEC” or “Commission”). SIFMA members are experiencing and foresee significant and fundamental difficulties in their efforts to achieve compliance with the current large broker dealer implementation date of November 15, 2018.2 These challenges include a governance structure that does not give the industry a significant voice, a timeline and implementation schedule that does not reflect the reality of large scale process changes, and proposals to eliminate duplicative regulatory reporting systems that are not sufficiently aggressive. The industry also has material concerns regarding CAT data security, as well as the ability of critical parties to protect this highly sensitive data, which includes personally identifiable information (PII) and proprietary transaction data. These concerns have been heightened following the highly publicized Equifax and SEC Edgar breaches. Accordingly, the SEC should examine the cost and benefit of the CAT collecting extremely sensitive PII given the serious concerns around data protection and the ability of the CAT, the SROs, the SEC and CAT Reporters to confidently secure the critical information it will contain. As a result, on behalf of our Members, we respectfully request prompt Commission action to delay the November 15, 2018 compliance date for large broker dealer reporting to the Consolidated Audit Trail for a meaningful period to provide enough time to address the complex issues described below.

The extension period would serve three important purposes.

i. Allow the enhancement of the CAT governance structure to include a new collaborative industry steering committee responsible for the development and administration of a CAT implementation plan.

ii. Permit Thesys sufficient time to develop robust technical specifications with industry input, and provide for adequate time for software development and testing, which will pave the way for high-efficacy CAT data to facilitate a prompt retirement of duplicative reporting systems. In addition, a phased implementation approach would allow for a smoother implementation process.

iii. Allow Thesys and the SROs to undertake a rigorous review of the CAT’s data security (as required by the NMS Plan) and amend the Plan such that no data may be downloaded from the CAT. We believe the Commission should reconsider the need for individual investor PII in CAT as measured against the risk of a cyber breach.

1. Governance Recommendations

SIFMA recommends that the SEC empower a Consolidated Audit Trail Industry Steering Committee (CAT ISC), like the T+2 Industry Steering Committee that successfully oversaw the migration to a shorter settlement cycle,3 to directly interact with the CAT Operating Committee. This CAT ISC should consist of senior staff from Thesys, the SRO’s (including FINRA and representative exchanges) and industry members representing retail and institutional customers, options firms, clearing firms, regional firms, small firms and service providers, resulting in a broad cross representation of the industry.4 The CAT ISC should engage with the Operating Committee and SEC on all aspects of industry member CAT implementation to ensure that 1) the design can be supported by firms; 2) data security standards are comprehensive for all CAT Reporters and users of the data, and 3) compliance reporting and the elimination of systems occur in a prompt and coordinated manner. The CAT ISC should have responsibility for the development and implementation of a CAT program management process that, in conjunction with Thesys and the SROs, would be responsible for the development of a project plan that includes final technical specifications, robust testing and a phased implementation approach.

SIFMA is committed to working as part of the CAT ISC to ensure that SIFMA Member firms who participate are senior industry professionals, creating a peer to peer group, focused on the development and implementation of CAT. The CAT ISC should hold regular meetings with the Operating Committee, as well as regular status meetings with the Commission to ensure sufficient progress is made on milestones, and guarantee a strong voice for the industry.

Continue Reading >

1 SIFMA is the voice of the U.S. securities industry. We represent the broker-dealers, banks and asset managers whose nearly 1 million employees provide access to the capital markets, raising over $2.5 trillion for businesses and municipalities in the U.S., serving clients with over $18.5 trillion in assets and managing more than $67 trillion in assets for individual and institutional clients including mutual funds and retirement plans. SIFMA, with offices in New York and Washington, D.C., is the U.S. regional member of the Global Financial Markets Association (GFMA). For more information, visit http://www.sifma.org.

2 Rule 613 Consolidated Audit Trail

3 SIFMA believes that the industry’s experience implementing the reduction in the settlement cycle for equities and other securities, from trade date plus three to trade date plus two, was a prime example of how to undertake a major regulatory implementation. The industry was fully engaged in the process, which was driven by a Steering Committee comprised of industry representatives on the sell- and buy-side, along with DTCC. The timeline was established after the requirements were identified, allowing for adequate time for the software development cycle, coordinated industry tests, and the necessary time to ensure a successful transition in September 2017. SIFMA recommends that the SEC utilize this initiative as a model for project management given its success at mitigating risk upon conversion.

4 Unlike the current CAT Advisory Committee, the CAT ISC should not be subject to a non-disclosure agreement (NDA) in order for its members to effectively solicit input from relevant industry group members and industry subject matter experts, when required. The CAT ISC should not need to be privy to confidential dealings of the CAT Operating Committee to achieve its goals of providing a collaborative forum to oversee the CAT industry member implementation program.