SAF Joins Coalition Urging the SEC to Refrain from Implementing the CAT

Shareholder Advocacy Forum joined a coalition of free market groups led by Heritage Action for America encouraging the Securities and Exchange Commission to press pause on implementing the Consolidated Audit Trail.

The CAT National Market System is a database established after the 2010 “Flash Crash”, as the SEC began requiring broker-dealers, trading venues and stock exchanges to report all securities transactions and customer information to a single database this year. The SEC is moving to implement the CAT as a way to consolidate the information to monitor for market manipulation under which broker-dealers are required to report.

SAF shares the concerns of members of Congress, current SEC Commissioner Hester Peirce, and organizations representing private businesses and everyday investors who fear the collection of personal identifiable information leaves the CAT a ripe target for cyber theft, and does little to stamp out fraud within the financial markets. Additionally, the SEC has failed in the past to secure private information submitted by businesses. In September 2017, the financial regulator’s Electronic Data Gathering, Analysis and Retrieval system was infiltrated. The SEC’s EDGAR system stores the information of public company filings, which allowed the hackers to view, trade and profit from the information not-yet made public.

The CAT is a Delaware company jointly owned by broker-dealers on a co-equal basis, with the SEC, the Financial Industry Regulatory Authority, and 23 additional self-regulatory agencies having authority to access the database. The Heritage Foundation’s David Burton notes that as many as 3,000 regulatory users may be able to access the database. As it stands, it is not clear who bears the burden to compensate consumers and businesses if there is a data breach and regulators have the authority to write rules absolving themselves from responsibility. In effect, it is imperative the SEC demonstrates the agency is able to manage the same cyber risk they expect private businesses to defend against before fully implementing the CAT.