Securities Regulation Daily American Securities Association challenges CAT on privacy grounds
Tuesday, May 19, 2020

American Securities Association challenges CAT on privacy grounds

By John M. Jascob, J.D., LL.M.

The trade group of middle-market broker-dealers has petitioned the D.C. Circuit to stop the SEC from collecting personally identifiable information in the CAT database.

The American Securities Association (ASA) has filed a legal challenge to aspects of the SEC’s plan for a Consolidated Audit Trail (CAT) for the National Market System that would collect personally identifiable information (PII) of retail investors. In a petition filed with the D.C. Circuit Court of Appeals, the trade group of small and regional financial services firms has asked the court to review Exchange Act Rule 613, which created the CAT in 2012, as well as Commission’s 2016 order approving the CAT NMS plan. The petition also seeks review of the SEC’s order on March 17, 2020, granting conditional relief to market participants who would collect personally identifiable information from retail customers for inclusion in the CAT (American Securities Association v. SEC, May 15, 2020).

Although the petition itself contains no mention of the specific grounds on which it is seeking review, the ASA issued a news release discussing the basis for the suit. "The ASA supports the implementation of the CAT and believes it will be beneficial to our securities markets," said Chairman Ron Kruszewski, who also heads Stifel Financial Corp. "However, the ASA firmly believes that the collection of investors’ PII into a centralized database is an unnecessary and substantial risk to the privacy of American investors. There can be no reasonable cost benefit analysis which supports risking investors’ privacy, especially when this data is currently available today on a when-needed basis. This lawsuit is not about market surveillance, but instead about protecting the privacy of American investors."

In the news release, the ASA also announced the launch of, which it calls "a nationwide grassroots movement mobilizing all Americans to help stop the collection of retail investor data." The website claims that survey findings show that 89 percent of Americans strongly oppose sending their personal information to the CAT.

CAT’s out of the bag. In July 2012, the SEC adopted Rule 613 of Regulation NMS, which required self-regulatory organizations to jointly submit an NMS plan to create an audit trail allowing regulators to track all activity throughout the U.S. markets in NMS securities. The Commission approved the CAT plan in November 2016, with then-Chair Mary Jo White saying that having a central repository for trade and order data would improve regulators’ ability to conduct market research, reconstruct market events, and identify and investigate market misconduct. On April 20, 2020, the SEC issued an order exempting SROs from collecting individual social security numbers or individual taxpayer identification numbers, dates of birth and account numbers. Instead, broker-dealers would be required to report an account holder’s name, address, and birth year.

In the ASA’s view, however, the collection of this information would not bolster the SEC’s ability of the SEC to oversee equity markets more effectively. The group observes that the SEC has had no difficulty in bringing enforcement actions against individuals who violate its trading rules, noting that the Commission brought over 400 insider trading cases between 2011 and 2019 alone. According to the ASA, collecting retail investor data will needlessly subject millions of investors to identity theft by cyberhackers for no regulatory benefit. A more effective approach, the group suggests, would be to assign IDs to every corporate actor in the financial markets, including financial institutions, hedge funds, asset managers, insurance companies, high-frequency traders, and other large traders.

In a May 2019 letter to the SEC requesting amendment of the CAT NMS plan to remove the collection of retail investor data, the ASA observed that the CAT "will be one of the largest databases in history," collecting and storing information related to the millions of trades that take place daily in the U.S. equity markets. "The amount of market-moving as well personal and financial information stored in the CAT will make it a prime target for cybercriminals, who have already demonstrated a willingness and ability to hack into ostensibly ‘secure’ government and private sector databases," the letter continued. "With the realities of today’s cyber threats, it will unfortunately not be a question of if the CAT is hacked into, but when."

By the court’s order, the ASA must submit its statement of the issues to be raised as well as other documents by June 17, 2020.

The case is No. 20-1157.

Attorneys: William Spencer Consovoy (Consovoy McCarthy PLLC) for American Securities Association.

Companies: American Securities Association

MainStory: TopStory BrokerDealers CyberPrivacyFeed LegislativeRegulatoryActivity Enforcement ExchangesMarketRegulation DistrictofColumbiaNews

Back to Top

Interested in submitting an article?

Submit your information to us today!

Learn More

Securities Regulation Law Daily: Breaking legal news at your fingertips

Sign up today for your free trial to this daily reporting service created by attorneys, for attorneys. Stay up to date on securities regulation legal matters with same-day coverage of breaking news, court decisions, legislation, and regulatory activity with easy access through email or mobile app.