The SEC voted unanimously to approve a proposed national market system (NMS) plan to create, implement, and maintain a consolidated audit trail (CAT) that will allow regulators to track all activity throughout the U.S. markets in NMS securities. Chair Mary Jo White said that the central repository for trade and order data will improve regulators’ ability to conduct market research, reconstruct market events, and identify and investigate market misconduct.
In July 2012, the SEC adopted Rule 613 of Regulation NMS, which required the self-regulatory organizations to jointly submit an NMS plan to create the CAT. The Commission published the SROs’ plan for comment in April and received 24 comment letters.
White noted that commenters addressed a range of issues, including the security and confidentiality of CAT data, especially of personally identifiable information (PII), the governance structure of the CAT plan, the cost and funding of the CAT central data repository, the clock synchronization standard applicable to CAT reporters, and the timing of the retirement of duplicative regulatory reporting systems. The final plan incorporates several changes in response to the comments.
Plan provisions. The CAT plan provides that a plan processor will build a central repository that will receive, consolidate, and retain the trade and order data reported as part of the CAT. The plan will apply to NMS securities, including options, as well as to over-the-counter equity securities. At the various stages in the lifecycle of an order—origination, routing, modification/cancellation, and execution—SROs and broker-dealers will be required to submit certain information about the order to the central repository.
The CAT plan will require the data to be time-stamped in increments as granular as those used by the SROs and broker-dealers for their order handling or execution systems, but with a minimum time stamp granularity of one millisecond for all order events except manual order events. The plan requires broker-dealers to synchronize their business clocks to within 50 milliseconds of the time maintained by the National Institute of Standards and Technology (NIST). However, business clocks used for manual orders or the time of allocation will be able to be synchronized to within one second of the time maintained by the NIST.
The plan was amended by the Commission to require SROs to synchronize their business clocks to within 100 microseconds of the time maintained by the NIST. SROs also are required to assess industry standards for clock synchronization based on the type of market participant or system, rather than the industry as a whole, and reflect that new assessment annually in a report to the Commission.
Governance. The activities of the CAT will be conducted through a not-for-profit Delaware limited liability company (CAT LLC), which will be jointly owned by the SROs. An operating committee comprised of all the SROs will manage CAT LLC. In addition, an advisory committee consisting of, among others, broker-dealers of various sizes and specialties, institutional investors, a service bureau that provides CAT reporting services, an academic who is a financial economist, and a person with significant regulatory experience will provide input to the operating committee.
The CAT plan provides that the SROs and the Commission will have access to the data contained in the central repository for regulatory and oversight purposes. The data will be stored in a way that allows regulators to perform complex queries, such as reconstructing market events and the status of order books at various time intervals.
Data security. White said that cybersecurity is of paramount importance, as the CAT will be one of the largest financial databases in the world and will contain sensitive customer information. Data security was an area of focus of many commenters, White noted, and the plan was amended to provide for more robust information security standards for the CAT database.
The CAT NMS plan provides that all CAT data will be required to be encrypted both at-rest and in-transit, and all data centers housing CAT systems will be required to be certified by a qualified and unaffiliated third-party auditor. In addition, the plan processor must comply with the NIST Cybersecurity Framework and the SROs must maintain information security protocols with respect to their handling of CAT data that are as rigorous as those applicable to the central repository. The plan requires an annual evaluation of the information security program to ensure that it is consistent with the highest industry standards for the protection of data.
At the SEC, a cross-divisional steering committee of senior staff is being formed to design policies and procedures regarding Commission access to, use of, and protection of CAT data that will be comparable to those applicable to the SROs and their personnel and supplement the range of existing laws and standards applicable to Commission systems and employees.
Stein’s concerns. Although she voted to approve the CAT plan, Commissioner Kara Stein expressed concerns regarding several aspects of the plan. She stated that that while the amendment to require exchanges to synchronize their clocks to within 100 microseconds is an improvement over the initial proposal of 50 milliseconds, the revisions do not go far enough. In her view, the standard, which only applies to exchanges, should also include alternative trading venues and high speed algorithmic traders.
She also is disappointed that the CAT plan does not require the use of legal entity identifiers (LEIs), which are unique identifiers for global market participants. The use of LEIs would allow people to categorize and understand financial entities and financial instruments no matter where they originate in the world, she said. Stein had requested that at a minimum, the exchanges and FINRA be required to provide a report on the feasibility of requiring LEIs, but that was not included in the plan. She believes that omission is a mistake, and she called for the exchanges and FINRA to remedy the problem going forward.
MainStory: TopStory AccountingAuditing PublicCompanyReportingDisclosure
Interested in submitting an article?
Submit your information to us today!Learn More