The House passed by voice vote on Monday bipartisan legislation to require the Securities and Exchange Commission and the Financial Industry Regulatory Authority to safeguard data provided on the Consolidated Audit Trail (CAT), which would track market trading activity.
The bill, the Market Data Protection Act of 2017, requires the SEC, which developed the CAT, as well as FINRA, to consult with the SEC’s chief economist and develop internal risk control mechanisms to safeguard and govern the storage of market data, all market data sharing agreements, and all academic research using market data available via CAT.
The SEC approved last November a national market system (NMS) plan to create a single, comprehensive database known as CAT to enable regulators to more efficiently and thoroughly track all trading activity in the U.S. equity and options markets.
The Wall Street Journal reported Friday that U.S. exchanges planned to seek a “last-minute delay in the launch” of CAT, which was scheduled to be released Wednesday. The SEC declined to comment on whether it had received such a request.
“The exchanges have discussed seeking up to a one-year delay but could request a shorter delay based on behind-the-scenes feedback from the SEC,” sources told The Journal.
Rep. Warren Davidson, R-Ohio, a member of the House Financial Services Committee who sponsored the bill, said the recent Equifax breach and a cyberattack against the SEC’s EDGAR database of public company information “intensify the need to ensure top cybersecurity controls are in place.”
“We need to make sure our house is in order at the SEC,” Davidson said. “We know there are serious flaws in the way the SEC maintains its data, and in the ways they respond to and communicate errors and omissions. These flaws undermine the trust and confidence of the customers the SEC regulates.”
In September, House Financial Services Committee Chairman Jeb Hensarling, R-Texas, wrote to SEC Chairman Jay Clayton and urged him to delay implementation of the CAT system “until the SEC can implement information security safeguards and internal controls to ensure the security of confidential and sensitive data.”