The Securities Industry and Financial Markets Association told the SEC on Wednesday that it opposes the regulator’s plan to “force all industry members” obligated to report to the Consolidated Audit Trail, or CAT, to assume “all the liability associated with a breach or misuse of data” in the CAT.
“We support the development of the CAT but have had longstanding concerns about the security of the CAT data,” Ellen Greene, SIFMA managing director, equity and options market structure, said in a comment letter Wednesday. “This is the largest collection of customer and trading data that has ever been collected and consolidated and a breach would have devastating effects on market integrity, investors and financial firms.”
Shifting the liability to industry members, Greene said, “is fundamentally unfair because the [self-regulatory organizations] SROs have the exclusive responsibility for maintaining the CAT and for implementing measures to protect the CAT against a data breach.”
SIFMA, she continued, strongly believes “those responsible for the data should bear the liability for any breaches, and we encourage the highest levels of security measures be put in place to protect investors.”
The comment period on the SEC’s plan, Proposed Amendments to the National Market System Plan Governing the Consolidated Audit Trail to Enhance Data Security, ended Wednesday.
The CAT is a regulatory reporting tool commissioned by the SEC and being developed by FINRA.
Former SEC Chairman Jay Clayton explained in September that the CAT “is intended to enhance regulatory oversight of our securities markets. Our equities and options markets operate through multiple exchanges and other venues and the CAT will facilitate cross-market oversight and analysis, thereby improving investor protection and market integrity.”
The SEC announced Tuesday that Manisha Kimmel, senior policy advisor, regulatory reporting, who has coordinated the SEC’s oversight of the creation of the CAT, will conclude her tenure at the end of January.