Regulators assure industry CAT will not expose consumer data

SEC chairman Clayton says the agency will come to an agreement with the industry over what information to collect on equity trades

Apr 1, 2019 @ 2:25 pm

By Mark Schoeff Jr.

Recent remarks by Securities and Exchange Commission chairman Jay Clayton regarding a market-surveillance system in the works seem to be allaying financial industry fears that it will collect investors' personal information.

Last week, Mr. Clayton told a Securities Industry and Financial Markets Association conference the agency is working on a unique customer identification for the so-called Consolidated Audit Trail, which would compile data on all orders for U.S. exchange-listed and over-the-counter equities. He also said the SEC would work with the industry to reach an agreement on the data the system retrieves and how it would be compiled.

"There are solutions here," Mr. Clayton said. "We'll get to a responsible place on customer data as long as everybody remains constructive."

An SEC spokesman elaborated about Mr. Clayton's position in an email Monday: "Chairman Clayton's comments highlight that to address concerns regarding consumer PII [personally identifiable information] and to minimize cybervulnerabilities, the SEC is supportive of an approach that no longer requires Social Security numbers to be maintained in the CAT repository."

The Wall Street Journal first reported the development last week.

Christopher Iacovella, chief executive of the American Securities Association, argued in a March 14 comment letter to the Senate Banking Committee that CAT could expose investor data to online theft.

"I'm very happy to see that the SEC chair agrees that retail investor PII should not be collected by the CAT," Mr. Iacovella said.

Mr. Iacovella said the ASA, which represents regional broker-dealers, supports a market-wide surveillance system to flag potential investor harm posed by certain securities transactions. But that system would jeopardize investor safety if it collected information such as their Social Security numbers.

"If that were to happen, the CAT would become the world's biggest one-stop shop for cybercriminals," he said.

CAT is similar to an idea pursued several years ago by the Financial Industry Regulatory Authority Inc. to use data analytics to target potential investor harm. The Comprehensive Automated Risk Data System was ultimately killed due to industry worries about the security of customer data.

"SIFMA appreciates the SEC's focus on the development of CAT," SIFMA managing director Ellen Greene said in a statement. "SIFMA has ongoing material concerns regarding CAT data security. Given increasing cyberrisk, we urge regulators to ensure the CAT is effective and secure."

In late February, Finra was put in charge of creating CAT.

"The collection of PII is not imminent, so there is time to have this conversation," Finra chief executive Robert Cook said at the SIFMA conference.


What do you think?

View comments

Recommended next


Hi! Glad you're here and we hope you like all the great work we do here at InvestmentNews. But what we do is expensive and is funded in part by our sponsors. So won't you show our sponsors a little love by whitelisting It'll help us continue to serve you.

Yes, show me how to whitelist

Ad blocker detected. Please whitelist us or give premium a try.


Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print