Securities and Exchange Commission Chairman Jay Clayton said Tuesday a pending market surveillance system will limit the amount of data it collects on investors to their names, addresses and telephone numbers — not the kind of personal information that could expose investors to identity theft.
Mr. Clayton addressed financial industry concerns about the so-called Consolidated Audit Trail, a mechanism that will capture data on customers and orders for exchange-listed equities and over-the-counter securities across all U.S. markets. When the system is implemented, the SEC will add more than 58 billion records daily to its database.
The CAT is designed to help securities regulators detect and quickly react to events that disrupt the markets and could potentially harm investors. But skeptics assert the system could expose investors' personally identifiable information to hackers.
In an appearance at the Securities Industry and Financial Markets Association annual meeting in Washington, Mr. Clayton said the SEC needs the ability to do "market reconstruction" but will keep investors' data safe in the process.
"With phone book information, we can do our surveillance job," Mr. Clayton said. "I would encourage people to get on board with that proposal. Fundamentally, we're not taking any [data] unless we believe that we can protect it, and we're going to minimize what we do take at the end of the day."
[Recommended video: Bernie Clark: Zero commissions give advisers more opportunities to win clients]
The customer database is scheduled to be implemented in 2022, while a transactions database will go into operation next year. Earlier this year, the Financial Industry Regulatory Authority Inc. was selected as the plan processor for CAT.
"It's full steam ahead to get this done," Mr. Clayton said. "I expect to resolve these [personally identifiable information] issues."
One particular area of concern for the industry is the collection of account details. Mr. Clayton said the CAT won't house customer account numbers.
"We're working on making sure that that's something that has appropriate … encryption or other techniques," Mr. Clayton told reporters on the sidelines of the SIFMA conference. "There are ways that you can identify accounts and traders without using account numbers."
Mr. Clayton's reassurances didn't assuage one CAT critic.
"The SEC is creating the world's largest one-stop-shop for cybercriminals just to appease career bureaucrats in the enforcement division," American Securities Association CEO Chris Iacovella said in a statement. "Moving forward with this policy is dangerous and reckless, and if they don't change course, this commission will own causing the identity theft of millions of American investors."
CAT is similar to an idea pursued several years ago by Finra to use data analytics to target potential investor harm. The Comprehensive Automated Risk Data System was ultimately killed due to industry worries about the security of customer data.
Mr. Clayton is trying to deliver CAT in what has become a long journey. The rule to create CAT was adopted in 2012.
"This was one of the worst-conceived, worst-executed projects I've seen," Mr. Clayton said. "We're back on track."
Register now for our ESG & Impact Forum at the U.N. on Dec. 5.