SEC delays parts of market surveillance initiative until 2024

The Securities and Exchange Commission delayed implementation of some parts of a comprehensive market surveillance system for two years. But opponents, including an SEC commissioner, want to see the project killed.

In 2016, the SEC approved a rule to establish the Consolidated Audit Trail, which would capture data on customers and orders for exchange-listed equities and over-the-counter securities across all U.S. markets. The system would provide the SEC with an enormous database of information to help the agency detect and quickly react to events that disrupt the markets and could potentially harm investors.

But concerns about data security have dogged CAT, which would be run by 25 self-regulatory organizations, including the Financial Industry Regulatory Authority Inc. Brokerages were supposed to begin collecting customer information for the CAT this month but in May, Finra delayed implementation of the CAT customer and account information system until the end of this year.

In an order on Friday, the SEC pushed back implementation of some SRO reporting obligations until July 2024. That move doesn’t go far enough for opponents.

“The CAT, a project designed to give the Securities and Exchange Commission and other regulators comprehensive market insight, has proved much harder and more expensive to implement than anyone anticipated,” SEC Commissioner Hester Peirce said in a statement. “I have grave concerns about the whole project. The dollars, distraction, dissension, and drain of endless meetings over the past several years of CAT implementation are reasons enough to reconsider the entire project; the risks to liberty and security posed by the project should compel us to do so.”

In 2019, former SEC Chairman Jay Clayton tried to assuage concerns about data privacy by asserting that CAT would collect only basic personal information from investors and not expose to them to identity theft.

But over the last several years, industry groups and lawmakers have continued to push the SEC — and current Chairman Gary Gensler — to do more to fortify CAT customer data.  

“While we welcome the delay, the SEC must reconsider concentrating all of the personal and financial information of every American investor in a centralized database,” American Securities Association CEO Chris Iacovella said in a statement. “CAT is, and will remain, incredibly vulnerable to hackers and state sponsors of espionage like Russia and China, which makes it one of the most important investor protection issues the SEC faces.”

In a June 16 letter to Gensler, four senators said the SEC must prevent the CAT from becoming a target for cybercriminals and countries that want to harm Americans.

“The most obvious and necessary step the SEC can take is to eliminate the collection of all [personally identifiable information] under the CAT,” wrote Sens. John Kennedy, R-La., Cindy Hyde-Smith, R-Miss., Jerry Moran, R-Kan., and John Boozman, R-Ark. “Collecting and storing PII serves no regulatory purpose, it’s unconstitutional and the SEC’s ability to monitor potential risks in the equity market will not be diminished without PII.”