Press Releases

Subcommittee Examines Cybersecurity of Consolidated Audit Trail

WASHINGTON, November 30, 2017 -

WASHINGTON – The Subcommittee on Capital Markets, Securities and Investment held a hearing Thursday to examine the security of the Consolidated Audit Trail (CAT), a central repository for order and trading activity data.

“The importance of cybersecurity cannot be overstated,” said Subcommittee Chairman Bill Huizenga (R-MI). “The ability … to safeguard non-public financial information and other highly sensitive data is paramount because it instills confidence in the markets. The federal government, namely the SEC, cannot afford to get this wrong.”

Key Takeaways

·        The CAT, and all related entities, must have proper safeguards to store and access the data that is collected.

·        Draft legislation discussed by the Subcommittee, “The American Customer and Market Information Protection Act,” would require safeguards to be put in place so the CAT can be implemented on a reasonable timeline, while also requiring the Securities and Exchange Commission to confirm that the benefits of collecting any personally identifiable information (PII) outweigh the costs.

Topline Quotes from Witnesses

“The CAT must be secure. . . . The immense ‘connectedness’ of the internet means that today systems with very sensitive information are directly or indirectly connected to billions of individuals around the globe.” -- Mike Beller, Chief Executive Officer, Thesys Technologies, LLC

“I commend the Subcommittee for conducting this hearing and for continuing to focus on ensuring that the CAT is developed efficiently and effectively while insisting that data security around the CAT is vigorous and robust. I am concerned about the risks associated with storing PII in the CAT database.” -- Chris Concannon, President and Chief Operation Officer, Chicago Board of Options Exchange

“If sensitive identifying information is going to be included in the CAT, then the SEC and the SROs must provide much better assurances on data security than they have so far. Financial firms and regulatory agencies share a common goal in securing and protecting the data entrusted to them by clients and financial institutions. However, the current CAT development plan raises serious concerns around data protection and the ability to confidently secure the critical information it will contain. In particular, the draft CAT technical specifications that have been released to date include alarmingly few details on data security and protection.” -- Lisa Dolly, Chief Executive Officer, Pershing on behalf of the Securities Industry and Financial Markets Association


Print version of this document