Last week, the Securities and Exchange Commission’s Consolidated Audit Trail (CAT) initiative, which will give regulators a means to efficiently track all trades in real time, moved one giant step closer to reality with a call for public comments. Once completed, the CAT would be the largest and most sophisticated financial database ever built, absorbing all trading activity in the U.S. equity and options markets nearly instantaneously, from the time of order inception through routing, cancellation, modification, or execution.
SEC chairman Mary Jo White called the initiation of the CAT’s 60-day comment process “a major market structure milestone,” but such a proclamation might be considered hype, especially considering that the project is still at least three years away from completion. Even with those concerns, however, the comment process is a critical development for a plan some predicted would collapse under the weight of its own ambition.
In July 2012, the SEC adopted Rule 613 of Regulation NMS, requiring self-regulatory organizations(SROs)—including the Financial Industry Regulatory Authority and national stock exchanges—to jointly submit a national market system plan to create, implement, and maintain the CAT database. Rather than an open call for proposals, the hope was that by forcing SROs to work together, a better plan would emerge that was fair to all and consolidated the hodge-podge of audit trails currently in use.
The initiative evolved from efforts to make it easier for regulators to track trade data and determine the cause of aberrations, such as the “flash crash” that wreaked havoc on markets in 2010.
The proposed CAT NMS plan details the methods by which SROs and broker-dealers would record and report information, and how the data would be maintained to ensure its accuracy, integrity, and security. It requires data to be recorded contemporaneously and reported to the central repository by 8 a.m. on the day following the event. It also requires CAT data to be time-stamped in increments with a minimum granularity of one millisecond for all order events except manual order events (given a minimum of one second). SROs and broker-dealers will be required to synchronize their business clocks to within 50 milliseconds of the time maintained by the National Institute of Standards and Technology.
The plan sets an initial maximum error rate of five percent for data reported to the central repository, the percentage of reported orders or trades in which the data reported does not fully and accurately reflect the order or trade. It takes a phased approach to lowering this rate, with the ultimate goal of one percent.
SROs and the SEC would have access to the central repository for regulatory and oversight purposes. Data would be stored in a way that allows them to perform complex queries, such as reconstructing market events.
Data security requirements include protocols for encryption, storage, access, breach management, and the protection of personally identifiable information. The plan processor would be responsible for:
Requiring individuals with access to the central repository to agree to use CAT data only for appropriate surveillance and regulatory activities
Developing a comprehensive information security program as well as a training program that addresses the security and confidentiality of all information accessible from the CAT
Designating one of its employees as Chief Information Security Officer, who would be responsible for creating and enforcing appropriate policies, procedures, and control structures regarding data security
According to the CAT’s proposed implementation schedule, within two months of Commission approval, SROs would be required to select the plan processor from among the remaining bidders through a two-round voting process in which each SRO has one vote. Within one year of approval, SROs would be required to begin reporting data to the central repository. Within two years, large broker-dealers would be required to begin reporting data to the central repository. And within three years, small broker-dealers would be required to begin reporting data to the central repository
“In the almost six years since the SEC first proposed the creation of a CAT, cyber-threats have increased in frequency and sophistication.”
Randy Snook, EVP, Securities Industry and Financial Markets Association
As for whom the plan processor might be, the SROs have whittled the list to three bids: FINRA (working with Amazon Web Services), FIS Global (in partnership with Google), and Thesys Technologies (an affiliate of Tradeworkx).
“Regulators today face a variety of challenges in effectively overseeing today’s highly automated, complex, and dispersed securities markets,” White said prior to the announcement of a public comment period. “While FINRA and the exchanges currently maintain their own separate audit trail systems, and have worked diligently to improve them, these systems do not provide ready access to all of the data points necessary for effective oversight, such as customer identity and post-allocation information.” Nor do these systems provide a mechanism to easily track activity across multiple equities and options markets, she added, leaving regulators without access to data “that is increasingly necessary for us to effectively do our jobs.”
Commissioner Kara Stein recalled one event that drove home the need for such a database. On Aug. 24, 2015, numerous stocks opened extremely and unexpectedly low; some dropped nearly 50 percent and then quickly recovered, for no apparent reason. More than 1,200 trading halts were executed that day. It took four months for the initial report on what happened to be issued.
“Months-long delays in analyzing important market events are unacceptable in this digital age,” Stein said. “We need a clear and timely picture of what is going on in our markets to better minimize risk and increase resiliency … By peering into the flow of trading in our markets, we can develop policies and approaches that are based on real data.”
Nevertheless, Stein expressed concerns. “The industry has repeatedly argued in many contexts that microseconds matter,” she said. “However, the current proposal to allow reporting entities’ clocks to be out of sync by up to 50 milliseconds is inconsistent with this reality. At the speed at which today’s trading is done, this is like requiring police officers to travel by foot while the rest of the world travels by supersonic jet.”
The following is from the Securities and Exchange Commission's request for comments on its Consolidated Autit Trail proposal.
The CAT NMS plan also reflects exemptive relief from certain requirements of Rule 613 that the Commission previously granted. This exemptive relief provides the SROs with the flexibility to propose approaches in the CAT NMS plan that could potentially be more efficient and cost-effective than those required by Rule 613 without adversely affecting the reliability or accuracy of CAT data. Specifically, the exemptive relief permits the SROs to propose, in the CAT NMS plan, that:
Only options exchanges–but not options market makers–be required to report information to the central repository regarding options market maker quotations.
Instead of requiring a universal customer identifier for each customer to be used by broker-dealers for all orders, each broker-dealer could assign a unique firm-designated identifier (FDI) to each trading account. Under this approach, broker-dealers would be permitted to use an account number or any other identifier defined by the firm as the FDI, provided each identifier is unique across the firm for each business date. The plan processor would then assign a unique customer identifier for each customer.
Instead of requiring a universal identifier for each broker-dealer reporting data to the CAT, a broker-dealer could use its existing SRO-assigned market participant identifier. The plan processor would then assign a unique identifier for each reporting broker-dealer.
Instead of requiring broker-dealers to link a particular order or execution to an allocation, a broker-dealer could provide an allocation report that focuses on the shares allocated and the FDI of the applicable accounts or subaccounts.
Instead of requiring the receipt of manual orders to be time-stamped to the millisecond, a time stamp to the nearest second be permitted.
Source: Securities and Exchange Commission
Stein also questioned the plan’s initial error rate of 5 percent. Would it undermine the usefulness of the CAT?
Commissioner Michael Piwowar raised security concerns related to the personally identifiable information reported to the CAT, namely, whether the plan would create the same concerns that were raised in response to FINRA’s abortive CARDS proposal. He asked: “Does the plan create the same concerns that were raised in response to FINRA’s abortive Comprehensive Automated Risk Data System (CARDS) proposal.
CARDS would have created an automated process for brokers to submit books and records data at regular intervals, in a standardized format. Amid security concerns, and fears expressed throughout the industry and in Congress that its data trove would be a toy box for hackers, the plan was halted in April 2015.
Echoing what may ultimately be a common refrain, Randy Snook, an executive vice president at the Securities Industry and Financial Markets Association (SIFMA), said members of his trade group generally support the concept, calling it “a critical industry utility,” adding, however, that “a true collaboration among all market stakeholders will be vital,” especially regarding security and technology considerations.
“In the almost six years since the SEC first proposed the creation of a CAT, cyber-threats have increased in frequency and sophistication,” Snook says. “It is essential that it have robust protections for the massive volume of sensitive transaction data it will track and store, which will include PII, including social security numbers, for every person with a brokerage account.”
Snook also wants to see the CAT include necessary features to replace redundant and duplicative regulatory reporting systems. There must be a commitment to promptly eliminate systems such as FINRA’s Order Audit Trail System (OATS), the Electronic Blue Sheet (EBS) system, and the Large Trader reporting requirements, he says.
The funding model must be “equitable among not only CAT reporters but also CAT users,” he says. Funding should “take into account existing sources of regulatory revenue and cost savings realized by the SROs from the elimination of redundant and duplicative systems.”
Count Alexander Tabb, partner and COO at TABB Group, a financial markets research and strategic advisory firm, among those who see great potential. But, while the opening of a comment period “moves the ball forward” for the eventual development, “before everyone starts breaking out the champagne and party hats, there are still a lot of unknowns.”
Tabb sees the issue of clock synchronization among the important matters to resolve. “At least initially, it would be our assessment that 50 milliseconds is an awfully big time variable when you are talking about equities,” he says. “A lot happens in 50 milliseconds in the markets. If the CAT is supposed to be this all-encompassing map of what happens, I don’t know how they are going to resolve that.”
A critical complexity is that the marketplace consists of firms of all sizes and “not everyone can change their systems to provide for a clock synchronization of less than 50 milliseconds without spending a heck of a lot of money,” Tabb says. “The cost becomes a huge factor for the brokers who have to make the changes. Time-stamping is a big and complicated issue, especially when you talk about all the different exchanges and dark pools and Alternative Trading Systems that are out there.”
Tabb notes that brokers are often thought of as being big players, such as Citi, Goldman Sachs, JPMorgan, and Morgan Stanley, but the vast majority of brokers are much smaller institutions. “There are a lot of cats to herd to get them on board, submitting data and keying data into the system,” Tabb says.
As a result, Tabb says, brokers do not want the CAT to be a mechanism to “beat them over the head for money.” With the current reporting system, especially with EBS and OATS, brokers can be fined immediately if there is a problem. Even if the CAT plan calls for these systems to be retired, there is no mandate for the timing of doing so. “The last thing that institutions want to do is be double taxed,” Tabb says. “They are especially concerned that if FINRA does not win the CAT administrator role, they are actually incentivized not to close the gap [and forgo the revenue stream fines provide].”
“The brilliance of the CAT plan, when it was initially developed by the SEC, is that they were smart enough to get it outside the purview of Washington,” Tabb says, adding an optimistic note. “When it was approved it was immediately given to the SROs, thus eliminating the ability of Washington to kill it. That’s big. There are a lot of questions, but it is now no longer a question of if, it is a matter of when.”