There’s no stopping the implementation of the Consolidated Audit Trail, despite persistent concerns about data privacy and potential cybersecurity breaches of information. So broker-dealers need to be ready, warns SEC Chairman Jay Clayton.

The broker-dealer industry is facing various deadlines to comply with the requirements of the CAT.

Connectivity testing for the CAT is expected to start in the third quarter of next year. Reporting on transactions is expected to take place in the fourth quarter of next year, and reporting of personally identifiable information (PII) is expected to happen in 2022.

“It’s full steam ahead to get this done and I expect to be able to resolve these PII issues,” Clayton said Tuesday at the Sifma Annual Meeting in Washington, D.C.

The CAT is a single comprehensive database expected to store an unprecedented amount of sensitive trade data and PII. In an earlier announcement from the SEC, the information included an investor’s name, address, date of birth and Social Security number or Individual Taxpayer Identification number.

The CAT is expected to take in 58 billion records daily — including orders, cancellations, modifications, executions and quotes for the equities and options markets — and maintain data for more than 100 million customer accounts and their unique customer information, according to parties involved in the CAT.

“Fundamentally, we’re not taking any of it [PII] unless we believe that we can protect it. And we’re going to minimize what [information] we do take at the end of the day,” said Clayton.

He stressed the importance of the CAT to the stability of the capital markets and the investment industry.

“From a policy point of view, the ability to do market reconstruction is something that we believe is necessary. And I think history has demonstrated that we need to be able to do that across markets,” he said.

"Worst conceived, worst executed projects"

It would not be enough for the SEC to be able to react to a capital market attack or disruption within 30 to 60 days, Clayton said. “We need to be able to do it fairly quickly.”

The CAT was created in response to the flash crash of May 2010, which saw up to $1 trillion in the value of U.S. stocks erased in a matter of minutes before markets rebounded.

It took five months before the SEC and the Commodity Futures Trading Commission completed a report on their investigation of the flash crash, which placed the blame on one trader in London.

The CAT is intended to give the SEC and SROs the ability to monitor, analyze and investigate trading activities in the equities and options markets on a consolidated basis with the end goal of better protecting investors.

Clayton said the discussions about data privacy and security issues have been “very mature” recently and the SEC has offered a proposal to quell any fears related to the data to be stored in the CAT.

“This is a simplistic description, but I describe it as phone book information. I think that with phone book information, we can do our surveillance job. I would encourage people to get on board that proposal,” Clayton said.

Clayton acknowledged that the planning that has led to the CAT, which started before he became SEC chairman in 2017, has been problematic.

“We’ve had real problems. I’m not going to sit here and speculate on the causes. But let’s just say that this was one of the worst conceived, worst executed projects I’ve seen, and I’ve seen a few,” he said. “We’re back on track.”

Jay Clayton

In September, the SEC voted to propose amendments designed to bring greater transparency and accountability to the implementation of the CAT.

The SEC says the proposed amendments to the CAT National Market System Plan would require SROs that are participants in the CAT NMS Plan — such as Finra — to file with the watchdog and publish a complete implementation plan for the CAT and quarterly progress reports.

Each plan must be approved by the Operating Committee established by the CAT NMS Plan and submitted to the CEO, president or equivalently-situated senior officer at each SRO, according to the SEC.

The proposed amendments would also include financial accountability provisions that establish target deadlines for four implementation milestones and reduce the amount of fee recovery available to the SROs if those target deadlines are missed.