Government in the Dark: SEC Use of CAT Data in Rulemaking Raises Concerns

The financial services industry remains deeply concerned over aspects of the Consolidated Audit Trail (CAT), including the well-publicized concerns regarding privacy implications of the system and its funding model.  The SEC’s use of CAT data for major rulemakings, however, has not received attention, but it is a very problematic practice for the following reasons:

  • The CAT was mandated by the SEC in response to the 2010 flash crash to collect extensive trade and personal identifying information (PII) on every equity and option transaction in the United States. Operational since 2020 with regard to trading activity, and fully operational as of June of this year, the CAT is the largest securities transaction database in the world.
  • The raw data collected by the CAT is not accessible by the public, for good reason, and yet the SEC has sat on rules to further restrict access to such data for thousands of exchanges and other self-regulatory organizations’ (SRO) employees who now enjoy access to the data. That’s a problem.
  • But another problem is the SEC using CAT data to conduct its analysis, including its Congressionally mandated cost benefit analysis, in rulemaking. Given the breadth of CAT data, it is understandable that the SEC would want to use such data for rulemaking.  However, the SEC has not allowed the public or stakeholders access to anonymized versions of CAT data it uses in rulemaking.
  • The SEC proposing major rulemaking purportedly to address a market failure or “problem” supported by cost benefit analysis based on data that only the SEC may review creates a conundrum for stakeholders. Without access to any such data, the public has no way to verify or quantitatively challenge the SEC’s assertions.
  • The Freedom of Information Act (FOIA), landmark legislation designed to shed light on government operations, is supposed to alleviate such situations. And yet, as SIFMA has experienced first-hand, the current FOIA process is not an effective mechanism to access and review the data.
  • The secrecy of CAT data, when it is used to form the basis of rulemakings, is inconsistent with the SEC’s obligations under the Administrative Procedure Act (APA), and caselaw makes clear that data used to support agency rulemakings should be made public. Recognizing the extreme sensitivity of CAT data, SIFMA has repeatedly offered to work with the SEC on creating a secure mechanism for the public to review and evaluate the data in a manner that also protects it and related PII.

Over the past year, the CAT has received increased attention largely on the privacy implications and constitutionality of this government-mandated system in which the SEC collects and maintains personally identifiable information (PII) on all equity and listed options investors in the U.S. regardless of whether they are breaking any rules.  The SEC proposed a data protection rule in August 2020—yes, four years ago this month—to further shield access to the data collected by the CAT, and yet that rule is still pending.  Some of the attention also relates to the SEC’s approval last year of a funding model for CAT in which the SROs and broker-dealers are forced to pay 100% of the system costs even though the SEC is the primary beneficiary of it.

While the collection of PII, the lack of adequate data protection, and inequitable cost allocation are very legitimate concerns that must be addressed, so too must the SEC’s extensive use of CAT data to justify major rulemakings it has proposed recently.  While the use of data by the SEC and other regulators to propose rules should be applauded, the problem with CAT data is that it is not able to be reviewed by the public, absent the SEC being willing to and developing a process to make such data available in a sufficiently anonymized format.  What this means in practice is that the SEC can rely on CAT data to conduct studies identifying apparent market problems and inefficiencies to defend major rulemakings, yet no one outside the SEC is able to review that data to evaluate whether the SEC made mistakes in its studies or drew faulty conclusions.

These concerns are not theoretical.  As many market participants are aware, the SEC in December 2022 issued four proposals (Proposals) that would significantly change the regulatory framework and structure of U.S. equity markets.  In issuing each of the Proposals, the SEC relied extensively on CAT data to identify supposed market problems and justify why the Proposals would address those problems.  The SEC has since adopted one of the Proposals—the Disclosure of Order Execution Information (the Rule 605 update)—in March of this year, but the other three remain outstanding and the SEC’s use of CAT data to justify each of them was extensive.

Immediately after the SEC issued the Proposals, SIFMA submitted a comment letter in February 2023 in which we requested that the SEC, under FOIA, make public certain anonymized CAT data and other information that the SEC relied on in formulating the Proposals.  Despite numerous SIFMA letters and emails to the SEC regarding our FOIA request since that time, the SEC has been unwilling to engage with us on a reasonable approach to addressing our request in a timely manner, which is critical given the SEC’s publicly-stated imminent timeframe in which it plans to finalize the remaining Proposals.  Instead, the SEC has placed our FOIA request in the “complex track” and stated that it will not begin to process it or conduct reviews for responsive material for three years or more—long after the SEC is planning to finalize the Proposals.1 As we noted in our February 2023 request, “[i]t is simply not possible for the public to substantively evaluate the purported costs, benefits, effects, and economic baseline on which the Proposals are based if the Commission uses ‘secret data’ that is unavailable to the public.”2

The SEC’s current rulemaking approach, in which it relies on publicly unavailable CAT data, is not only bad policymaking, it is inconsistent with the SEC’s obligations under the APA.  Caselaw over the years has made clear that the APA “requires the agency to make available to the public, in a form that allows for meaningful comment, the data the agency used to develop the proposed rule.”3  As it stands currently, commenters have no access to CAT data—even in anonymized form—the SEC used to develop the Proposals, making it difficult to provide meaningful comment on rulemakings that would significantly alter U.S. equity market structure.

SIFMA has long recognized the extreme sensitivity of CAT data and repeatedly advocated for the maximum protection of it.  Indeed, in August 2020, the SEC proposed a rule that would enhance the security of CAT data and SIFMA supports its adoption.4 Instead of finalizing this rule and improving the protections around CAT data, the current SEC seems intent on moving forward with proposals such as the ones noted above, which the SEC posits will improve equity market structure, but that commenters are unable to meaningfully evaluate because they don’t have access to the CAT data the SEC relied on to arrive at these purported improvements.

If the SEC intends to continue to rely on CAT data in the future to justify rulemakings, it must create a mechanism for the public to review and evaluate the data in a manner that not only protects the data but also allows for public review of it, consistent with good government and the APA.  SIFMA would be happy to work with the SEC on creating such a mechanism.  Otherwise, the public check on the SEC’s exercise of its rulemaking authority will be eviscerated, exposing the SEC to continual APA challenges in the future.

Authors

Joe Corcoran

 

Joe Corcoran is a Managing Director and Associate General Counsel in the Capital Markets Group at SIFMA.

 

 

 

Gerald O’Hara is Vice President and Assistant General Counsel in SIFMA’s Capital Markets Group.

 

 

Footnotes

  1. We detail our FOIA request struggles with the SEC in a recently-submitted comment letter advocating for the SEC to analyze the state of execution quality using the updated Rule 605 statistics prior to adopting any changes to the current equity market structure.  See https://www.sifma.org/resources/submissions/regulation-nms-regulation-best-execution-and-order-competition-rule-sifma-and-sifma-amg/ []
  2. Interestingly, the response by the SEC FOIA office conflicts with SEC statements in its Rule 605 update adopting release, in which it stated in response to commenters’ requests for access to anonymized CAT data that, “[t]he Commission is not releasing anonymized subsets of CAT data used in connection with the [P]roposals, including CAT data used in connection with data and figures in the [Rule 605 update] Proposing -Release.” Disclosure of Order Execution Information, File No. S7-29-22, Release No. 34-99679 (Mar. 6, 2024), 89 FR 26428, 26433 (Apr. 15, 2024). []
  3. See Letter from Ellen Greene, SIFMA to FOIA Office, U.S. Securities and Exchange Commission (Feb. 8, 2023), at 8, (citing several cases unambiguously requiring federal agencies to make available data used to support rule proposals, such as Am. Med. Ass’n v. Reno, 57 F.3d 1129, 1133 (D.C. Cir. 1995) and Engine Mfrs. Ass’n v. EPA, 20 F.3d 1177, 1181 (D.C. Cir. 1994), available at https://www.sifma.org/wp-content/uploads/2023/02/Information-Regarding-the-Data-Relied-upon-by-the-Commission-in-Proposing-Certain-Commission-Rulemaking-Related-to-Market-Structure.pdf. []
  4. Proposed Amendments to the National Market System Plan Governing the Consolidated Audit Trail To Enhance Data Security, File No. S7-10-20, Release No. 34-89632 (Aug. 21, 2020), 85 FR 65990 (Oct. 16, 2020). []