Washington, DC, November 30, 2017 –  SIFMA today announced that Lisa Dolly, chief executive officer of BNY Mellon’s Pershing LLC, and SIFMA board member, testified on SIFMA’s behalf before the House Financial Services Subcommittee on Capital Markets, Securities and Investments at a hearing entitled “Implementation and Cybersecurity Protocols of the Consolidated Audit Trail (CAT).” The full written testimony submitted for the record can be found here. 

SIFMA’s testimony notes that the Subcommittee’s review of the challenges investors, broker-dealers, exchanges, and regulators face with the CAT is incredibly important and timely.  SIFMA believes that a successfully designed and implemented CAT could be a critical aspect of market infrastructure and regulation.  However, the implementation issues SIFMA members have identified over the past few months and years remain largely unaddressed or incomplete to the potential detriment of tens of millions of investors, and must be addressed. SIFMA’s testimony focuses on three key areas:

Sensitive Information and Data Security
The CAT will be the world’s largest data repository for securities transactions, and one of the world’s largest databases of any type. Every day the system will take in 58 billion records – orders, executions and quotes for the equities and options markets – and will maintain data on over 100 million institutional and retail accounts and their unique customer personally identifiable information (PII).  Collecting that information in the CAT creates tremendous risk in the event of a breach.

The current CAT development plan raises serious concerns around data protection and the ability to confidently secure the critical information it will contain.  At the outset, the Securities and Exchange Commission (SEC) and the self-regulatory organizations (SROs) should study and make the case that the CAT’s collection, storage, and use of PII and identifiable proprietary trading information is required for effective surveillance.

Further, the CAT plan should be amended to prohibit downloading data from the CAT. Under the current plan, up to 3,000 individual users from the SROs and SEC will have downloadable access to all CAT data. Instead, SIFMA suggests a sandbox approach – under which the SEC and the SROs access data from within the CAT data security perimeter so that no data ever leaves that perimeter.

Implementation and Operational Hurdles
From the time of its adoption, there has been an overly aggressive implementation timeline for the CAT.  Clearly, the implementation schedule must be revisited. A reasonable timeframe can only be determined once Thesys has published all the final technical specifications for the reporting of both trading and customer information.

The implementation schedule must be designed to provide iterative testing and communications between broker-dealers and Thesys in terms of developing and executing final system specifications and to promptly resolve any open issues.

It is evident that the SROs require assistance with the technical specifications for broker-dealers.  These detailed technical specifications should be released in draft versions to allow for robust iterative feedback from broker-dealers.  Once the specifications are finalized, broker-dealers should be given a minimum of twelve months to complete the requirements.  Mandatory testing should then be required. This should be followed by a trial, phased implementation approach with equities in the first tranche, allowing the industry time to perform error corrections. It is also imperative to ensure timely retirement of redundant reporting systems.

SROs’ CAT Funding Model
The SROs have proposed a funding model for CAT that would impose a vast majority of the building and operational costs on broker-dealers, without providing any real justification or information about their current receipt and use of regulatory fees from broker-dealers.  This approach is particularly troublesome given that the SROs include the for-profit exchanges, which have built the funding model to benefit their own commercial interests at the expense of the broker-dealers they regulate and with which they compete.

The SEC shared SIFMA’s concerns and suspended the fees while considering whether to approve or disapprove the proposals.  In the meantime, the SROs have responded to some of the industry’s concerns about the applicability of the fees and amended the proposals.  However, the SROs’ funding model for CAT continues to be based on imposing 75% of the total costs to broker-dealers.

Other Concerns
SIFMA’s testimony further notes its members’ ongoing concern with the lack of broker-dealer input to the CAT development process, which has led to a CAT plan with a flawed governance structure, insufficient protocols for the elimination of redundant systems and a flawed funding model, among other issues. Going forward, a true collaboration among industry participants, the SROs, and Thesys will provide the opportunity for the CAT to be informed by the insights and interests of all the affected market participants at a time when they can be readily incorporated without delaying or impeding a successful CAT construction and implementation.  There is still time to get this right.

SIFMA’s written testimony further outlines its views.

-30-

 

SIFMA is the voice of the U.S. securities industry. We represent the broker-dealers, banks and asset managers whose nearly 1 million employees provide access to the capital markets, raising over $2.5 trillion for businesses and municipalities in the U.S., serving clients with over $18.5 trillion in assets and managing more than $67 trillion in assets for individual and institutional clients including mutual funds and retirement plans. SIFMA, with offices in New York and Washington, D.C., is the U.S. regional member of the Global Financial Markets Association (GFMA). For more information, visit http://www.sifma.org.