Additional Comments on NASAA’s Re-proposal of Revisions to its Model Rule
SIFMA provided additional comments to the North American Securities Administrators Association, Inc. (NASAA) on the re-proposal of revisions to its…
June 4, 2020
The Honorable Jay Clayton
Chairman
U.S. Securities and Exchange Commission
100 F Street NE
Washington, DC 20549
Re: Data Security Questions by Chairman Clayton on the Consolidated Audit Trail
Dear Chairman Clayton:
The Securities Industry and Financial Markets Association (“SIFMA”)1 is pleased to offer input on the data security questions that you posed on March 17, 2020 to the Staff of the Securities and Exchange Commission (“SEC” or “Commission”) regarding the consolidated audit trail (“CAT”).2 You have asked the Staff to consider these questions in connection with preparing a recommendation this year for the Commission on improving the data security requirements in the CAT NMS Plan (“Plan”). SIFMA has long supported the development of the CAT and believes that it will be a critical addition to the current market infrastructure, providing a significant resource to track equity and options trading activity across markets.
While the recent steps to protect certain personally identifiable information (“PII”) of retail customers are designed to address significant, long-standing concerns, SIFMA continues to have serious concerns about the need for and security of customer data provided to and maintained in the CAT.3 You and others have recognized more should be done by the selfregulatory organizations (“SROs”) as the developers and operators of the CAT to protect the CAT Data maintained within the CAT System.4 Keeping CAT Data secure and confidential is of primary importance not only to the efficacy of the CAT System itself, but also to theconfidence of market participants. As SIFMA has stated previously, it is imperative that the CAT be held to the highest security standards and it is incumbent upon the Commission to ensure that those standards are clearly enunciated, established and implemented.5 To that end,
SIFMA is sharing with the Commission its input on the following CAT Data security questions posed to the Commission staff. We would very much appreciate receiving and reviewing the SROs’ input on these questions as well to the extent they have provided such input.