Data Security for the CAT
Summary
SIFMA, SIFMA AMG, and MFA provided comments to the CAT on the Consolidated Audit Trail’s Customer and Account Information System. The member firms remain extremely concerned with data protection within the CAT system.
Excerpt
February 4, 2022
Mr. Michael Simon
Chair, Operating Committee
Consolidated Audit Trail, LLC
Re: Data Security for the Consolidated Audit Trail
Dear Mr. Simon:
As we approach the July 11, 2022, implementation date of the Consolidated Audit Trail’s Customer and Account Information System, the membership of the Securities Industry and Financial Market Association (“SIFMA”) SIFMA, SIFMA AMG, and MFA member firms remain extremely concerned with data protection within the CAT system. We share your interests in maintaining the strict confidentiality of data collected through CAT and welcome the opportunity to share with you our member firms’ collective expertise with respect to data protection and evolving industry standards and practices regarding data security. To ensure the CAT data set allows for appropriate regulatory use but also is subject to best-in-class data protection standards for the proprietary trading strategies (i.e., Intellectual Property) of our membership, SIFMA, SIFMA AMG, and MFA (together, the Associations) urge you to provide much greater transparency into the specific data security standards deployed by FINRA CAT and the CAT NMS Plan in seven key areas set forth below. We welcome further information regarding these seven key areas that can be made available to all industry members. We also welcome an opportunity to discuss with you in greater detail the security protocols regarding the Intellectual Property of our member firms and their clients.
In summary, the aggregation of trade data in the CAT, complete with Firm Designated IDs (FDID) associated with each trade, creates a highly proprietary database subject to a broad threat profile. We note that there are entities within the federal government accustomed to dealing with very large electronic databases that are meant to be kept secret and secure from external threat. We strongly believe that FINRA CAT should look to this model to fully leverage the best-in-class information security infrastructure employed by the federal government as well as by certain companies in the private sector. We further believe that FINRA CAT should look to adopt the security initiatives from then Commission’s August 2020 proposal on CAT data security, even in the absence of the Commission adoption of this proposal, as these initiatives would greatly enhance the security of CAT data.