The CAT’s principal purpose is to enhance regulatory oversight of our securities markets.  Our equities and options markets operate through multiple exchanges and other trading venues, and the CAT is designed to facilitate cross-market oversight and analysis, thereby improving market integrity and investor protection. As discussed below, the proposal and our recent efforts with respect to CAT represent further steps towards our continued goal of implementing a secure CAT in a timely manner that efficiently achieves its regulatory purpose.

Enhancing CAT Data Security

Today’s proposal seeks to accomplish a number of security-enhancing goals including: (1) providing greater oversight, consistency and transparency regarding the appropriate use of CAT data, (2) requiring use of secure analytic workspaces (SAWs) for the analysis of large data sets permitting exceptions only when non-SAW environments are subject to third party security assessments and monitoring, (3) incorporating specific restrictions for the access and analysis of customer and account information including required use of the SAW and a defined workflow, (4) removing sensitive PII from CAT reporting requirements in accordance with the March 2020 PII Exemption Order[2] in order to bring greater certainty to market participants that CAT reporting requirements do not include social security numbers, account numbers and dates of birth, and (5) preserving and enhancing existing security requirements.[3]

The net result of these changes would be a more secure CAT, operating without sensitive PII. Importantly, these changes would not affect the regulatory value of CAT. While these improvements are substantial, they should not represent the conclusion of the Commission’s consideration of the sufficiency of CAT’s data security. It is important that the Commission, the SROs, and the plan processor continuously evaluate the approach to the protection of customer and other sensitive data, as development and operation of the CAT proceeds, including in light of changing circumstances.

CAT Implementation Progress

The 2016 CAT NMS Plan set forth deadlines for the CAT’s implementation beginning in November 2017, but the SROs were unable to implement an operational CAT by the timelines established in the original Plan or subsequent deadlines. Given the importance of CAT for the securities markets, addressing these delays has been a particular focus of ours,[4]  along with staff in the Division of Trading and Markets as well as our other divisions and offices.[5] That collective focus has resulted in a series of Commission actions designed to help move CAT from concept to reality.

More specifically, the Commission has issued several exemptive orders,[6] and CAT has an established timeline for broker-dealer reporting and several operational issues have been addressed. Additionally, with the Commission’s approval of the financial accountability amendments[7] in May 2020, the SROs will be working towards meeting four critical implementation milestones that include regulator and reporter functionality, and will have financial accountability if deadlines are not met.

We are pleased to report that we have seen concrete progress with respect to CAT implementation in recent months. The SROs and the industry have achieved key milestones, including the start of equities reporting on June 22, 2020 and the start of options reporting on July 20, 2020. While we are encouraged by this progress, substantial work remains, and we will continue to work with the SROs and industry participants in their efforts to meet future implementation and financial accountability milestones within the required error rates.

One of the outcomes of CAT implementation that has been discussed is the enhanced availability of cross-market order lifecycle data. This enhancement, as a matter of operational capability, will enable multiple SROs to have access to cross-market data previously unavailable to them. While a number of factors may impact the availability and use of cross-market data, including existing regulatory coordination agreements and security considerations, regulatory coordination may evolve over time. We remain receptive to feedback and recommendations on regulatory coordination among the SROs.

Conclusion

We believe today’s proposal on CAT data security is a significant step towards further enhancing the security of CAT data and systems as well as the development and implementation of the CAT more generally. As we move forward with CAT implementation, we hope to see the progress made over the past several months continue, including as a result of constructive efforts among SROs and industry participants partnering to meet future milestones and establish an operational and secure CAT.

ENDNOTES