Wednesday, November 16, 2016 7.48AM / ExchangeNews
The Securities and Exchange Commission today voted to approve a national market system (NMS) plan to create a single, comprehensive database known as the consolidated audit trail (CAT) that will enable regulators to more efficiently and thoroughly track all trading activity in the U.S. equity and options markets.
“With the approval and ultimate implementation of CAT, the Commission’s regulatory capacity strongly embraces 21st century technology, enabling the Commission and the SROs to harness data and technology to more effectively oversee market participants,” said SEC Chair Mary Jo White. “Through the CAT, regulators will have more timely access to a comprehensive set of trading data, enabling us to more efficiently and effectively conduct research, reconstruct market events, monitor market behavior, and identify and investigate misconduct.”
The NMS plan details the methods by which SROs and broker-dealers will record and report information, including the identity of the customer, resulting in a range of data elements that together provide the complete lifecycle of all orders and transactions in the U.S. equity and options markets. The NMS plan also sets forth how the data in the CAT will be maintained to ensure its accuracy, integrity and security.
The Commission modified several provisions of the NMS plan in response to public comments and recommendations from the SROs. For example:
Within two months of the approval of the NMS plan the SROs must select a plan processor to build and operate the CAT. SROs will be required to begin reporting to the CAT within one year of approval, with large broker-dealers following the next year and small broker-dealers the year after.
FACT SHEET - Approval of a National Market System Plan to Create a Consolidated Audit Trail
The Securities and Exchange Commission approved a national market system (NMS) plan to create a single, comprehensive database – a consolidated audit trail (CAT) – that would enable regulators to more efficiently and accurately track trading in equity and option securities throughout the U.S. markets. The plan, submitted jointly by the national securities exchanges and the Financial Industry Regulatory Authority (FINRA) to the Commission, would increase the effectiveness of market research and monitoring, event reconstruction, and the ability to identify and investigate market misconduct. The Commission made modifications to the original plan that would include strengthening security requirements, tightening synchronization standards and adding additional members to the governance committee.
Highlights of the Plan
Plan Processor and Central Repository
The CAT NMS plan provides that a plan processor would build a central repository that would receive, consolidate, and retain the trade and order data reported as part of the CAT. Among other things, the plan processor would be responsible for:
Data Recording and Reporting
The CAT NMS plan would apply to NMS securities, including options, as well as to over-the-counter equity securities. At the various stages in the lifecycle of an order—e.g., origination, routing, modification/ cancellation, and execution—the SROs and broker-dealers would be required to submit certain information about the order to the central repository, such as:
Generally, the CAT NMS plan would require the data to be recorded contemporaneously with the order event and reported to the central repository by 8:00 a.m. ET on the day following the event. The CAT NMS plan would also require CAT data to be time-stamped in increments as granular as those used by the SROs and broker-dealers for their order handling or execution systems, but with a minimum time stamp granularity of one millisecond for all order events except manual order events and the time of allocations (in which case, the time stamp granularity must be a minimum of one second).
Further, the CAT NMS plan would require broker-dealers to synchronize their business clocks to within 50 milliseconds of the time maintained by the National Institute of Standards and Technology (NIST). However, business clocks used for manual orders or the time of allocation would be able to be synchronized to within one second of the time maintained by the NIST. The plan has been amended by the Commission to require SROs to synchronize their business clocks to within 100 microseconds of the time maintained by the NIST and to assess industry standards for clock synchronization based on the type of market participant or system, rather than the industry as a whole, and reflect that refined assessment annually in a report submitted to the Commission.
The CAT NMS plan would set an initial maximum error rate of five percent for data reported to the central repository, subject to quality assurance testing, adjustments at each initial launch date for CAT reporters and periodic review by the operating committee. The CAT NMS plan also discusses a phased approach to lowering the maximum error rate for data reported to the central repository.
To assist in reducing the error rate, the plan would provide that the plan processor, among other things, measure and report errors, provide reports to the SROs and other reporters, define educational and support programs, and provide error correction tools.
The CAT NMS plan would also reflect exemptive relief from certain requirements of Rule 613 that the SEC previously granted. This exemptive relief provided the SROs with the flexibility to propose approaches in the CAT NMS plan that could potentially be more efficient and cost-effective than those required by Rule 613 without adversely affecting the reliability or accuracy of CAT data. Specifically, the exemptive relief permitted the SROs to propose, that:
The SROs propose to conduct the activities of the CAT through a not-for-profit Delaware limited liability company, which they would own jointly. An operating committee comprised of all the SROs—each with one vote—would manage the company. In addition, an advisory committee consisting of, among others, broker-dealers of various sizes and specialties, institutional investors, a service bureau that provides CAT reporting services, an academic who is a financial economist and a person with significant regulatory experience, would provide input to the operating committee.
Regulatory Access and Use
The CAT NMS plan would provide that the SROs and the Commission would have access to the data contained in the central repository for regulatory and oversight purposes. The CAT NMS plan provides that CAT data would be stored in a way that allows regulators to perform complex queries, such as reconstructing market events and the status of order books at various time intervals. Regulators would have access to CAT data through both an online targeted query tool and user-defined direct queries and bulk extracts.
Data Security and Confidentiality
The CAT NMS plan would establish data security requirements regarding connectivity and data transfer, encryption, storage, access, breach management, and personally identifiable information (PII). For example, all CAT data would be required to be encrypted both at-rest and in-flight and all data centers housing CAT systems would be required to be certified by a qualified and unaffiliated third-party auditor.
In addition, the plan processor would be required to comply with the NIST Cybersecurity Framework and the SROs would be required to maintain information security protocols with respect to their handling of CAT data that are as rigorous as those applicable to the central repository. An annual evaluation of the information security program would be required to ensure that the program is consistent with the highest industry standards for the protection of data. Additionally, the plan processor would be responsible for:
At the Commission, a cross-divisional steering committee of senior staff is being formed to design policies and procedures regarding Commission access to, use of, and protection of CAT data that will be comparable to those applicable to the SROs and their personnel and supplement the range of existing laws and standards applicable to Commission systems and employees.
Retirement of Duplicative Rules and Systems
As required by Rule 613, the CAT NMS plan contains a framework for eliminating rules and systems that would be rendered duplicative by the CAT, including identification of such rules and systems. The CAT NMS plan would state that the SROs have completed their analyses of systems identified for retirement and that the CAT would capture all necessary data to support the retirement of these systems. The amended plan would require the SROs to file rule change proposals to eliminate duplicative rules and systems within six months of plan approval. These proposals would provide that the retirement of any duplicative rules and systems would be effective when the CAT data meets minimum standards of accuracy and reliability.
On July 11, 2012, the SEC adopted Rule 613 of Regulation NMS under the Securities Exchange Act of 1934. Rule 613 requires the SROs to jointly submit an NMS plan to create, implement, and maintain a CAT that will capture—in a single, consolidated data source—customer and order event information for orders in NMS securities, across all markets, from the time of order inception through routing, cancellation, modification, or execution. Rule 613 outlines a broad framework for the CAT, including the minimum elements the SEC believes are necessary for an effective CAT, while allowing the SROs to draw upon their expertise to develop the details of the CAT. The SEC voted to publish the CAT NMS plan submitted by the SROs for public comment on April 27, 2016.
Within two months of SEC approval of the CAT NMS plan, the SROs would be required to select the plan processor through a two-round voting process in which each SRO has one vote.
Statement At Open Meeting: Order Approving The Consolidated Audit Trail National Market System Plan, SEC Chair Mary Jo White, Nov. 15, 2016
Good afternoon. This is an open meeting of the U.S. Securities and Exchange Commission on November 15, 2016, under the Government in the Sunshine Act. The Commission today is positioned to take significant action toward the reality of a consolidated audit trail (CAT) that will greatly advance the ability of regulators to oversee today’s sophisticated and constantly evolving securities markets. Specifically, the Commission will consider a staff recommendation to approve the national market system (NMS) Plan submitted jointly by the self-regulatory organizations (SROs), which the Commission voted to publish for public comment this past April, to create, implement and maintain the consolidated audit trail.
The import of today’s action cannot be overstated. With the approval and ultimate implementation of CAT, the Commission’s regulatory capacity strongly embraces 21st Century technology, enabling the Commission and the SROs to harness data and technology to more effectively oversee market participants.
Over the past 25 years, advancements in computing and communication technologies have transformed the way our securities markets operate. A broad range of market participants, including brokers-dealers, proprietary trading firms and institutional investors have invested significant resources in technologies that enable them to trade effectively across a range of trading venues and asset classes. As I have stated before, these advancements have resulted, generally, in significant improvements for both retail and institutional investors and for issuers seeking to raise capital. Regulators will now have state-of-the-art capabilities to ensure that our capital markets remain the most robust and reliable in the world.
The CAT NMS Plan that we are considering today is designed to substantially improve essential audit trail information by providing a comprehensive, centralized database of timely and accurate information about all orders entered and trades executed across the U.S. securities markets, for both equities and options. The plan before us today represents the culmination of years of effort on the part of the Commission and the SROs, with vital contributions from all segments of market participants that trade in our equity and options markets.
With the implementation of the CAT, regulators will have access to complete and integrated audit trail data that, critically, includes the identities of the customers trading in these markets. The expected benefits of the CAT for regulators include improving our ability to conduct market research, reconstruct market events, monitor market behavior, and identify and investigate market misconduct.
As required by Rule 613, the CAT NMS Plan addresses how audit trail data will be reported by the exchanges and broker-dealers, collected by a central repository, consolidated, and then made available to regulators. The Plan also articulates the minimum standards to ensure the timeliness, accuracy, and security of the data; the duties and obligations of the Plan Processor, which will be the entity that runs the day-to-day operations of the CAT; financial matters, including a description of how the SROs intend to structure the fees associated with the CAT; and the governance of the CAT NMS Plan, through an Operating Committee, with input from a broad-based Advisory Committee.
In April, when the Commission voted to publish the CAT NMS Plan for public comment, I stressed the importance of our hearing the views of a wide range of market participants, investors, and others on whether the design of the CAT system contemplated by the Plan would fully meet the needs of regulators in a cost-effective and efficient manner, while also protecting the sensitive information that will be collected by the CAT system. To facilitate that process, the Commission’s Notice of the CAT NMS Plan included a detailed preliminary economic analysis, with a discussion of the economic effects, including the benefits and costs, of the proposed Plan, the likely effects on competition, efficiency and capital formation, as well as potential alternatives.
In response to the publication of the CAT NMS Plan, the Commission received significant and helpful feedback from a wide variety of stakeholders, including broker-dealers, technology providers, exchanges, academics, investors, and industry organizations. Commenters addressed a range of issues, including the security and confidentiality of CAT data, especially of personally identifiable information, (or “PII”); the governance structure of the CAT NMS Plan; the cost and funding of the CAT central data repository; the clock synchronization standard applicable to CAT reporters; and the timing of the retirement of duplicative regulatory reporting systems.
The SROs have responded to commenters and, in many instances, recommended amendments to the CAT NMS Plan. And the Plan being considered by the Commission today incorporates several changes recommended either by the SROs or by the Commission itself. I will highlight several important ones.
Cybersecurity is of paramount importance, as the CAT will be one of the largest financial databases in the world and will contain sensitive customer information. Information security was an area of focus of many commenters and is a particularly important priority for me as well. The Plan being considered today has been amended in several ways to provide for even more robust information security standards to enhance the integrity of the information stored in this database.
Among other things, the Plan has been amended to require that all CAT data at the central repository be encrypted at-rest and in-transit. Changes have also been made to require that all data be handled consistently with the full NIST Cyber Security Framework. And, given that the SROs will also be accessing data for regulatory purposes using their own technologies, the Plan has been amended to mandate that the SROs maintain information security programs with respect to their handling of CAT data that are at least as rigorous as those applicable to the central repository.
I also want to underscore that the Commission is also very closely focused on information security with respect to its own interaction with CAT. As will be explained in more detail by our General Counsel and Director of Trading and Markets shortly, the Commission and its staff are subject to a range of federal regulations and Commission rules and policies regarding the security and confidentiality of information that we receive and maintain, and we will be supplementing these important safeguards with additional comprehensive protocols that are specifically tailored to the Commission’s CAT program. Finally, the Plan has been amended to require an annual assessment of CAT technology and information security protocols in order to ensure that it continues to be held to the highest of standards.
The clock synchronization standards of the Plan have also been amended in significant ways that will enhance the accuracy of the information contained in the CAT database going forward. While the proposed plan would have required an across-the-board clock synchronization standard for all CAT reporters of within 50 milliseconds of the time maintained by NIST, the amended Plan tightens the clock synchronization standards for the SROs to within 100 microseconds of that time. This will enable regulators to better sequence order events across multiple markets in the first stage of CAT implementation, as the SROs become the first market participants required to report CAT data.
The Plan has also been amended to reflect that one clock synchronization standard does not necessarily fit all market participants. In particular, SROs will be required under the amended Plan to assess industry standards for clock synchronization based on the type of market participant or system, rather than the industry as a whole, and to reflect that refined assessment annually in a report submitted to the Commission.
These changes should result in further refinement to database accuracy in the future, potentially prior to the second phase of reporting by broker-dealers, which is set to begin one year after the SROs begin reporting.
There have also been a range of changes to other Plan provisions. The governance structure of the CAT NMS Plan has been enhanced by broadening representation on the Advisory Committee to include an additional representative of institutional investors and a representative of service bureaus and by requiring that Commission representatives be permitted to participate in all Operating Committee meeting, whether held in Executive Session or not. The funding model has also been improved by eliminating the double-counting of alternative trading system volumes for purposes of assessing fees. And a more rigorous approach has been taken with respect to the retirement of costly duplicative systems, by amending the Plan to shorten the deadline for the SROs to submit proposals to retire regulatory data reporting systems that will be rendered obsolete by the CAT.
Finally, the Plan has been amended to require the SROs to provide annual written assessments to the Commission on a range of important issues that are critical to ensuring a secure and updated CAT going forward. Importantly, the annual assessments will include an evaluation of potential technology upgrades, which will be informed by technological expertise, and an evaluation of the information security protocols to ensure that the CAT is operated consistently with the highest industry standards.
As I have mentioned on many occasions, implementing a robust consolidated audit trail in an efficient, timely and cost-effective manner is an enormous undertaking that has been, and will continue to be, one of the Commission’s highest priorities to complete, maintain and enhance. The comprehensive action the Commission is taking today is the result of a collective effort by the Commission staff, the exchanges, FINRA and a host of market participants that invested extensive time and energy into this project.
Before I ask Steve Luparello, Director of the Division of Trading and Markets, to discuss the NMS Plan, and Amy Edwards to discuss the economic analysis, I would like to thank Steve and his Deputy Director, Gary Goldsholle, for their leadership on this matter, as well as their counsels, Carl Emigholz, Moshe Rothman and Devin Ryan. I also would like to highly commend the Trading and Markets team: David Shillman, David Hsu, Natasha Greiner, Mark Donohue, Steve Samson, Rebekah Liu, Jennifer Colihan, Leigh Duffy, John Lee, Ted Uliassi and Susan Poklemba. From the Division of Economic and Risk Analysis, I would like to thank Amy, our Chief Economist Mark Flannery, Vanessa Countryman, Laura Tuttle, Claire O’Sullivan, Salil Pachare, Austin Gerig, John Cook, Woodrow Johnson, Jonathan Hershaff, Lindsay Shipman, Helen Bowers, Ilia Rainer, Margarita Brose, and Anzhela Knyazeva. My thanks also to Andrew Krug, the Commission’s Chief Information Security Officer.
Many thanks as well to Annie Small, Meridith Mitchell, Tracey Hardin, Cynthia Ginsberg, Melinda Hardy, Maureen Johansen, Daniel Matro, Josephine Morse, John Sholar and Jeffrey Walker of the Office of General Counsel.
In addition, I would like to thank many other staff throughout the agency for their contributions, including John Polise and Connie Kiggins from the Office of Compliance Inspections and Examinations; Mandy Sturmfelz, Rosemary Filou, and Wendy Kong from the Division of Enforcement.
Finally, I would like to express my gratitude to my fellow Commissioners and their counsel for their continuing hard work and dedication to bringing the consolidated audit trail to completion.
Now, I will turn the meeting over to Steve Luparello to provide an explanation of the staff’s recommendation on the CAT plan.
 See Securities Exchange Act Release No. 77724 (Apr. 27, 2016), available at https://www.sec.gov/rules/sro/nms/2016/34-77724.pdf.
 See SEC Chair Mary Jo White, Statement at an Open Meeting on a Notice of the Consolidated Audit Trail National Market System Plan (Apr. 27, 2016), available at https://www.sec.gov/news/statement/chair-white-open-meeting-042716.html; SEC Chair Mary Jo White, Enhancing Our Equity Market Structure (June 5, 2014), available at https://www.SEC.GOG42004312.
1. SEC Chair Mary Jo White Announces Departure Plans – Nov 15, 2016