Proshare - Facebook Proshare - Twitter Proshare - Google+ Proshare - Linked In Proshare - RSS Feed

US SEC Approves Plan To Create Consolidated Audit Trail For Tracking Markets

Proshare

Wednesday, November 16, 2016 7.48AM / ExchangeNews

The Securities and Exchange Commission today voted to approve a national market system (NMS) plan to create a single, comprehensive database known as the consolidated audit trail (CAT) that will enable regulators to more efficiently and thoroughly track all trading activity in the U.S. equity and options markets. 

“With the approval and ultimate implementation of CAT, the Commission’s regulatory capacity strongly embraces 21st century technology, enabling the Commission and the SROs to harness data and technology to more effectively oversee market participants,” said SEC Chair Mary Jo White.  “Through the CAT, regulators will have more timely access to a comprehensive set of trading data, enabling us to more efficiently and effectively conduct research, reconstruct market events, monitor market behavior, and identify and investigate misconduct.”

The NMS plan details the methods by which SROs and broker-dealers will record and report information, including the identity of the customer, resulting in a range of data elements that together provide the complete lifecycle of all orders and transactions in the U.S. equity and options markets.  The NMS plan also sets forth how the data in the CAT will be maintained to ensure its accuracy, integrity and security.

The Commission modified several provisions of the NMS plan in response to public comments and recommendations from the SROs.  For example:

  • The Commission strengthened several of the data security requirements of the NMS plan, including with respect to personally identifiable information.
  • Tightened the clock synchronization standards for SROs to within 100 microseconds of the time maintained by the National Institute of Standards and Technology to enable regulators to better sequence order events across multiple exchanges and required the SROs to assess industry standards for clock synchronization based on the type of market participant or system, rather than the industry as a whole, and reflect that refined assessment annually in a report submitted to the Commission.
  • Enhanced the CAT plan governance by expanding the membership of the advisory committee to include an additional institutional investor representative and a representative of a service bureau that provides CAT reporting services.
  • Accelerated the deadline for the SROs to submit proposals to retire regulatory data reporting systems that will be rendered obsolete by CAT, to reduce the burden on broker-dealers of reporting to multiple systems.

Within two months of the approval of the NMS plan the SROs must select a plan processor to build and operate the CAT.  SROs will be required to begin reporting to the CAT within one year of approval, with large broker-dealers following the next year and small broker-dealers the year after.

FACT SHEET - Approval of a National Market System Plan to Create a Consolidated Audit Trail

Action
The Securities and Exchange Commission approved a national market system (NMS) plan to create a single, comprehensive database – a consolidated audit trail (CAT) – that would enable regulators to more efficiently and accurately track trading in equity and option securities throughout the U.S. markets.  The plan, submitted jointly by the national securities exchanges and the Financial Industry Regulatory Authority (FINRA) to the Commission, would increase the effectiveness of market research and monitoring, event reconstruction, and the ability to identify and investigate market misconduct.  The Commission made modifications to the original plan that would include strengthening security requirements, tightening synchronization standards and adding additional members to the governance committee.

Highlights of the Plan

Plan Processor and Central Repository

The CAT NMS plan provides that a plan processor would build a central repository that would receive, consolidate, and retain the trade and order data reported as part of the CAT.  Among other things, the plan processor would be responsible for:

  • Operating, maintaining, and upgrading the central repository
  • Ensuring the security and confidentiality of all data reported to the central repository
  • Publishing technical specifications containing detailed instructions for the submission of data by the self-regulatory organizations (SROs) and broker-dealers to the central repository

 

Data Recording and Reporting

The CAT NMS plan would apply to NMS securities, including options, as well as to over-the-counter equity securities.  At the various stages in the lifecycle of an order—e.g., origination, routing, modification/ cancellation, and execution—the SROs and broker-dealers would be required to submit certain information about the order to the central repository, such as:

  • A unique identifier, provided by the broker-dealer, for the customer submitting the order
  • An identifier for the broker-dealer originating, receiving, routing, or executing the order
  • The date and time of the order event
  • The security symbol, price, size, order type, and other material terms of the order

 

Generally, the CAT NMS plan would require the data to be recorded contemporaneously with the order event and reported to the central repository by 8:00 a.m. ET on the day following the event.  The CAT NMS plan would also require CAT data to be time-stamped in increments as granular as those used by the SROs and broker-dealers for their order handling or execution systems, but with a minimum time stamp granularity of one millisecond for all order events except manual order events and the time of allocations (in which case, the time stamp granularity must be a minimum of one second). 

Further, the CAT NMS plan would require broker-dealers to synchronize their business clocks to within 50 milliseconds of the time maintained by the National Institute of Standards and Technology (NIST).  However, business clocks used for manual orders or the time of allocation would be able to be synchronized to within one second of the time maintained by the NIST.  The plan has been amended by the Commission to require SROs to synchronize their business clocks to within 100 microseconds of the time maintained by the NIST and to assess industry standards for clock synchronization based on the type of market participant or system, rather than the industry as a whole, and reflect that refined assessment annually in a report submitted to the Commission.

The CAT NMS plan would set an initial maximum error rate of five percent for data reported to the central repository, subject to quality assurance testing, adjustments at each initial launch date for CAT reporters and periodic review by the operating committee.  The CAT NMS plan also discusses a phased approach to lowering the maximum error rate for data reported to the central repository.

To assist in reducing the error rate, the plan would provide that the plan processor, among other things, measure and report errors, provide reports to the SROs and other reporters, define educational and support programs, and provide error correction tools.

The CAT NMS plan would also reflect exemptive relief from certain requirements of Rule 613 that the SEC previously granted.  This exemptive relief provided the SROs with the flexibility to propose approaches in the CAT NMS plan that could potentially be more efficient and cost-effective than those required by Rule 613 without adversely affecting the reliability or accuracy of CAT data.  Specifically, the exemptive relief permitted the SROs to propose, that:

  • Only options exchanges—but not options market makers—would be required to report information to the central repository regarding options market maker quotations
  • Instead of requiring a broker-dealer to report a unique customer identifier for each customer for all orders, each broker-dealer would assign a unique firm-designated identifier (FDI) to each trading account.  Broker-dealers would be permitted to use an account number or any other identifier defined by the firm as the FDI, provided each identifier is unique across the firm for each business date.  Using the FDI as well as other information identifying a customer, the plan processor would then assign a unique customer identifier for each customer.
  • Instead of requiring a universal identifier for each broker-dealer reporting data to the CAT, a broker-dealer could use its existing SRO-assigned market participant identifier.  The plan processor would then assign a unique identifier for each reporting broker-dealer.
  • Instead of requiring broker-dealers to link a particular order or execution to an allocation, a broker-dealer could provide an allocation report that focuses on the shares allocated and the FDI of the applicable accounts or subaccounts
  • Instead of requiring the receipt of manual orders to be time-stamped to the millisecond, a time stamp to the nearest second would be permitted while all other orders will still be required to be time-stamped to the millisecond.

 

Governance
The SROs propose to conduct the activities of the CAT through a not-for-profit Delaware limited liability company, which they would own jointly.  An operating committee comprised of all the SROs—each with one vote—would manage the company.  In addition, an advisory committee consisting of, among others, broker-dealers of various sizes and specialties, institutional investors, a service bureau that provides CAT reporting services, an academic who is a financial economist and a person with significant regulatory experience, would provide input to the operating committee.

Regulatory Access and Use
The CAT NMS plan would provide that the SROs and the Commission would have access to the data contained in the central repository for regulatory and oversight purposes.  The CAT NMS plan provides that CAT data would be stored in a way that allows regulators to perform complex queries, such as reconstructing market events and the status of order books at various time intervals.  Regulators would have access to CAT data through both an online targeted query tool and user-defined direct queries and bulk extracts.

Data Security and Confidentiality
The CAT NMS plan would establish data security requirements regarding connectivity and data transfer, encryption, storage, access, breach management, and personally identifiable information (PII).  For example, all CAT data would be required to be encrypted both at-rest and in-flight and all data centers housing CAT systems would be required to be certified by a qualified and unaffiliated third-party auditor.

In addition, the plan processor would be required to comply with the NIST Cybersecurity Framework and the SROs would be required to maintain information security protocols with respect to their handling of CAT data that are as rigorous as those applicable to the central repository.  An annual evaluation of the information security program would be required to ensure that the program is consistent with the highest industry standards for the protection of data.  Additionally, the plan processor would be responsible for:

  • Requiring individuals with access to the central repository to agree to use CAT data only for appropriate surveillance and regulatory activities and to employ safeguards to protect the confidentiality of CAT data
  • Developing a comprehensive information security program as well as a training program that addresses the security and confidentiality of all information accessible from the CAT
  • Designating one of its employees as Chief Information Security Officer (CISO), who would be responsible for creating and enforcing appropriate policies, procedures, and control structures regarding data security.  The CISO would also review the information security policies and procedures of the SROs and report, in consultation with the CISO, any deficiencies to the operating committee if the issue is not promptly addressed by the SRO.

 

At the Commission, a cross-divisional steering committee of senior staff is being formed to design policies and procedures regarding Commission access to, use of, and protection of CAT data that will be comparable to those applicable to the SROs and their personnel and supplement the range of existing laws and standards applicable to Commission systems and employees. 

Retirement of Duplicative Rules and Systems
As required by Rule 613, the CAT NMS plan contains a framework for eliminating rules and systems that would be rendered duplicative by the CAT, including identification of such rules and systems. The CAT NMS plan would state that the SROs have completed their analyses of systems identified for retirement and that the CAT would capture all necessary data to support the retirement of these systems.  The amended plan would require the SROs to file rule change proposals to eliminate duplicative rules and systems within six months of plan approval.  These proposals would provide that the retirement of any duplicative rules and systems would be effective when the CAT data meets minimum standards of accuracy and reliability.

Background
On July 11, 2012, the SEC adopted Rule 613 of Regulation NMS under the Securities Exchange Act of 1934.  Rule 613 requires the SROs to jointly submit an NMS plan to create, implement, and maintain a CAT that will capture—in a single, consolidated data source—customer and order event information for orders in NMS securities, across all markets, from the time of order inception through routing, cancellation, modification, or execution.  Rule 613 outlines a broad framework for the CAT, including the minimum elements the SEC believes are necessary for an effective CAT, while allowing the SROs to draw upon their expertise to develop the details of the CAT.  The SEC voted to publish the CAT NMS plan submitted by the SROs for public comment on April 27, 2016.


What’s Next?
Within two months of SEC approval of the CAT NMS plan, the SROs would be required to select the plan processor through a two-round voting process in which each SRO has one vote.

Statement At Open Meeting: Order Approving The Consolidated Audit Trail National Market System Plan, SEC Chair Mary Jo White, Nov. 15, 2016

Good afternoon.  This is an open meeting of the U.S. Securities and Exchange Commission on November 15, 2016, under the Government in the Sunshine Act.  The Commission today is positioned to take significant action toward the reality of a consolidated audit trail (CAT) that will greatly advance the ability of regulators to oversee today’s sophisticated and constantly evolving securities markets.  Specifically, the Commission will consider a staff recommendation to approve the national market system (NMS) Plan submitted jointly by the self-regulatory organizations (SROs), which the Commission voted to publish for public comment this past April,[1] to create, implement and maintain the consolidated audit trail.

The import of today’s action cannot be overstated.  With the approval and ultimate implementation of CAT, the Commission’s regulatory capacity strongly embraces 21st Century technology, enabling the Commission and the SROs to harness data and technology to more effectively oversee market participants. 

Over the past 25 years, advancements in computing and communication technologies have transformed the way our securities markets operate.  A broad range of market participants, including brokers-dealers, proprietary trading firms and institutional investors have invested significant resources in technologies that enable them to trade effectively across a range of trading venues and asset classes.  As I have stated before, these advancements have resulted, generally, in significant improvements for both retail and institutional investors and for issuers seeking to raise capital.[2]  Regulators will now have state-of-the-art capabilities to ensure that our capital markets remain the most robust and reliable in the world.

The CAT NMS Plan that we are considering today is designed to substantially improve essential audit trail information by providing a comprehensive, centralized database of timely and accurate information about all orders entered and trades executed across the U.S. securities markets, for both equities and options.  The plan before us today represents the culmination of years of effort on the part of the Commission and the SROs, with vital contributions from all segments of market participants that trade in our equity and options markets. 

With the implementation of the CAT, regulators will have access to complete and integrated audit trail data that, critically, includes the identities of the customers trading in these markets.  The expected benefits of the CAT for regulators include improving our ability to conduct market research, reconstruct market events, monitor market behavior, and identify and investigate market misconduct.

As required by Rule 613, the CAT NMS Plan addresses how audit trail data will be reported by the exchanges and broker-dealers, collected by a central repository, consolidated, and then made available to regulators.  The Plan also articulates the minimum standards to ensure the timeliness, accuracy, and security of the data; the duties and obligations of the Plan Processor, which will be the entity that runs the day-to-day operations of the CAT; financial matters, including a description of how the SROs intend to structure the fees associated with the CAT; and the governance of the CAT NMS Plan, through an Operating Committee, with input from a broad-based Advisory Committee.

In April, when the Commission voted to publish the CAT NMS Plan for public comment, I stressed the importance of our hearing the views of a wide range of market participants, investors, and others on whether the design of the CAT system contemplated by the Plan would fully meet the needs of regulators in a cost-effective and efficient manner, while also protecting the sensitive information that will be collected by the CAT system.  To facilitate that process, the Commission’s Notice of the CAT NMS Plan included a detailed preliminary economic analysis, with a discussion of the economic effects, including the benefits and costs, of the proposed Plan, the likely effects on competition, efficiency and capital formation, as well as potential alternatives.

In response to the publication of the CAT NMS Plan, the Commission received significant and helpful feedback from a wide variety of stakeholders, including broker-dealers, technology providers, exchanges, academics, investors, and industry organizations.  Commenters addressed a range of issues, including the security and confidentiality of CAT data, especially of personally identifiable information, (or “PII”); the governance structure of the CAT NMS Plan; the cost and funding of the CAT central data repository; the clock synchronization standard applicable to CAT reporters; and the timing of the retirement of duplicative regulatory reporting systems. 

The SROs have responded to commenters and, in many instances, recommended amendments to the CAT NMS Plan.  And the Plan being considered by the Commission today incorporates several changes recommended either by the SROs or by the Commission itself.  I will highlight several important ones.

Cybersecurity is of paramount importance, as the CAT will be one of the largest financial databases in the world and will contain sensitive customer information.  Information security was an area of focus of many commenters and is a particularly important priority for me as well.  The Plan being considered today has been amended in several ways to provide for even more robust information security standards to enhance the integrity of the information stored in this database. 

Among other things, the Plan has been amended to require that all CAT data at the central repository be encrypted at-rest and in-transit.  Changes have also been made to require that all data be handled consistently with the full NIST Cyber Security Framework.  And, given that the SROs will also be accessing data for regulatory purposes using their own technologies, the Plan has been amended to mandate that the SROs maintain information security programs with respect to their handling of CAT data that are at least as rigorous as those applicable to the central repository. 

I also want to underscore that the Commission is also very closely focused on information security with respect to its own interaction with CAT.  As will be explained in more detail by our General Counsel and Director of Trading and Markets shortly, the Commission and its staff are subject to a range of federal regulations and Commission rules and policies regarding the security and confidentiality of information that we receive and maintain, and we will be supplementing these important safeguards with additional comprehensive protocols that are specifically tailored to the Commission’s CAT program.  Finally, the Plan has been amended to require an annual assessment of CAT technology and information security protocols in order to ensure that it continues to be held to the highest of standards. 

The clock synchronization standards of the Plan have also been amended in significant ways that will enhance the accuracy of the information contained in the CAT database going forward.  While the proposed plan would have required an across-the-board clock synchronization standard for all CAT reporters of within 50 milliseconds of the time maintained by NIST, the amended Plan tightens the clock synchronization standards for the SROs to within 100 microseconds of that time.  This will enable regulators to better sequence order events across multiple markets in the first stage of CAT implementation, as the SROs become the first market participants required to report CAT data.  

The Plan has also been amended to reflect that one clock synchronization standard does not necessarily fit all market participants.  In particular, SROs will be required under the amended Plan to assess industry standards for clock synchronization based on the type of market participant or system, rather than the industry as a whole, and to reflect that refined assessment annually in a report submitted to the Commission. 

These changes should result in further refinement to database accuracy in the future, potentially prior to the second phase of reporting by broker-dealers, which is set to begin one year after the SROs begin reporting.   

There have also been a range of changes to other Plan provisions.  The governance structure of the CAT NMS Plan has been enhanced by broadening representation on the Advisory Committee to include an additional representative of institutional investors and a representative of service bureaus and by requiring that Commission representatives be permitted to participate in all Operating Committee meeting, whether held in Executive Session or not.  The funding model has also been improved by eliminating the double-counting of alternative trading system volumes for purposes of assessing fees.  And a more rigorous approach has been taken with respect to the retirement of costly duplicative systems, by amending the Plan to shorten the deadline for the SROs to submit proposals to retire regulatory data reporting systems that will be rendered obsolete by the CAT. 

Finally, the Plan has been amended to require the SROs to provide annual written assessments to the Commission on a range of important issues that are critical to ensuring a secure and updated CAT going forward.  Importantly, the annual assessments will include an evaluation of potential technology upgrades, which will be informed by technological expertise, and an evaluation of the information security protocols to ensure that the CAT is operated consistently with the highest industry standards. 

As I have mentioned on many occasions, implementing a robust consolidated audit trail in an efficient, timely and cost-effective manner is an enormous undertaking that has been, and will continue to be, one of the Commission’s highest priorities to complete, maintain and enhance.  The comprehensive action the Commission is taking today is the result of a collective effort by the Commission staff, the exchanges, FINRA and a host of market participants that invested extensive time and energy into this project. 

Before I ask Steve Luparello, Director of the Division of Trading and Markets, to discuss the NMS Plan, and Amy Edwards to discuss the economic analysis, I would like to thank Steve and his Deputy Director, Gary Goldsholle, for their leadership on this matter, as well as their counsels, Carl Emigholz, Moshe Rothman and Devin Ryan.  I also would like to highly commend the Trading and Markets team:  David Shillman, David Hsu, Natasha Greiner, Mark Donohue, Steve Samson, Rebekah Liu, Jennifer Colihan, Leigh Duffy, John Lee, Ted Uliassi and Susan Poklemba.  From the Division of Economic and Risk Analysis, I would like to thank Amy, our Chief Economist Mark Flannery, Vanessa Countryman, Laura Tuttle, Claire O’Sullivan, Salil Pachare, Austin Gerig, John Cook, Woodrow Johnson, Jonathan Hershaff, Lindsay Shipman, Helen Bowers, Ilia Rainer, Margarita Brose, and Anzhela Knyazeva.  My thanks also to Andrew Krug, the Commission’s Chief Information Security Officer.

Many thanks as well to Annie Small, Meridith Mitchell, Tracey Hardin, Cynthia Ginsberg, Melinda Hardy, Maureen Johansen, Daniel Matro, Josephine Morse, John Sholar and Jeffrey Walker of the Office of General Counsel.

In addition, I would like to thank many other staff throughout the agency for their contributions, including John Polise and Connie Kiggins from the Office of Compliance Inspections and Examinations; Mandy Sturmfelz, Rosemary Filou, and Wendy Kong from the Division of Enforcement. 

Finally, I would like to express my gratitude to my fellow Commissioners and their counsel for their continuing hard work and dedication to bringing the consolidated audit trail to completion.

Now, I will turn the meeting over to Steve Luparello to provide an explanation of the staff’s recommendation on the CAT plan.

Footnotes
[1] See Securities Exchange Act Release No. 77724 (Apr. 27, 2016), available at https://www.sec.gov/rules/sro/nms/2016/34-77724.pdf

[2] See SEC Chair Mary Jo White, Statement at an Open Meeting on a Notice of the Consolidated Audit Trail National Market System Plan (Apr. 27, 2016), available at https://www.sec.gov/news/statement/chair-white-open-meeting-042716.html; SEC Chair Mary Jo White, Enhancing Our Equity Market Structure (June 5, 2014), available at https://www.SEC.GOG42004312.  

Related News
1.       SEC Chair Mary Jo White Announces Departure Plans – Nov 15, 2016

2.      A Vision For Data At The SEC – Proshare – Nov 1, 2016

3.      Equity Market Structure in 2016 and for The Future – Proshare – Sep 14, 2016

4.      Consolidated Audit Trail: Home

 

Related News