SIFMA Wants a PII-less CAT
The Securities Industry and Financial Market Association added its voice to those who want to re-think the Consolidated Audit Trail due to cyber-security concerns.
“Under its current design, it would be the largest database ever established,” said Kenneth Bentsen, president and CEO of SIFMA during the industry body’s annual “State of the Industry” press conference. “It also would be the largest place that would collect personal identifying information in one place.”
Such a honeypot would be a prime target for hackers, according to Bentsen.
He noted that approximately 3,000 people would have access to CAT data under its current plan. “A lot of points of entry are an area of concern,” said. Bentsen. “I think people are coming to realize that.”
SIFMA views the CAT as an essential tool for the Securities and Exchange Commission and the overall health of the industry but would like to see the platform perform its function without the need of PII, he added.
“We don’t think that it is a necessary component, especially because regulators always have the ability if they see something, to come back and say, ‘Now we want to know more about it,” said Bentsen. “That is a better approach than creating this massive database that just is sitting out there.”
The industry body is working on possible alternatives such as legal entity identifiers or a mechanism for large trade reporting. Both of which Tyler Gellasch, executive director of the Healthy Market Association, recommended in his testimony before the House Financial Services Committee’s Subcommittee on Capital Markets, Securities, and Investments in early December.
There’s a lot of information that is captured on blue sheets now that are already submitted, according to Bentsen offering a third alternative.
“SEC Chairman Jay Clayton has been very clear that he thinks CAT is an important tool,” he added. “We respect that and are hopeful that if we will be encouraging them with different ideas on how to do this without PII.”
The new working group hits the ground running.
Firms need an infrastructure capable of handling and relaying massive amounts of data.
Industry survey notes fewer than 10% of firms have project governance in place.
The Plan Processor mints a new president and CTO.
Cybersecurity remains the top concern.