Wall Street Resigned to a CAT Delay
Whether the US Securities and Exchange Commission delays the implementation of the Consolidated Audit Trail (CAT), a portion of the industry have already resigned themselves to an expected delay.
When regulator held meetings with self-regulatory organizations, broker-dealers, and other stakeholders to discuss the project’s status “around 30 of the participants hoped that there would be a delay,” said someone familiar with the discussion.”But that was not the majority.”
However, many frustrated market participants see the cyber-security concerns over the CAT as a mere stalking horse.
“The industry seems to have used the cybersecurity issues at the SEC and Equifax as an excuse to promote a delay,” Joe Saluzzi, a partner and co-founder of Themis Trading, told Markets Media.
“It’s not surprising to see so many folks using the SEC’s mishandling of its own data breach to call for yet another delay,” added Tyler Gellasch, executive director of Healthy Markets Association. “It is probably not lost on the SEC that most of those same voices have been fighting the CAT for years on every front.”
The SEC’s decision to disclose the 2016 hack of its Electronic Data Gathering, Analysis, and Retrieval corporate filing platform eight weeks before the CAT’s planned November 15 launch does not bode well for a timely rollout, according to Valerie Bogard, an analyst with industry research firm Tabb Group.
“The big focus right now is on cybersecurity and if there are not enough protections in place, pushing the start date will be the only choice,” she said.
The EDGAR breach is a bit of a red herring regarding the CAT since the platforms use different technology, noted Gellasch.
“I suspect the SEC and market participants will take comfort in the fact that the technology firm working on the CAT has been working on the SEC’s MIDAS for years without any known incidents,” he said
However, the House Financial Services Committee provided the handwriting on the wall regarding delaying the CAT’s rollout when it voted 59-1 to release H.R. 3973, or the Market Data Protection Act, from the committee on October 11.
A portion of the 436-word bill would require that the SEC, FINRA, and the CAT operator, in consultation with the US SEC’s Chief Economist, develop comprehensive internal risk control mechanisms to safeguard and govern the storage of market data, all market data sharing agreements, and all academic research using market data. The bill also halts market-data reporting to the CAT until the CAT operator develops such internal risk control mechanisms.
It is hard to argue against taking a few months to make sure the CAT is up to snuff from a cyber-security perspective, given the amount of time and effort that has already gone into the project, according to Gellasch.
“After seven years of planning and fighting, the SEC might finally get a surveillance tool that is about half as valuable what most Americans would suspect the SEC would have had for decades,” he said. “The data breach is not the biggest threat to the CAT’s successful implementation, the enormous holes in its design, including the failure to include futures market information and legal entity identifiers, are much greater concerns.”
Thesys CAT, the operator of the CAT, and the SEC did not immediately respond to requests for comment.
The legislation is a step closer to a vote by the lower chamber.
The new working group hits the ground running.
Firms need an infrastructure capable of handling and relaying massive amounts of data.
Industry survey notes fewer than 10% of firms have project governance in place.
Industry body fears database will be too attractive to hackers.