After Hack, SEC Defends Plan to Amass Traders’ Sensitive DataBy and
Clayton grilled by lawmakers over safeguards for CAT system
System to hold information on billions of daily stock orders
U.S. Securities and Exchange Commission Chairman Jay Clayton is making a tough sales pitch as he tries to convince lawmakers that his agency can protect reams of personal data after it disclosed a hack that shook confidence in Wall Street’s top regulator.
Clayton was peppered with questions at a U.S. House hearing on Wednesday about a massive new database being built that is meant to help the SEC quickly figure out what causes market disruptions and investigate illegal trading. Known as the Consolidated Audit Trail, the repository could hold everything from brokerage account information to Social Security numbers.
House Financial Services Committee Chairman Jeb Hensarling kicked off the hearing by urging Clayton to delay implementation of the program. Lawmakers have expressed concern about the security of the CAT system, which will be even bigger than the Edgar corporate filings database that cybercriminals breached last year.
Clayton said he had outstanding questions related to the CAT and that the SEC wouldn’t accept data from the massive system until they were answered. More generally, Clayton said his agency was conducting a review to make sure the SEC wasn’t collecting unnecessary personal information.
“I’ve made it clear that I don’t want information unless we need it for our mission,” Clayton told lawmakers.
The SEC’s Sept. 20 disclosure of the Edgar hack, which followed the highly publicized breach at Equifax Inc., has intensified calls for the CAT to be put on hold. Stock exchanges are set to begin feeding data into the system next month, while brokers have to start submitting information in November 2018.
The database could ultimately include personal details for more than 100 million trading accounts, and is meant to track billions of daily orders to buy and sell stocks. Lobbyists for the New York Stock Exchange, the Nasdaq Stock Market and trade associations for brokerage firms have been telling congressional offices that regulators need to make sure all that information can be protected.
“Given the recent hacks at Equifax and the SEC, a delay of the CAT implementation would be prudent to determine whether collecting a customer’s personally identifiable information is really necessary,” said Christopher Iacovella, chief executive officer of the Equity Dealers of America, a group representing regional financial services firms.
The CAT has already been a long time coming. The SEC started kicking the idea around years ago, and it gained traction as the regulator struggled to figure out the causes of the May 2010 flash crash.
The database has been billed as an essential step to improve monitoring and understanding market moves. Thesys Technologies is leading the construction of the system which is directly overseen by the exchanges and the industry-backed Financial Industry Regulatory Authority.
Brokers and exchanges have often clashed over who will pick up the tab for the system. While both sides have been pushing for the delay, neither has called for the CAT to be scrapped altogether.
Hensarling said that with the go-live date for the system fast approaching, the CAT must be put on hold until “the appropriate safeguards and internal controls are in place.”
“The SEC has only one chance to get this right, please make sure you do,” the Texas Republican said in his opening statement.