In a recent episode of The SIFMA Podcast, SIFMA President and CEO Kenneth E. Bentsen, Jr. sat down with Joe Corcoran, SIFMA Managing Director and Associate General Counsel, to discuss the Consolidated Audit Trail (CAT) and the urgent need for reform.
Since its inception by the SEC in 2012, CAT has evolved into one of the most ambitious market surveillance tools ever attempted. Yet, 13 years later, questions surrounding data privacy, funding, governance, and regulatory scope remain unresolved—prompting renewed scrutiny and concern from industry stakeholders.
Created to enable comprehensive tracking of all U.S. equity and options trading activity, the CAT became fully operational in 2021 and is operated by 25 self-regulatory organizations (SROs). Although SIFMA has supported CAT’s underlying goal of enhancing market transparency, Bentsen emphasized that the system’s design and implementation have been plagued by inefficiencies and risk. “The CAT has had a really tortured development process,” he said. “We’ve weighed in repeatedly with concerns since 2012—on data protection, liability, funding, and governance.”
One of the most persistent issues has been the collection and storage of personally identifiable information (PII). As Corcoran explained, “The CAT collects names and addresses, and until 2020, it also collected Social Security numbers. The SEC rightly recognized the risk and removed that requirement. But even without SSNs, PII still poses major privacy and security concerns.”
Both Bentsen and Corcoran reiterated that the massive scale of the CAT makes it a high-value target for cyber threats. “By some estimates, the CAT may well be one of the largest databases in the world,” Bentsen warned. “It’s an environment rich for bad actors and hackers. And with thousands of individuals potentially having access across the SROs, the risk multiplies.”
To that end, SIFMA strongly supports a March 2025 proposal by the SROs to prohibit all submission of PII and to delete PII currently stored in the database. The amendment builds on a February exemption granted by the SEC, and SIFMA sees this as a positive shift toward addressing long-standing privacy concerns. “That’s a really good start,” Bentsen said. “Deleting the PII already collected is just as important.”
Another critical topic discussed was CAT’s funding model. According to Corcoran, “SIFMA has long advocated for a fair funding approach. The current model, approved by the SEC in 2023, allows the SROs to shift nearly all CAT costs onto the industry. We believe that’s fundamentally unfair.” The model is now the subject of litigation in the 11th Circuit Court, which SIFMA supports.
Bentsen emphasized the broader problem: those footing the bill have little to no control over how the system is managed. “The industry, which is paying the cost, has no oversight or authority over the CAT’s budget, its vendors, or its spending,” he said. “Our members believe this would be better funded through the SEC’s budget and Section 31 fees. That would ensure not only better funding oversight by the Commission but also by Congress.”
In addition to funding, SIFMA is calling for structural changes to CAT governance. “Everybody’s in charge, and nobody’s in charge,” Bentsen said, noting the difficulties created by a 25-SRO consortium operating without direct accountability to the market participants who bear the operational burden. “The SEC needs to step in and clarify what it wants the CAT to be, what data it needs, and how it plans to protect it.”
That opportunity may now be at hand. SEC Chairman Paul Atkins recently called for a comprehensive review of the CAT—an announcement welcomed by SIFMA. The review will examine reporting requirements, database costs, data collection practices, and overall utility. “This is long overdue,” Bentsen said. “We hope the Commission takes a hard look at what’s working, what’s not, and what should change. It’s time for a holistic approach.”
Corcoran added that the SEC has both the precedent and authority to take more decisive action. “Back in 2020, the SEC imposed financial accountability milestones on the SROs to accelerate CAT development. It worked—but the result wasn’t always efficient,” he said. “We think it’s time for the Commission to once again take the lead, especially as it has the authority to amend NMS plans like CAT directly.”
To improve efficiency and reduce costs, SIFMA has also proposed that the SROs hire an external technology consulting firm to conduct a full-scale review of CAT operations. “That’s standard practice in the tech industry,” Corcoran said. “Cloud processing accounts for a major portion of CAT’s costs. We believe a consultant could help identify ways to cut those costs without sacrificing the system’s utility.”
Ultimately, SIFMA is advocating for reforms that will bring greater transparency, accountability, and security to the CAT—while ensuring the system remains focused on its core mission of market oversight. “We’re not opposed to the CAT,” Bentsen clarified. “We just believe it should operate in a way that’s fair, efficient, and safe. The Commission now has the chance to get this right.”
