SIFMA Statement on the Consolidated Audit Trail

SIFMA released the following statement from Kenneth E. Bentsen, Jr., SIFMA president and CEO, on the Consolidated Audit Trail:

“SIFMA remains very concerned about investor data security of the CAT. SIFMA and its members are supportive of the CAT and its regulatory intent but have repeatedly expressed strong concerns regarding the risks to our customers’ sensitive financial data information, including the wholesale collection of personally identifiable information (PII) and transaction data being compiled in one place. This risk is further compounded by a lack of liability coverage for the broker dealers who are obligated to report to the CAT. Allowing twenty-four self-regulatory organizations (“SROs”) to have the ability to bulk download and store all such data, including transactions and customer data, on their own systems, dramatically increases exposure to data breach and theft. As SEC Chairman Clayton rightly noted at a Senate Banking hearing today, data security must be a paramount concern with a database this large. Allowing up to 3,000 users at twenty-four different SROs to hold the data internally with personnel having unfettered access makes absolutely no sense. SIFMA believes that all surveillance and analysis on CAT data should occur within a highly controlled, limited access secure analytics environment within the FINRA CAT Processor and only the SEC and FINRA should have access to the full database. The SROs should only access their own transaction data and should not have access to the customer database. We urge the SEC to address these concerns immediately.”