For market participants and operators standing on a shore, the Consolidated Audit Trail is like a distant ship on the horizon.
Its moving very slowly – so slow that sometimes movement is imperceptible. And it has been out there on the water for what seems like a very long time.
But as hard as it may be to envision, one of these days, the ship will dock, and all its details will be known.
The U.S. Securities and Exchange Commission in April put out for public comment a plan to create a single, comprehensive database meant to enable regulators to efficiently track all trading activity in the U.S. equity and options market. The SEC move on the CAT was seen as a milestone on a prolonged regulatory quest for better and more complete ex post facto trade information.
The proposed CAT, jointly submitted by the national securities exchanges and the Financial Industry Regulatory Authority, would increase the effectiveness of market research and monitoring, event reconstruction, and the ability to identify and investigate market misconduct, according to the SEC.
Much of the impetus behind the CAT stems from the flash crash of May 6, 2010, when markets went haywire and afterwards regulators had to sift through various industry trade tapes to try to determine what happened. It took the SEC five months to parse the data sets that were available, and those data sets only included 90% of the trade and order activity from that day.
An SEC report found that one large sell order triggered a highly unfortunate chain of events, but some market participants and observers have said the official autopsy was inconclusive and the day remains a mystery.
The CAT may not avert the next flash crash-like event, but if a system is in place when another disruption occurs, it should be more readily understood, and any identified weaknesses in market structure can be addressed.
At least thats the idea. As always with a massive regulatory initiative, there are a slew of details that need to be right for the concept to take flight. And market participants have their differences in opinion, both among themselves and with regulators.
The CAT is mapped out as a central repository that receives, consolidates, and retains trade and order data, to which exchanges and broker-dealers need to submit certain information about trades at various stages in the order lifecycle.
The concept of a CAT is easy and one that most everyone can get behind. Its the details that are vexing, and their hashing out between now and launch promises to be at least a little messy.
Details of the CAT National Market Structure plan as approved by the SEC include a minimum time-stamp granularity of one millisecond; an initial maximum error rate of 5%, with the ultimate goal of 1%; data-security requirements regarding connectivity and data transfer, encryption, storage, access, breach management, and personally identifiable information; and a retirement of duplicative rules and systems.
The last bit is a sticking point for market participants, who already have to report trade information to existing repositories such as Finras Order Audit Trail System. OATS has been around since 1998, but the system is considered dated and inadequate for todays high-speed, complex electronic markets.
The SEC estimates market participants may have to double-report for as long as two and a half years after CAT goes live.
Our primary, A-number-one concern with the CAT NMS plan is about the period of time for duplicative reporting, said Mary Lou Von Kaenel, managing director of the Financial Information Forum, a securities-industry group that focuses on the front office, back office and market-data implementation issues.
The schedule that was included in the NMS plan that was published for comment is very open-ended in terms of when duplicative systems might be retired, Von Kaenel told Markets Media. Retirement of duplicative reporting systems would be terrific, but our concern is more around when folks can report to only one system.
FIF has proposed establishing exemptions from duplicative reporting, based on an error rate that is comparable across systems. The concept is, have it set up so that we know the scope of whats being reported to OATS, Von Kaenel said. When youre reporting to CAT, if its comparable data and acceptable error rates, then at that point you should become exempt from duplicate reporting and just report to CAT on an ongoing basis.
Regarding implementation, the SEC has set forth that within one year of Commission approval of the CAT NMS plan, self-regulatory organizations would be required to begin reporting data to the central repository. Large broker-dealers would be required to begin reporting at the two-year mark, while small broker-dealers would have an additional year after that.
The timelines may be premature, according to FIF members, which include Goldman Sachs, Morgan Stanley, NYSE and Nasdaq, among other big names in the exchange and brokerage space.
Implementation milestones should be established once the technical specs have been hashed out and everyone has a good sense of whats involved, Von Kaenel said. Along the point of the tech specs, in their implementation we didnt feel that they provided enough time for an iterative review. There needs to be several iterations of the specs, where they do a draft which then goes out for comment and input. This is such a huge concept initiative that its unlikely you get it right on the first try.
As per the SEC timeline, two months after final CAT approval, a plan processor will be chosen. That likely means construction wont begin until 2017, and live operation will be 2019 at the earliest, according to Adam Sussman, head of market structure at dark pool and block-trade focused Liquidnet.
While the CAT is indeed coming to the U.S. equity marketplace as the single trade-data reporting system, he sees more debate and hurdles to clear before implementation.
This is a classic example of the glass half-full or half-empty, Sussman told Markets Media. The half-empty side of it is that the CAT is taking too long and its too slow. Also, its still not clear to me whether (regulators) will have the necessary data components to get down to the nitty-gritty of seeing the market clearly.
Continued Sussman, the half-full part is once CAT is completed, the Securities and Exchange Commission will have more data available in order to at least begin to conduct some kind of investigation into a disruptive market event and/or be able to take a more nuanced to view on measuring market quality.
CAT critics say it doesnt go far enough, or the system could be obsolete by the time its live. But, markets will be better off having CAT on the whole – which is more than you can say for some regulations, Sussman said.
Sussman noted the process of selecting a CAT builder has been long, but the thoroughness is in the markets best interests and the SECs decision to leverage technology from market vendors makes sense.
The hardest part of the CAT proposal may be behind the market. To some extent, the process just to get to rule done and the bidding process started was the longest part, he said. I dont think from a technology perspective it will be overly complicated.
Another detail under scrutiny is the 50-millisecond margin of error allowed for the timestamps that will mark every trade and quote the CAT records. The clock synchronization, benchmarked to the time maintained by the National Institute of Standards and Technology, is to be reviewed annually.
There is concern about whether 50 milliseconds is the optimal standard or whether the offset should be more precisely calibrated, as the precision of synchronization may affect the accuracy of the sequencing of events recorded in the consolidated audit trail, SEC Chair Mary Jo White said in April. This element of the proposal is also a significant cost driver that must be carefully considered. Opinions on the rigor and practicality of various clock synchronization standards and their impacts on our regulatory objectives are of keen interest.
While White didnt say the 50-millisecond time drift would be permanent, critics pounced on the initial allotment, noting if the timestamps could vary by such a differential from the NISTs timekeeping, the system was flawed. How could a system with such a large time discrepancy be accurate and fulfill its very function of creating a time sequence of market events?
SEC Commissioner Kara Stein noted that a 50-millisecond differential would translate into a 5% error rate. If the various reporting entities have clocks that are up to 50 milliseconds off, it means that the time stamp on orders will not be reliable, Stein said in April.
Investment managers, for whom cybersecurity is mission-critical, are concerned about how CAT will keep customer information out of the wrong hands.
The proposed national market system (NMS) plan to implement the CAT contains inadequate information security measures that leave registered funds confidential information vulnerable to a data breach, the Investment Company Institute wrote in a July 18 comment letter to the SEC.
The ICI said it supports the broad objectives of the CAT, i.e. enabling regulators to better oversee markets and more effectively and efficiently reconstruct market events that need to be understood.
But investors must not be put at risk. The CAT will contain information concerning position information and trading strategy for all registered funds and other entities active in the U.S. equity and options markets. This treasure trove of order and execution information has tremendous commercial value, and we are gravely concerned that cyber criminals and others will seek to access and use it for their personal gain to the detriment of funds and their shareholders, the ICI said. Predatory traders or cyber criminals could use CAT data to construct fund position information or reverse engineer fund trading strategies, enabling them to replicate fund portfolios or, in some case, front-run fund trading decisions.
The ICI recommended that the SEC enhance the CATs data-security provisions, by implementing state-of-the-art cybersecurity practices; tailoring the information-security provisions of the plan to reflect the sensitive nature of CAT data; ensuring that CAT data remains in the central repository; and requiring the plan processor to notify their customers if a data breach compromises their order or trade information.
The ICI also requested an assurance that information collected by the CAT will be used strictly for regulatory purposes.
James Angel, associate professor at the McDonough School of Business at Georgetown University said the CAT proposal broadly came in about as the market expected, and the devil will be in the details.
Most of the debate and the proposal itself was pretty straightforward and makes sense, Angel told Markets Media. I am sure that industry will groan at the length of time there will be an overlap between OATS reporting and CAT, as CAT will eventually replace OATS reporting and it will be costly to keep both reporting systems up and running.
However, he added that the SEC has allowed the industry plenty of time to comply with CAT. He did agree that Commissioner Stein had a valid reason to point out the 50ms clock delay or lack of synchronization standard. Given the industry harrumphing that 1 millisecond is not de minimis with regard to the IEX (exchange) application, it is hard to argue that 50 milliseconds is acceptable for clock synchronization, Angel said.
Angel noted that the current debate around CAT risks missing the forest for the trees, with the trees being what happens on the SEC side once the system is up and running. That is the real question, he said. Once the data are gathered, will the regulators drown in the big data and still miss the big problems?