Investment trade groups have shown support for the SEC’s proposed overhaul of the Consolidated Audit Trail (CAT), which tracks all trading activity for listed equities and options in U.S. markets. Since the SEC’s concept release on April 16, groups such as the Securities Industry and Financial Markets Association (SIFMA) and the American Securities Association (ASA) have advocated for changes regarding CAT’s funding model, privacy protections, and the destruction of previously collected personal data.
The SEC sought input on issues like cybersecurity and the balance between privacy and regulatory needs, leading to 243 comments from various industry stakeholders. Moving forward, the SEC will review the feedback and consider formal rulemaking.
SIFMA’s Recommendations:
- Control of CAT Funding: SIFMA proposes that the SEC should take full control of CAT funding, suggesting that costs should be included in its annual budget request to Congress. This change would eliminate the National Market System Plan, which currently restricts industry participation in CAT operations despite them covering a significant portion of costs.
- Revamp of Data Requests: The letter recommends a centralized request-response system for regulators to identify accounts flagged for review instead of relying on antiquated electronic blue sheets, which include sensitive account-holder data.
- Adoption of Security Best Practices: SIFMA calls for revisiting the SEC’s 2020 security data proposal to implement contemporary data security practices for the CAT.
ASA’s Stance on Privacy:
The ASA is backing the “Protecting Investors’ Personally Identifiable Information Act,” which aims to bar the SEC from requiring personally identifiable information (PII) in CAT reporting. The act, introduced in February 2025, emphasizes concerns over privacy, security, and potential constitutional violations.
In addition to supporting legislative action, the ASA has urged the SEC to eliminate current PII collection practices and destroy any data already collected, claiming that the CAT’s existing framework poses significant cybersecurity risks and threatens individual privacy.
The letter reinforces the idea that the CAT’s operational goals can be achieved without directly collecting personal information, highlighting existing records maintained by broker/dealers.
Conclusion
The ongoing feedback process gives the SEC a chance to address fundamental flaws in the CAT’s design, focusing on the balance of regulatory needs, privacy concerns, and data security considerations. As the SEC reviews the comments, there is a strong push from investment groups for a more secure, effective, and privacy-conscious auditing system.