Letter Type D on File No. S7-2026-12

The following Letter Type D, or variations thereof, was submitted by individuals or entities.

Letter Type D:

Dear Secretary Haywood,
[Filer name] respectfully submits this comment in response to the Commission's Concept Release on the Consolidated Audit Trail and Other Audit Trails and Data Sources (Release No. 34-105251; File No. S7-2026-12). We appreciate the Commission's commitment to a thorough and transparent review of the CAT and the regulatory infrastructure that underpins the integrity of U.S. securities markets.
We write in strong support of preserving and improving the CAT. While we recognize that the Commission is soliciting a broad range of views - including perspectives on eliminating or fundamentally restructuring the system - we believe that doing so would critically undermine the Commission's ability to fulfill its core statutory mission. Our comments address the principal themes raised by the Commission.
I. The CAT Is Necessary and Irreplaceable (Questions 1-3) The CAT is the only audit trail currently providing regulators with comprehensive, cross-market, order-level data that spans an order's full lifecycle - from origination through routing, modification, and execution or cancellation. Before the CAT, assembling a consolidated picture of market activity from OATS, COATS, EBS, and numerous market-specific data sources was, as the Commission itself has recognized, a "cumbersome, complex, and time-consuming process that was prone to error." That fragmented environment created meaningful gaps that bad actors could exploit.
The regulatory use cases enabled by the CAT - including cross-market surveillance for layering and spoofing, market reconstruction after disruptive events, and cross-broker analysis of trading activity using CCIDs - cannot be replicated by any existing alternative. The EBS system provides only executed trade data; it cannot support investigations into complex order manipulation strategies that rely on order routing and cancellation patterns. Retiring or replacing the CAT without a fully operational, equally robust successor would leave an unacceptable surveillance gap in the world's most important capital markets.
We urge the Commission to affirm that the CAT is necessary to enable its regulatory use cases and those of the SROs, and that no combination of existing alternative data sources is sufficient to replace it.
II. Reform Rather Than Eliminate - Governance and Cost Management (Questions 4-27) We strongly support the Commission's efforts to improve CAT governance and contain costs, and we believe these objectives are achievable without dismantling the system. The cost trajectory itself is encouraging: from an initial 2025 budget exceeding $248 million, the 2026 budget has been reduced to approximately $156 million - a $92 million reduction in a single year. This demonstrates that cost discipline, when properly incentivized and structured, can be achieved within the existing framework.
We support additional reforms in the following areas:
Governance. The current voting structure - which allocates one vote per SRO regardless of affiliation - can produce outcomes that are disconnected from market share or regulatory burden. We support the Commission's consideration of realigning voting rights along affiliated SRO group lines, consistent with the approach taken in the CT Plan for consolidated equity market data. Greater alignment between economic interest and governance authority would improve accountability.
Cost management. The recently adopted spending cap is a welcome first step. We encourage the Commission to establish a regular, independent technology audit of the CAT's architectural design and operational efficiency to identify further savings that do not compromise core regulatory functionality. Transparency in cost reporting should also be enhanced, including public disclosure of budget-to-actual comparisons on a semi-annual basis.
Funding. We support the Commission's consideration of supplementing or transitioning CAT funding to Congressional appropriations. As a primary regulatory tool benefiting the Commission's own enforcement and oversight mission, the CAT's funding should be subject to the same checks and balances as other core regulatory infrastructure. This approach would also better align the incentives of all stakeholders to carefully weigh costs and benefits of CAT functionality.
III. Privacy and Civil Liberties Concerns Have Been Meaningfully Addressed (Questions 78-81) We recognize and take seriously the civil liberties concerns raised in connection with the CAT's earlier collection of personally identifiable information. However, the Commission's January 2026 CAIS Order substantially addressed these concerns by removing requirements to collect SSNs, ITINs, names, addresses, dates of birth, and other PII from the CAT's Central Repository. The current architecture - in which CCID generation uses a two-phase transformation process that never stores raw SSNs in the Central Repository - represents a carefully calibrated balance between regulatory efficacy and privacy protection.
Further restrictions on transactional data collection (i.e., non-PII order and execution data) are not warranted. The collection of order-level transactional data does not raise the same Fourth Amendment concerns as the collection of personal information, and it is essential to the CAT's surveillance and enforcement mission.
IV. Cybersecurity Enhancements Should Be Prioritized (Questions 82-90) We support robust and continuously evolving cybersecurity requirements for the CAT. The sensitivity of the data involved demands a proactive, not reactive, security posture. We specifically encourage the Commission to:
Require implementation of NIST zero trust architecture standards for the CAT's Central Repository and CCID Subsystem. Enhance access logging and audit procedures, including the use of AI-assisted tools to detect anomalous access patterns. Mandate periodic third-party penetration testing beyond what is currently required, with public disclosure of aggregate findings (excluding operationally sensitive details). V. The R&R System Should Complement, Not Substitute For, the CAT (Questions 60-73) We support the Commission's interest in developing a request-and-response system to facilitate access to customer and account-level information now removed from the CAT. However, such a system should be viewed as a complement to the CAT - filling the gap left by PII removal - not as a pathway toward eliminating the CAT itself. The R&R System should be designed to integrate with the CAT's FDID and CCID architecture, enabling regulators to efficiently link transactional data with customer information only when a specific regulatory purpose warrants it.
Conclusion The CAT represents a generational investment in the infrastructure of U.S. market integrity. Its core regulatory functions are indispensable, and the significant cost reductions already achieved demonstrate that the system can be made more efficient without sacrificing its surveillance mission. We urge the Commission to use this comprehensive review to reform, strengthen, and streamline the CAT - not to dismantle it.
We appreciate the Commission's thoughtful approach to this review and welcome the opportunity to provide further input.
Respectfully submitted,