Skip to main content

Escaping the Data Swamp: Remarks before the RegTech 2023 Data Summit

Washington D.C.

April 11, 2023

Thank you Craig [Clay] for that introduction. Let me start by reminding you that my views are my own and not necessarily those of the Securities and Exchange Commission (“SEC”) or my fellow Commissioners. I was intrigued when former Commissioner Luis Aguilar extended a speaking invitation for today’s RegTech 2023 Data Summit. Modernizing how we collect, analyze, and facilitate the public’s use of data is important to me, and this Summit was likely to be lively given last year’s passage of the Financial Data Transparency Act (“FDTA”).[1]

Commissioner Aguilar served at the SEC from 2008 to 2015. Among his many contributions,[2] at the end of his tenure he offered advice for future commissioners. After all, as he pointed out, “there is no training manual on how to do a Commissioner’s job.”[3] His advice, which I still find helpful five years into the job, includes an admonition to keep grounded by staying connected to people outside of Washington, DC, and a warning that “if you do not feel very busy—or swamped with work— something is wrong.”[4] I can guarantee you, Commissioner, that I feel swamped, but not too swamped to hear from people outside of the swamp.

Commissioner Aguilar also advised that “When it comes to making decisions, an SEC Commissioner should be wary of simply accepting the status quo. The securities markets are in a state of almost constant evolution, which calls for a degree of open-mindedness and adaptability.”[5] This need for flexibility extends to interacting with the technology of regulation, so-called “RegTech.” As we are swamped with more and more data, we need new tools to receive it, store it, process it, analyze it, and, when appropriate, publicly release it. New technology also can help us to ease the compliance burden for regulated entities.

Structured data—“data that is divided into standardized pieces that are identifiable and accessible by both humans and computers”—is one RegTech tool.[6] The SEC has built structured data into its rulebook for years. The pace has picked up recently, and many rulemakings now incorporate structured data. SEC staff, particularly within our Division of Economic and Risk Analysis (“DERA”), has embraced structured data enthusiastically. I hardly dare admit in this crowd, but I have not always shared the enthusiasm.

Particularly now that Congress’s enactment of FDTA cements structured data into our rules, I am thinking more deeply about these issues in the spirit of Commissioner Aguilar’s advice to have an open mind. As you all know, the FDTA requires financial regulatory agencies, including the SEC, to engage in joint rulemaking to adopt common data standards for information collection and reporting. I continue to believe that there are potential pitfalls with requiring structured data, and I think even now that the FDTA is law they remain relevant: these concerns include the cost of creating structured data, especially for smaller entities; the utility of the structured data to the public; the dangers of embedding in rules technology that inevitably becomes outdated; and the likely result of making it easier for government to process data, which is to increase the appetite for collecting ever more data. Disregarding or downplaying these potential pitfalls could raise the costs and reduce the benefits of structured data disclosures. It could make them less useful and more burdensome, while generating resistance to future attempts to incorporate technological advances into our regulatory framework. In the spirit of beginning a conversation to ensure a better result, I would like to offer four principles that should guide the SEC and other regulators through the process of implementing the FDTA.

  1. Have a Strategic Implementation Vision.

First, regulators should have a strategic vision for structured data. A strategic vision requires that regulators understand where structured data requirements would be most helpful and that they implement the requirements accordingly. My colleague, Commissioner Mark Uyeda, is my inspiration here: He recently raised questions about the SEC’s piecemeal approach to integrating structured data into our rules and called instead for more thoughtful implementation of structured data requirements and an “overall plan,” with an eye to where these requirements would be most beneficial.[7] Understanding where structured data mandates produce the greatest benefits—and where the data would be of little help—facilitates better prioritization.[8] For example, regulators could acknowledge that for regulatory filings that human regulators review without the aid of technology and that are not available to the public, tagging may not be a priority.

A strategic approach to implementation also should include initiatives to improve the utility and relevance of structured data for all investors. People are more likely to use structured data filings if they are accurate and comparable. Error rates in structured filings appear to be falling, but regulators should continue to work with filers to increase the accuracy.[9] Regulators should resist excessive use of custom tags, which could undermine the comparability of regulatory filings, but also not insist on standardized tags when using them would harm data accuracy by papering over essential distinctions.[10] Just because standardized data seem to be “comparable” across firms does not mean the data reported by different firms are actually comparable; on the other hand bespoke tags from similarly situated regulated entities may mask those similarities. FDTA implementation should avoid both extremes.

The FDTA affords enough flexibility in implementing data standards to accommodate a strategic approach. The FDTA, for example, in multiple places, recognizes the need to scale requirements and minimize disruption.[11] The FDTA is not focused simply on having agencies produce structured data, but on producing data that are useful for investors and the Commission.[12]

  1. Take Cost Concerns Seriously.

Second, regulators need to take costs seriously. In their enthusiasm for the benefits structured data can bring, advocates sometimes sound as though they dismiss cost concerns out of hand. Regulators must consider both expected costs and expected benefits when considering whether and how to impose structured data requirements. Comprehensive regulation at the federal and sometimes the state level can impose significant burdens on financial firms, especially smaller ones. SEC-regulated entities, in particular, face a flood of new SEC rules over the next several years. The cumulative effect of individual mandates that regulators believed would impose only minimal costs can nevertheless be heavy.

Structured data requirements are no different. Even if we assume that every benefit touted by structured data advocates will be realized, we need to consider carefully whether those benefits are worth the costs firms will bear and the potential effect on competition among regulated firms if those costs prove too great, again particularly for smaller firms. Costs will appear especially burdensome to firms implementing structured data mandates if they do not see corresponding benefits.[13] The fees for the requisite legal entity identifier may be low,[14] but other implementation costs are likely to be much more substantial, harder to measure, dependent on the granularity of the tagging requirements, and highly variable across filers. Estimates commonly used as evidence showing the low cost of reporting data in structured form generally relate to financial statements, which may not be representative of the costs of using structured data to comply with the Commission’s various reporting requirements.[15] Consider, for example, a recent SEC rule requiring business development companies to tag financial statement information, certain prospectus disclosure items, and Form N-2 cover page information using Inline XBRL, which was estimated to cost approximately $161,179 per business development company per year.[16] For a closed end fund to tag in Inline XBRL format certain prospectus disclosure items and Form N-2 cover page information, we estimated a cost of $8,855 per year.[17]

Regulators should be particularly sensitive to costs faced by municipal issuers. Encompassed within this category is a wide diversity of issuers, many of which are very small, budget-constrained, and issue bonds only infrequently.[18] Proponents of structured data for municipal issuers argue that structured data could be a “prerequisite for an efficient municipal securities market, which will benefit issuers and investors alike.”[19] The unusual regulatory framework for municipal securities, however, raises questions whether structured data mandates will in fact increase transparency in this market. Critical questions remain about what implementation will look like for municipal securities.[20] The FDTA requires the Commission to “adopt data standards for information submitted to the” MSRB,[21] but much of the data reported by municipal issuers is provided on a voluntary basis. Consequently, a bungled FDTA implementation could cause municipal entities to reduce these voluntary filings or to avoid the costs of reporting structured data.[22] If the costs are high enough, municipal issuers could exit the securities markets entirely and raise money in other ways.[23] As we proceed toward implementation, we should pay close attention to the experiences of local governments around the country. For example, Florida recently implemented a structured data mandate for municipal issuers’ financial statements.[24] I look forward to hearing whether the costs of this endeavor were generally consistent with some of the cost estimates that have appeared in recent months. We should take seriously the FDTA’s directive to “consult market participants” in adopting data standards for municipal securities.[25]

For several reasons, I am hopeful that costs may not be a significant concern in most cases. First, structured data costs appear to have dropped over time.[26] If that trend continues, it could make costs less pressing for smaller entities. Tools that make structured data filing cheaper, more seamless, and less prone to errors will also help. For example, shifting to Inline XBRL imposes initial filer costs, but eliminates the need to prepare two document versions—one for humans and one for machines.[27] Fillable web forms that require the filer neither to have any particular technical expertise nor to hire a third-party structured data service provider can lower filer costs significantly.[28]

Second, companies may find that the up-front cost of integrating Inline XBRL into operations lowers long-run compliance costs, helps managers monitor company operations, and facilitates analysis of company and counterparty data.[29] Responding to regulatory demands for data may be easier for firms with structured data.[30] In that vein, the FDTA envisions a future in which firms no longer have to submit the same data to different regulators on different forms.[31] Moreover, as my colleague Commissioner Caroline Crenshaw has pointed out, small companies making structured filings may enjoy greater analyst coverage and lower capital costs.[32]

Third, the FDTA explicitly preserves the SEC’s (and other agencies’) preexisting “tailoring” authority[33] and, in several places, authorizes regulators to “scale data reporting requirements” and “minimize disruptive changes to the persons affected by those rules.”[34] Further, under the FDTA, the SEC need only adopt the data standards to the extent “feasible” and “practicable.”[35] Relying on this authority, the SEC should explore extended phase-in periods, permanent exemptions for certain entities or filings, or other appropriate accommodations, particularly for smaller entities, including municipal issuers falling under a specified threshold.

  1. Appropriately Constrain the Urge for More Data.

Third, regulators must constrain their appetite for data. Collecting heaps of data without a clear regulatory need undermines regulatory legitimacy. The goal should be to collect only the data regulators need to perform their limited statutory missions, not all data or even all the data it might come in handy someday to have.

As data become cheaper and easier to collect, store, and analyze, regulators tend to want more of it. Structured data mandates, therefore, may look like a great opportunity to demand more data from regulated entities. After all, done right, once companies integrate data tagging into their operations, producing data will take only the click of a button, or maybe not even that much effort.[36] Moreover, because the data are electronic, regulators will no longer trip over boxes in the hallways as they used to,[37] so the cost on our end will be low too. And new data analysis tools enable regulators to analyze the data more efficiently.[38] Better technology for collecting, storing, and analyzing data should not become a license for unfettered regulatory appetites. The FDTA, perhaps reflecting congressional recognition of this concern, did not authorize any new data collections, but rather concentrated on making existing data collection more efficient.[39] Even if the data point exists and we can easily ask for it, store it, and process it, we should ask for it only if we have a legitimate regulatory need for it and collecting the information would not be otherwise inappropriate.[40]

  1. Keep Up With Changing Technologies.

Finally, regulators need to specify standards in a way that preserves flexibility in the face of rapidly changing technology. Rules are hard to write and even harder to rewrite once they are written. Multi-agency rules can be particularly inflexible because the agencies have to act in concert. Experience teaches us that embedding specific technological requirements in rule text can saddle registered entities with unnecessary burdens as technology changes. They find themselves needing to maintain the mandated-but-obsolete system alongside a new, superior system that does not meet our decades-old regulatory requirements. Until very recently, for example, broker-dealers maintained a write once, read many—also known as WORM—technology to comply with our recordkeeping rules alongside the actual recordkeeping system they used for operational purposes and to answer regulatory records requests. When we write rules, we may find it difficult to imagine a technology superior to what is then commonly available; after all, most financial regulators are not technologists. But experience shows us that our rules are generally far more enduring than the technology they mandate.[41] Just last month, we finally proposed to transition many broker-dealer filings from paper to electronic formats, a change that has probably seemed obvious and inevitable for nearly two decades.

Why should structured data standards be any different? We already have seen an evolution in widely accepted standards over time as eXtensible Business Reporting Language (“XBRL”) has given way to Inline XBRL.[42] Regulators should keep this experience in mind as they formulate structured data standards, which may mean looking for ways to avoid embedding any particular structured data technology in our rules. One way to do this may be to set broad objectives—for example, that filings should be human- and machine-readable, inter-operable, and non-proprietary[43]—in regulation and save the technical specifications for filer manuals.

The FDTA may not permit us this degree of flexibility, and to the extent that changing standards impose costs on market participants, it may be more prudent to proceed via notice-and-comment rulemaking. Another possibility may be to specify reporting standards in a free-standing section of our rules, which could make it easier for the Commission and other financial regulators to make updates as warranted by technological changes.

  1. Looking to the Future

Let me close by looking beyond the FDTA to what the future might hold. As regulators impose tagging requirements on regulated entities, they should explore how they might be able to use structured data to make their own rules easier for entities to find, analyze, and follow. Machine-readable rules are one way to facilitate regulatory compliance. Some commentators also have broached the possibility of machine-executable rules, which firms theoretically could use to automate compliance.[44] With the rulebook coded into a firm’s operational system, the system, for example, could automatically and precisely produce a required disclosure.[45] One could even imagine some governments going one dystopian step further and sending substantive requirements via software code directly into a firm’s computer systems. Such a vision might not seem too far afield from some of the SEC’s current proposals, which seem intent on displacing private market participants’ judgment, but machine-readable rules are more in line with my limited government approach.

While the SEC has not taken concrete steps to make its rulebook machine-readable, one of the regulatory organizations with which the SEC works has. Last year, the Financial Industry Regulatory Authority (“FINRA”) started developing a machine-readable rulebook[46] that aims to improve firm compliance, enhance risk management, and reduce costs.[47] FINRA created a data taxonomy for common terms and concepts in rules and embedded the taxonomy into its forty most frequently viewed rules.[48] Although its initial step was limited in scope, it sparked interest.[49] Other regulators have run similar experiments with machine-readable rules.[50]

The SEC could follow its regulatory sisters’ lead and try integrating machine-readable rules into its rulebook, but there are some obstacles. We struggle to write our rules in Plain English; could we successfully reduce them to taxonomies? Would rules become less principles-based and more prescriptive so that they would be easier to tag? To start the ball rolling, we could take more incremental steps like tagging no-action letters and comment letters on filings.[51]

  1. Conclusion

Commissioner Aguilar’s advice to future commissioners included an admonition to “choose your speaking engagements wisely.”[52] I have chosen wisely to speak to a group of people so committed to high-quality regulatory data. Commissioner Aguilar advised, “Do your due diligence and listen to all sides—particularly those whose views may not align with yours. You will become more informed (and wiser).”[53] I look forward to hearing from you, especially on matters where we disagree.

[1] The FDTA requires a joint rulemaking by financial regulatory agencies, including the SEC, on data standards for information collection and reporting. See Financial Data Transparency Act of 2022 ("FDTA"), Pub. L. No. 117-263, tit. LVIII, § 5811(a)(1), 126 Stat. 4145 (2022) (identifying “covered agencies” and establishing a two-year timeline for joint final rules establishing data standards). The data must be interoperable, “non-proprietary,” and “fully searchable and machine-readable,” among other criteria. Id. Once the joint rulemaking is final, the FDTA instructs the individual agencies to take specific steps. See, e.g., id. §§ 5821-25 (setting forth the mandates for the SEC with respect to its own data, filings and reports by regulated entities, filings with the Municipal Securities Rulemaking Board (MSRB), among others).

[2] See Commissioner Luis Aguilar, Biography, SEC (last visited Apr. 10, 2023).

[3] Commissioner Luis Aguilar, Commissioner Aguilar's (Hopefully) Helpful Tips for New SEC Commissioners, SEC (Nov. 30, 2015),

[4] Id.

[5] Id.

[6] See Office of Structured Data, What is Structured Data, SEC (Mar. 26, 2016), (“Structured data is data that is divided into standardized pieces that are identifiable and accessible by both humans and computers. The granularity of these pieces can range from an individual data point, such as a number (e.g., revenues), date (e.g., the date of a transaction), or text (e.g., a name), to data that includes multiple individual data points (e.g., an entire section of narrative disclosure). Structured data can be created and communicated using data standards like XBRL, XML, and JSON, or generated with web and pdf forms.”).

[7] Commissioner Mark Uyeda, Statement on the Final Rule: Insider Trading Arrangements and Related Disclosures, SEC (Dec. 14, 2022), (“The Commission has not given any consideration as to what material, existing disclosures ought to be prioritized for reporting as structured data, like management’s discussion and analysis. This lack of an overall plan is a shortcoming of the Commission and one that should be rectified”).

[8] See, e.g., Commissioner Hester Peirce, Statement on Final Rule of Inline XBRL Filing of Tagged Data, SEC (Jun. 28, 2018), (raising concerns about particular structured data mandates: “If Interest is low it makes little sense to then mandate that everyone use the unpopular technology. In the early days of home video, it would not have been reasonable for the government to say ‘people aren’t using Betamax. Let’s mandate the use of Betamax!’”).

[9] See, e.g., XBRL.US, Aggregated Real-time Filing Errors, (last visited Apr. 10, 2023) (charts compiling the historical error rates “in public company financial reports accepted into the SEC’s EDGAR database” and showing that error rates generally have been falling over time).

[10] For a discussion of custom tags used in filings submitted by issuers to comply with the 2009 Interactive Data rules and trends in their use, see Office of Structured Data, U.S. GAAP – XBRL Custom Tags Trend, SEC (Aug. 12, 2022),

[11] See, e.g., FDTA § 5823 (allowing steps to scale requirements and minimize disruption in connection with municipal securities).

[12] See, e.g., FDTA § 5825 (establishing a “Data Quality Improvement Program” to, among other things, “make data filed with or furnished to the Commission useful to investors” and requiring that the SEC report to Congress every six months on the “public and internal use of machine-readable data for corporate disclosures”).

[13] See, e.g., Letter from Nasdaq, Inc. at 5 (Mar. 21, 2019), (“Only 8% of survey participants believe that analysts or investors are using XBRL data, although it costs them on average $20,412 each quarter to comply with XBRL requirements for the Form 10-Q. In our own experience as a self-regulatory organization, the usability of XBRL is limited”).

[14] The Act requires every entity to buy “a common non-proprietary legal entity identifier that is available under an open license. FDTA § 5811. That identifier could be the Legal Entity Identifier (“LEI”), which costs between $50 and $65 annually. See LEI Register, LEI Price List,,%2D%20%24250(%24%2050%20%2F%20year) (last visited Apr. 10, 2023). A firm obtaining an LEI also incurs other administrative costs in connection with obtaining and maintaining the LEI. See Financial Stability Board, Thematic Review on Implementation of the Legal Entity Identifier: Peer Review Report at 34 (May 28, 2019),

[15] One 2017 survey of more than 1,000 small reporting companies found the median price for such companies to prepare financial statements in XBRL was $2,500, and it cost less than $5,500 for almost 70 percent of such companies. See AICPA & CIMA, XBRL Costs for Small Companies Have Declined 45%, According to AICPA Study (Aug. 15, 2018),

[16] Securities Offering Reform for Closed-End Investment Companies, 85 FR 33290, 33328 (Jun. 1, 2020),

[17] Id.

[18] Congress long has been sensitive to the unique concerns raised by federal oversight of the municipal bond markets, including costs. See 15 U.S.C. § 78o-4(d) (prohibition on imposition by the Commission and the Municipal Securities Rulemaking Board of certain types of filing requirements on municipal bond issuers, commonly known as the Tower Amendment). The FDTA includes a provision that expressly provides that the Act does not “affect the operation” of the Tower Amendment. FDTA § 5823(a). Some commentators have suggested that the Act may nonetheless undermine the protections of the Tower Amendment by, for example, allowing the MSRB to use structured data requirements “to impose standards that could dictate both the structure and content of disclosures, and to indirectly prescribe accounting and reporting principles to be used by state and local governments and entities.” See Letter from Government Finance Officers Association, et al. (Sept. 29, 2022), Although my discussion here is limited to costs, the Commission should ensure that any rules issued or approved in the implementation of the Act are consistent with the Tower Amendment.

[19] Marc Joffe, Machine‐​Readable Financial Reporting Is Less Scary than You Think, CATO Institute (Jan. 4, 2023),

[20] See, e.g., Ernesto Lanza et al., Structured Data Is Coming to the Municipal Securities Market–Now What? at 8-9, Ballard Spahr LLP (Jan. 2023), (discussing “ambiguity regarding how Municipal Market Data Standards are intended to apply to information currently required to be submitted to the MSRB as documents rather than fielded data . . . . ”).

[21] See FDTA § 5823(a).

[22] See, e.g., Liz Farmer, An AI takeover of the muni market? Long Story Short (Jan. 20, 2023), (subscription required) (“If reporting costs increase, it’s very plausible that smaller governments would find it cheaper to work directly with a bank. The end result is less financial transparency by those particular governments even as the municipal market on the whole becomes more data-analytics-friendly”).

[23] See, e.g., Jenna Magan & Hoang Vu, The Financial Data Transparency Act, Orrick (Dec. 27, 2022), (observing that “it remains to be seen whether the increased costs associated with implementing the new rules will create a barrier to entry in the municipal market for smaller governmental issuers and nonprofit organizations who may choose to avoid the new requirements by opting for private placement offerings that are exempt from such continuing disclosure obligations”).

[24] My Florida CFO, Florida Open Financial Statement System Project, (last visited Apr. 10, 2023).

[25] FDTA § 5823.

[26] See, e.g., AICPA & CIMA, supra note 15 (stating that, from 2014 to 2017, “the cost of XBRL formatting for small reporting companies . . . declined 45 percent . . . .”).

[27] The Commission discussed the costs and benefits of Inline XBRL filing in its 2017 proposal to require the use of Inline XBRL in certain filings. See Proposed Rule: Inline XBRL Filing of Tagged Data, 82 Fed. Reg. 14282 (Mar. 17, 2017).

[28] See, e.g., Electronic Submission of Certain Materials Under the Securities Exchange Act of 1934; Amendments Regarding the FOCUS Report at 50 (Mar. 22, 2023), (explaining that for certain disclosures, “filers would be able to input their . . . disclosures into a fillable web form that EDGAR would subsequently convert to custom XML”).

[29] See, e.g., Mike Willis et al., XBRL: One Standard – Many Applications at 49-51, PriceWaterhouseCoopers, (describing how the use of structured data can streamline different processes for financial institutions, including credit analysis, operational risk management, and corporate reporting).

[30] If the experience with bank call reports is instructive, costs and error rates in regulatory filings may fall. After the FDIC’s XBRL transition, the number of call reports with errors fell from 34% to 5%. See Remarks of FDIC Vice Chairman Martin J. Gruenberg at 14th Annual XBRL International Conference at 3 (Dec. 4, 2006), Securities regulatory filings may be more complex than bank call reports, but the results are encouraging nonetheless.

[31] The FDTA commissions a Government Accountability Office “report on the feasibility, costs, and potential benefits of building upon the taxonomy [established by the FDTA] a Federal Government-wide regulatory compliance standardization mechanism similar to Standard Business Reporting.” FDTA § 5893. Under Standard Business Reporting (“SBR”), a common data taxonomy could eliminate the need for regulated entities to fill out different forms for different agencies and could reduce costs. See, e.g., Commonwealth of Australia, What Is Standard Business Reporting, (describing Australia’s SBR initiative); Parliament of the Commonwealth of Australia, House of Representatives Standing Committee on Tax and Revenue, 2016 Annual Report of the Australian Taxation Office, Performance Review 2015-16 at 53, (reporting that in 2015 and 2016, SBR saved businesses 1.2 billion Australian dollars in regulatory costs).

[32] Commissioner Caroline A. Crenshaw, The Lessons of Structured Data at discussion accompanying notes 20-21, SEC (Nov. 10, 2021), (noting benefits to smaller issuers as described in Lai et al., XBRL Adoption and Cost of Debt, International Journal of Accounting & Information Management (2015); Ra et al., XBRL Adoption, Information Asymmetry, Cost of Capital, and Reporting Lags, iBusiness (2018) and Li et al., Does XBRL Adoption Reduce the Cost of Equity Capital?, SSRN (2012)).

[33] FDTA § 5891(c).

[34] See, e.g., FDTA § 5823(b)(2). The Act uses this language in nine different places.

[35] See, e.g., FDTA § 5821(a)(2).

[36] See, e.g., Commonwealth of Australia, Benefits of SBR, (“SBR extracts information from your accounting and payroll records and prepares reports directly from your software”).

[37] See, e.g., Securities and Exchange Commission Historical Society, The Enforcement Division: A History, (“They seemed driven to show that the SEC was the finest agency in Washington. In some ways these enforcement lawyers differed from traditional prosecutors; according to one observer, ‘[t]hey enforced the law primarily from their offices, pouring over documents, scrutinizing stock data, negotiating on the telephone, writing memos, meeting constantly with coworkers and supervisors. . . . Their cramped offices and the hallways that surround them were piled high with boxes of subpoenaed documents and work papers.’”) (citing Susan P. Shapiro, Wayward Capitalists: Targets of the Securities and Exchange Commission 141-142 (1987)).

[38] For example, the FDIC’s shift to XBRL helped FDIC analysts increase their caseloads from 450-500 banks to 550-600 banks. See Federal Financial Institutions Examination Council, Improved Business Process Through XBRL: A Use Case for Business Reporting at 6,

[39] FDTA § 5826 (specifying that the Act imposes no new disclosure requirements).

[40] Our experience with the Consolidated Audit Trail, a project more than a decade in the making, illustrates my concerns. The CAT, as it is known, enables various self-regulatory organizations and the SEC to monitor all activity in the equity and options markets and tie it to individual traders. The project raises cybersecurity and privacy concerns for investors whose data the CAT will collect and store. Absent a belief that someone is engaged in illegal activity, why should the government be able to watch all of her transactions? Using our pre-CAT tools, we already are able to get from brokers information when we suspect illegal activity.

[41] For example, Exchange Act Rule 17a-11 provided for the submission of notices and reports to the Commission by telegraphic transmission until 2019. See Recordkeeping and Reporting Requirements for Security-Based Swap Dealers, Major Security-Based Swap Participants, and Broker-Dealers, 84 FR 68550, 68590 (Dec. 16, 2019), (removing this provision “in light of the fact that telegrams are no longer widely used in the United States, and that Commission staff no longer receive 17a-11 notices by telegram”).

[42] For an overview of the SEC’s structured data rulemaking history, see Office of Structured Disclosure, Structured Disclosure at the SEC: History and Rulemaking, SEC (Mar. 24, 2023),

[43] These descriptors come from Sections 5811 and 5812 of the FDTA.

[44] See, e.g., Letter from James Nicholls, Managing Director, Braithwate, Response to FINRA Machine-Readable Rulebook Initiative at 1 (Feb, 21, 2023), (stating that “regulators should aim to publish machine-executable rules-as-code, with the written English version serving as guidance”).

[45] See, e.g., Financial Conduct Authority, Digital Regulatory Reporting: Feedback Statement on Call for Input at 4 (Oct. 2018), (“[W]e could create a regulatory language that machines could understand and so remove the need for human interpretation. . . . Machines then used this language to automatically carry out (execute) the rules. Once the rules were translated, machines could fulfil the requirements by accessing the information required and then pulling this information directly from a firm’s databases”).

[46] See Special Notice: FINRA Requests Comment on Its Machine-Readable Rulebook Initiative (Oct. 21, 2022), For a helpful discussion of the initiative, see FINRA Unscripted Podcast (Feb. 7, 2023),

[47] See News Release, FINRA Launches Machine-Readable Rulebook Initiative (Oct. 21, 2022),

[48] See id.

[49] See, e.g., Letter from Ian Hollowbread, Managing Director and COO Business Development & Innovation, ING Bank NV in response to FINRA Special Notice at 1 (Feb 1, 2023), (lauding the move as “a benchmark leading project in innovation”; because “[k]eeping up with regulatory change remains one of the greatest challenges an organisation can expect to face,” ways to “more effectively and efficiently consume regulatory rules” are welcome); Letter from John Byrne, CEO, and Hazel Dowling, Strategic Account Management, Corlytics in response to FINRA Special Notice at 2, (Feb. 13, 2023), (“If regulators implement standard taxonomies and digital methods to access rules, this will make accessing regulation easier for firms. This will in turn make it easier for firms to be compliant and reduce the cost of compliance in the industry”).

[50] The Bank of England and the United Kingdom’s Financial Conduct Authority, for example, launched a Digital Regulatory Reporting (“DRR”) initiative in 2018 with the goal of making rules machine-readable and eventually machine-executable. See Financial Conduct Authority, Digital Regulatory Reporting, In a subsequent viability assessment, a working group identified “the potential for financial benefits for firms and regulators, but also the introduction of some new costs” and acknowledged that while “no current solution . . . met all requirements” to turn rules into code, the project lends itself to “small, incremental steps which prove valuable to all each time.” Digital Regulatory Reporting, Phase 2 Viability Assessment at 4 and 38,

[51] See, e.g., Letter from Council of Institutional Investors and CFA Institute regarding Rendering SEC Correspondence with Issuers in Machine-Readable Format at 1 (Sept. 1, 2022), (calling on the SEC to make “SEC correspondence to, and from, public companies available in structured, machine-readable format”).

[52] See Aguilar, supra note 2.

[53] Id.

Return to Top