Statement at Open Meeting Regarding the Consolidated Audit Trail NMS Plan
Commissioner Michael S. Piwowar
Nov. 15, 2016
Thank you, Chair White. Let me join my colleagues in acknowledging the exemplary dedication of the Commission staff on this project.
Last spring, the Commission approved publication of the NMS Plan filed pursuant to Rule 613 (the “Plan”), which would create, implement, and maintain a consolidated audit trail (“CAT”). At that time, I expressed support for the CAT NMS Plan generally, but noted that there were issues to still be resolved. I am pleased that, with the benefit of comment, the Plan has been refined substantially. For instance, we heard – loud and clear – that the period contemplated for retirement of duplicative systems was too long. Market participants should be pleased with where things have landed.
In other instances, staff appropriately recommends that the Plan retain flexibility by deferring some decisions until a later date. For example, the Technical Specifications for reporting to the CAT will be developed and issued only after selection of the Plan Processor. This CAT has nine lives indeed.
As we just heard, the CAT raises significant data security concerns, both with respect to trading information and personally identifiable information (“PII”). I have been keenly focused on data security, because the vulnerabilities associated with a database as extensive as CAT could have great consequence. For me, the need for robust protection of customer data trumps all the other issues that have been raised.
The Plan as amended establishes significant data security obligations for the self-regulatory organizations (“SROs”), but the Commission itself is not subject to those requirements. Thank you to Annie [Small] for explaining the legal reasons we are not applying the data security provisions of the Plan to ourselves. And thank you to Steve [Luparello] for your description of how the Commission intends to put comparable protections in place for information that the Commission extracts from CAT and uses for our regulatory and oversight functions.
Without the staff’s presentation on data security issues, I might have paused supporting the recommendation. But the information you have provided, both in advance of this meeting and now, has been invaluable. I therefore support the approval of the CAT NMS Plan as amended.
I have no questions.