Statement at Open Meeting: Order Approving the Consolidated Audit Trail National Market System Plan

Chair Mary Jo White

Nov. 15, 2016

Good afternoon.  This is an open meeting of the U.S. Securities and Exchange Commission on November 15, 2016, under the Government in the Sunshine Act.  The Commission today is positioned to take significant action toward the reality of a consolidated audit trail (CAT) that will greatly advance the ability of regulators to oversee today's sophisticated and constantly evolving securities markets.  Specifically, the Commission will consider a staff recommendation to approve the national market system (NMS) Plan submitted jointly by the self-regulatory organizations (SROs), which the Commission voted to publish for public comment this past April,[1] to create, implement and maintain the consolidated audit trail. 

The import of today's action cannot be overstated.  With the approval and ultimate implementation of CAT, the Commission's regulatory capacity strongly embraces 21st Century technology, enabling the Commission and the SROs to harness data and technology to more effectively oversee market participants. 

Over the past 25 years, advancements in computing and communication technologies have transformed the way our securities markets operate.  A broad range of market participants, including brokers-dealers, proprietary trading firms and institutional investors have invested significant resources in technologies that enable them to trade effectively across a range of trading venues and asset classes.  As I have stated before, these advancements have resulted, generally, in significant improvements for both retail and institutional investors and for issuers seeking to raise capital.[2]  Regulators will now have state-of-the-art capabilities to ensure that our capital markets remain the most robust and reliable in the world.

The CAT NMS Plan that we are considering today is designed to substantially improve essential audit trail information by providing a comprehensive, centralized database of timely and accurate information about all orders entered and trades executed across the U.S. securities markets, for both equities and options.  The plan before us today represents the culmination of years of effort on the part of the Commission and the SROs, with vital contributions from all segments of market participants that trade in our equity and options markets. 

With the implementation of the CAT, regulators will have access to complete and integrated audit trail data that, critically, includes the identities of the customers trading in these markets.  The expected benefits of the CAT for regulators include improving our ability to conduct market research, reconstruct market events, monitor market behavior, and identify and investigate market misconduct.

As required by Rule 613, the CAT NMS Plan addresses how audit trail data will be reported by the exchanges and broker-dealers, collected by a central repository, consolidated, and then made available to regulators.  The Plan also articulates the minimum standards to ensure the timeliness, accuracy, and security of the data; the duties and obligations of the Plan Processor, which will be the entity that runs the day-to-day operations of the CAT; financial matters, including a description of how the SROs intend to structure the fees associated with the CAT; and the governance of the CAT NMS Plan, through an Operating Committee, with input from a broad-based Advisory Committee.

In April, when the Commission voted to publish the CAT NMS Plan for public comment, I stressed the importance of our hearing the views of a wide range of market participants, investors, and others on whether the design of the CAT system contemplated by the Plan would fully meet the needs of regulators in a cost-effective and efficient manner, while also protecting the sensitive information that will be collected by the CAT system.  To facilitate that process, the Commission's Notice of the CAT NMS Plan included a detailed preliminary economic analysis, with a discussion of the economic effects, including the benefits and costs, of the proposed Plan, the likely effects on competition, efficiency and capital formation, as well as potential alternatives.

In response to the publication of the CAT NMS Plan, the Commission received significant and helpful feedback from a wide variety of stakeholders, including broker-dealers, technology providers, exchanges, academics, investors, and industry organizations.  Commenters addressed a range of issues, including the security and confidentiality of CAT data, especially of personally identifiable information, (or "PII"); the governance structure of the CAT NMS Plan; the cost and funding of the CAT central data repository; the clock synchronization standard applicable to CAT reporters; and the timing of the retirement of duplicative regulatory reporting systems. 

The SROs have responded to commenters and, in many instances, recommended amendments to the CAT NMS Plan.  And the Plan being considered by the Commission today incorporates several changes recommended either by the SROs or by the Commission itself.  I will highlight several important ones.

Cybersecurity is of paramount importance, as the CAT will be one of the largest financial databases in the world and will contain sensitive customer information.  Information security was an area of focus of many commenters and is a particularly important priority for me as well.  The Plan being considered today has been amended in several ways to provide for even more robust information security standards to enhance the integrity of the information stored in this database. 

Among other things, the Plan has been amended to require that all CAT data at the central repository be encrypted at-rest and in-transit.  Changes have also been made to require that all data be handled consistently with the full NIST Cyber Security Framework.  And, given that the SROs will also be accessing data for regulatory purposes using their own technologies, the Plan has been amended to mandate that the SROs maintain information security programs with respect to their handling of CAT data that are at least as rigorous as those applicable to the central repository. 

I also want to underscore that the Commission is also very closely focused on information security with respect to its own interaction with CAT.  As will be explained in more detail by our General Counsel and Director of Trading and Markets shortly, the Commission and its staff are subject to a range of federal regulations and Commission rules and policies regarding the security and confidentiality of information that we receive and maintain, and we will be supplementing these important safeguards with additional comprehensive protocols that are specifically tailored to the Commission's CAT program.  Finally, the Plan has been amended to require an annual assessment of CAT technology and information security protocols in order to ensure that it continues to be held to the highest of standards. 

The clock synchronization standards of the Plan have also been amended in significant ways that will enhance the accuracy of the information contained in the CAT database going forward.  While the proposed plan would have required an across-the-board clock synchronization standard for all CAT reporters of within 50 milliseconds of the time maintained by NIST, the amended Plan tightens the clock synchronization standards for the SROs to within 100 microseconds of that time.  This will enable regulators to better sequence order events across multiple markets in the first stage of CAT implementation, as the SROs become the first market participants required to report CAT data.  

The Plan has also been amended to reflect that one clock synchronization standard does not necessarily fit all market participants.  In particular, SROs will be required under the amended Plan to assess industry standards for clock synchronization based on the type of market participant or system, rather than the industry as a whole, and to reflect that refined assessment annually in a report submitted to the Commission. 

These changes should result in further refinement to database accuracy in the future, potentially prior to the second phase of reporting by broker-dealers, which is set to begin one year after the SROs begin reporting.   

There have also been a range of changes to other Plan provisions.  The governance structure of the CAT NMS Plan has been enhanced by broadening representation on the Advisory Committee to include an additional representative of institutional investors and a representative of service bureaus and by requiring that Commission representatives be permitted to participate in all Operating Committee meeting, whether held in Executive Session or not.  The funding model has also been improved by eliminating the double-counting of alternative trading system volumes for purposes of assessing fees.  And a more rigorous approach has been taken with respect to the retirement of costly duplicative systems, by amending the Plan to shorten the deadline for the SROs to submit proposals to retire regulatory data reporting systems that will be rendered obsolete by the CAT. 

Finally, the Plan has been amended to require the SROs to provide annual written assessments to the Commission on a range of important issues that are critical to ensuring a secure and updated CAT going forward.  Importantly, the annual assessments will include an evaluation of potential technology upgrades, which will be informed by technological expertise, and an evaluation of the information security protocols to ensure that the CAT is operated consistently with the highest industry standards. 

As I have mentioned on many occasions, implementing a robust consolidated audit trail in an efficient, timely and cost-effective manner is an enormous undertaking that has been, and will continue to be, one of the Commission's highest priorities to complete, maintain and enhance.  The comprehensive action the Commission is taking today is the result of a collective effort by the Commission staff, the exchanges, FINRA and a host of market participants that invested extensive time and energy into this project. 

Before I ask Steve Luparello, Director of the Division of Trading and Markets, to discuss the NMS Plan, and Amy Edwards to discuss the economic analysis, I would like to thank Steve and his Deputy Director, Gary Goldsholle, for their leadership on this matter, as well as their counsels, Carl Emigholz, Moshe Rothman and Devin Ryan.  I also would like to highly commend the Trading and Markets team:  David Shillman, David Hsu, Natasha Greiner, Mark Donohue, Steve Samson, Rebekah Liu, Jennifer Colihan, Leigh Duffy, John Lee, Ted Uliassi and Susan Poklemba.  From the Division of Economic and Risk Analysis, I would like to thank Amy, our Chief Economist Mark Flannery, Vanessa Countryman, Laura Tuttle, Claire O'Sullivan, Salil Pachare, Austin Gerig, John Cook, Woodrow Johnson, Jonathan Hershaff, Lindsay Shipman, Helen Bowers, Ilia Rainer, Margarita Brose, and Anzhela Knyazeva.  My thanks also to Andrew Krug, the Commission's Chief Information Security Officer.

Many thanks as well to Annie Small, Meridith Mitchell, Tracey Hardin, Cynthia Ginsberg, Melinda Hardy, Maureen Johansen, Daniel Matro, Josephine Morse, John Sholar and Jeffrey Walker of the Office of General Counsel.

In addition, I would like to thank many other staff throughout the agency for their contributions, including John Polise and Connie Kiggins from the Office of Compliance Inspections and Examinations; Mandy Sturmfelz, Rosemary Filou, and Wendy Kong from the Division of Enforcement. 

Finally, I would like to express my gratitude to my fellow Commissioners and their counsel for their continuing hard work and dedication to bringing the consolidated audit trail to completion.

Now, I will turn the meeting over to Steve Luparello to provide an explanation of the staff's recommendation on the CAT plan.