CAT Should Be Modified to Cease Collecting Personal Information on Retail Investors
By Robert Cook, President and CEO, FINRA1
The Consolidated Audit Trail, or CAT, is an SEC-mandated reporting system that collects data regarding trading in the U.S. equities and options markets. The SEC first proposed CAT in 2010 when the limitations of pre-CAT reporting facilities were highlighted by the Flash Crash.2 The final CAT rule was adopted by the SEC in 2012, a more detailed plan for CAT was approved by the SEC in 2016, and reporting into CAT was implemented in phases from 2018 to 2024.3
Much has been learned over the years since CAT was first proposed. Compared to previous audit trails, CAT has enhanced the tools available for securities regulators—the SEC, FINRA and the securities exchanges—to oversee the markets, ensure they are operating with integrity, and in so doing support investor confidence to participate in them. But along the way, important questions and issues have also been raised about aspects of CAT’s design and operation. In light of our collective experience since 2012, it would be timely and appropriate to conduct a comprehensive review of CAT.4 FINRA is committed to working with the SEC, exchanges, member firms, and other stakeholders on any such review.
We do not need a comprehensive review of CAT, however, to conclude that one part of it should be eliminated: the systematic collection and storage of personal information regarding individual investors. This issue arises from the original SEC mandate (discussed more fully below) that broker-dealers report to CAT specified personal information regarding every individual with a securities account. This requirement—which is intended to facilitate regulators’ ability to determine who is conducting problematic trading activity—applies to all types of accounts, regardless of the size of the account, the frequency of trading through it, or whether there has been any indication of improper trading in the account. There are millions of accounts covered by this requirement.
Designing and operating a system like CAT entails policy trade-offs in multiple dimensions, including competing considerations in establishing the right scope of information to be collected. On the one hand, collecting more data can facilitate more comprehensive oversight intended to protect investors and safeguard markets. On the other hand, collecting more data can raise privacy, security, cost, and other concerns. It is important to carefully weigh all these considerations, and the right balance may change over time.
As I have previously indicated in public settings, based on FINRA’s regulatory experience and perspective from using CAT to perform our statutory oversight responsibilities, we believe a better balance for CAT is to eliminate the systematic collection and storage of investors’ personal information. Doing so would promote investor confidence in the security and privacy of their personal information, without compromising the important market oversight capabilities of CAT.
The discussion below provides an overview of data collected by CAT, highlighting the two separate databases that comprise CAT: the transaction database, which does not include investors’ personal information, and the customer database, which does include such information. It then describes how regulators could still perform key market oversight functions if investors’ personal information is eliminated from the customer database.5
The Transaction Database—Anonymous Data Used for Traditional Market Oversight
The transaction database includes trading information from exchanges and broker-dealers regarding all orders, quotes, and trades across the U.S. equities and options markets—but not the identity of investors behind this trading activity, nor the portfolio holdings or balances of any investor or account. Systems to collect trading information are called audit trails and have existed for many decades in the U.S. markets, but pre-CAT versions were incomplete and siloed among different segments of the market. When regulators sought to supervise trading activity across the markets, they needed to obtain access to and stitch together data from multiple, non-standardized sources, which took substantial time and effort. Even when consolidated and normalized, the aggregated information had material gaps.
CAT was designed to address these problems by requiring standardized and comprehensive reporting of trading activity across the equities and options markets—whether conducted through exchanges, alternative trading systems, or broker-dealers. Regulators use this consolidated transaction data to better monitor the markets to identify potential market manipulation, violations of market integrity rules, insider trading, and other improper conduct. If their review of the transaction database identifies any problematic activity, regulators then need to turn to different sources (such as the separate customer database discussed below) to determine the identity of the persons behind such trading activity.6
The transaction database was phased in starting in 2018 and became fully operational in 2021. Since that time, it has become the exclusive data source for securities regulators to perform cross-market oversight functions of the type described above, and has enabled new capabilities that did not previously exist.7 For example, regulators looking only at the transaction database, and without access to any investor-identifying information, can determine whether trading activity originating in two or more seemingly unrelated accounts is actually being conducted by the same party.8 Multiple accounts, often at different broker-dealers, can be used by bad actors to mask illicit trading.
The transaction database is not perfect and, as noted above, the time may be ripe to evaluate—as part of a comprehensive review of CAT—how its design and operation can be improved. But it will be vital to ensure that regulators continue to have sufficient anonymized trading data to conduct robust market oversight. Millions of investors trust the markets with their savings to achieve important life goals, and collectively, market participants trade hundreds of billions of dollars in securities every day. These investors—both retail and institutional—will suffer if regulators do not have the tools necessary to make sure everyone is playing by the rules and that the markets are operating fairly and efficiently.9
The Customer Database—Collecting and Storing Every Investors’ Personal Information
A second, separate CAT database collects from broker-dealers customer information, as specified by the SEC, regarding every investor with a securities account that trades equities or options. As noted above, this includes advised accounts, self-directed accounts, IRAs, 401(k)s, and so on, regardless of the size of the account or the frequency of trading through it. A key rationale for this database was that when regulators see potentially problematic trading in the transaction database, they can readily turn to the customer database to identify the relevant party associated with that trading. The customer database has been routinely collecting this information since 2022.
Before CAT, regulators used a different two-step process to determine the party responsible for potentially problematic trading activity. After detecting such activity from anonymized audit trail data, they would make tailored requests for investor-identifying information from the broker-dealer carrying the relevant account using an electronic system called “Blue Sheets” (which is still operational) or other investigatory tools. Under this “request and response” approach, regulators could ask for the specific information necessary for their investigation, and broker-dealers could respond with that specific information.
In contrast, CAT introduced an entirely different approach by creating a customer database that prospectively collects personal information across every customer account in our securities markets, regardless of whether there is any indication of problematic activity in these accounts. Most investors whose information is being collected by CAT are unlikely to ever be the subject of a regulatory inquiry, much less to engage in market manipulation or insider-trading.
Requirements for the customer database were conceived by the SEC 15 years ago. A lot has changed since then, including the risks associated with such a database. For example, cybersecurity events are increasing, raising concerns about consolidating investors’ personal information in a centralized database. There are also concerns about the privacy implications of an SEC-mandated system to collect and store personal information about investors simply because they participate in our securities markets, without having first established some specific need for that information.
CAT has extensive controls in place to address data security concerns that are continually being evaluated and enhanced.10 Nevertheless, we have seen in recent years how threats to data security have continued to evolve, become more sophisticated, and proliferate, thereby exacerbating the risks of collecting more personal data than is necessary to achieve the relevant regulatory objectives.
There have been previous efforts to better balance the regulatory needs for adequate data with concerns regarding the scope of the customer database. For example, in 2020 the SEC allowed the SROs to exclude from the CAT customer database specified sensitive information that was originally required, such as each individual account holder’s Social Security number, account number, and date of birth.11 While this exclusion recognized the data security concerns with having personal information in CAT, the SEC did not address other personal information, such as names and addresses, that are still being collected and stored in the customer database.
Regulators Have Other Means to Identify Account Owners When Necessary
In light of the concerns raised regarding the customer database—and what we have learned since CAT was first adopted—it is important for regulators to evaluate whether there are reasonable alternatives to the current requirements for the customer database that would still enable them to promptly determine the parties responsible for potentially problematic trading activity.
Because FINRA believes there are such alternatives, we support ending the prospective, systematic collection and storage of retail investors’ personal information in the customer database.
Instead, once a potential violation involving a particular account is identified, regulators can rely on a request and response approach to make targeted information requests to broker-dealers to ascertain the person trading through that account. Relying on a request and response approach, as regulators did before CAT and still do today in many scenarios, would avoid any need to collect investors’ personal information in the customer database.12
The implementation of this change would be relatively seamless. Regulators could immediately transition to utilizing existing targeted information request mechanisms, including the existing Blue Sheets system, to obtain the specific information they need from the relevant broker-dealers. These mechanisms may themselves merit further review. For example, over the years there have been concerns about the efficiency and design of Blue Sheets, and consideration could be given to creating a new request and response utility operated in conjunction with CAT to facilitate and streamline the information collection process for both regulators and the impacted broker-dealers. But in the meantime, Blue Sheets and other existing systems work adequately, and modifying the customer database need not be delayed for purposes of improving them.
Switching back to a request and response approach would not have a major impact on regulators’ ability to adequately oversee trading in the markets and promptly identify who is behind any problematic activity.
- First, the primary benefits of consolidating market trading data in a standardized manner and thereby enabling more robust market oversight are primarily provided by the transaction database, which would be unaffected by removing investors’ personal information from the customer database. The enhanced granularity, scope and consistency of data in the transaction database would remain. Similarly, regulators could still determine from the transaction database, and without accessing any investor-identifying information, whether trading spread across multiple accounts and broker-dealers is being conducted by the same party.
- Second, when they pinpoint an account presenting a regulatory concern, regulators could still obtain all the relevant account information from the broker-dealer carrying the account. This would involve additional steps and might take a little more time, but based on FINRA’s experience, that added time would not materially impede most examinations and investigations, and there are often ways to expedite the request and response process when necessary. The incremental speed made possible by having investors’ personal information already available in the customer database is relevant only infrequently, and does not justify the universal collection of millions of investors’ personal information just to speed up the identification of a few.
- Third, although some may argue it is important to maintain investor-identifying information in the customer database so that regulators can identify a person of interest behind an account without having to ask the broker-dealer carrying the account—thus minimizing the risk that bad actors might be “tipped off” about the existence of an investigation—this has not been a significant issue for FINRA when utilizing Blue Sheets. Broker-dealers, like other financial institutions, routinely cooperate in confidential regulatory investigations regarding third parties. The risk that a regulatory inquiry using traditional methods might compromise a particular investigation would not seem to justify the current approach of collecting every retail investor’s personal information.13
* * *
Ceasing the collection of investors’ personal information would leave some other questions to be considered with respect to the customer database. For example, broker-dealers currently report to the customer database any SEC-issued “Large Trader” ID associated with an account they carry. Should this continue to be a requirement, and if so, should CAT or any related systems be modified to better achieve the relevant policy objectives for such reporting?14
These and any other questions regarding the customer database could be taken up as part of a more comprehensive review of CAT that includes the transaction database as well as other aspects of the system and the relevant rules governing it. But addressing these broader questions need not stand in the way of eliminating personal information from the customer database. Moving forward promptly to cease collecting such information would reduce the risk profile of the current system and potentially bolster investor confidence that the tools utilized to enable robust market oversight are also being periodically reviewed and updated to take into consideration important data security and privacy concerns.15
1 FINRA is a not-for-profit membership organization dedicated to investor protection and market integrity. It is registered with the SEC as a national securities association, and among other statutory duties is responsible for monitoring the securities trading activities of its member broker-dealers, regardless of where that trading occurs. FINRA does not operate an exchange or other platform for executing securities trades.
FINRA does not speak on behalf of the SEC, any of the securities exchanges, or the Consolidated Audit Trail, LLC (CAT LLC), which operates CAT in accordance with SEC rules. Pursuant to a contract with CAT LLC, FINRA’s subsidiary (FINRA CAT, LLC) built and operates CAT. CAT LLC is jointly owned and governed by the 25 securities exchanges and FINRA (each a self-regulatory organization, or SRO). FINRA has 1/26 of the voting interest in CAT LLC.
2 See Release No. 34-62174 (May 26, 2010). The challenges with the pre-CAT audit trails drew public attention when the SEC experienced months of delay in analyzing the causes of the 2010 Flash Crash. See, e.g., Report of the Staffs of the SEC and CFTC to the Joint Advisory Committee on Emerging Regulatory Issues, Findings Regarding the Market Events of May 6, 2010 (Sept. 30, 2010), and the SEC’s CAT adopting release, Release No. 34-67457 (July 18, 2012).
3 In 2012, the SEC adopted Rule 613 of Regulation NMS requiring the SROs to jointly submit an NMS plan to create, implement, and maintain CAT, and setting forth the minimum data elements the SEC believed were needed at that time. See Release No. 34-67457 (July 18, 2012). In 2016, the SEC approved the SROs’ NMS plan for operating CAT, through CAT LLC, in accordance with Rule 613. See SEC Release No. 34-79318 (Nov. 15, 2016).
4 Retrospective reviews of major rules are always good regulatory practice, but can be particularly useful when a rule—like CAT—has significant technology and operational components that reflect policy decisions and trade-offs made over a decade ago.
Among the aspects of CAT that have raised concerns are the costs of building and operating CAT, and how those costs are allocated among the SROs and the broker-dealer industry. With respect to the latter concern, FINRA submitted comment letters to the SEC opposing CAT LLC’s plan for allocating the costs of CAT. See comment letters from FINRA to the SEC (SEC File No. 4-698) dated May 12, 2021, and Apr. 11, 2023. That plan was subsequently approved by the SEC and is currently being challenged in court.
With respect to the overall cost of CAT, FINRA supports efforts to update the SEC-mandated CAT requirements to reduce costs, while maintaining CAT’s core functionality. For example, FINRA supported recently approved amendments to reduce the options quotation information that must be collected and stored in CAT, which, along with another approved change to data storage requirements, are estimated to save $21 million annually. See SEC Release 34-101901 (Dec. 12, 2024). FINRA welcomes the opportunity to continue working with the SEC and SROs on these and other cost savings initiatives.
5 Eliminating any requirement to collect investors’ personal information could be effectuated through an exemptive order by the SEC, among other mechanisms.
6 Other potential uses of the transaction database that were anticipated with the adoption of CAT included enabling regulators to perform market reconstructions to better analyze breakdowns or aberrations in the markets (like the Flash Crash), and providing more complete data to support the analysis of existing or proposed rules and better-informed policymaking.
7 For example, the transaction database has become the foundation of FINRA’s program for fulfilling its statutory obligation to monitor trading by its member firms across all exchanges and other trading venues.
8 Other improvements include the collection of information on both equities and options in one place, better enabling regulators to look across related products and markets, and providing regulators with more precise trading data to better focus their inquiries (which may, over time, reduce follow-up requests to broker-dealers for additional information that can impose further costs on them).
9 In considering what changes to the transaction database might be appropriate, it will be relevant to bear in mind that if CAT were eliminated in its entirety, there are currently no viable “fallback” data sources to support cross market oversight, and that the Order Audit Trail System (or OATS), which previously collected audit trail information from broker-dealers, was decommissioned in 2021 as part of the implementation of the CAT transaction database. In addition, SROs and broker-dealers have invested substantial time and financial resources in developing the relevant systems and processes to report into the transaction database, and any evaluation of potential changes to that database should factor in the time and additional costs such changes might entail.
10 For example, CAT has significant technical, architectural, and policy safeguards in place to protect CAT data, such as private line access to query systems, with substantial and ongoing oversight at multiple levels to ensure these safeguards and controls are diligently implemented and routinely improved as industry practices evolve. In addition, access by SRO staff to personal information in the customer database is limited to regulatory officials who have established that there is a “need to know” the identity of an account owner to fulfill a specific regulatory function, such as identifying those involved in potential market manipulation.
11 See SEC Release No. 34-88393 (March 17, 2020).
12 FINRA has previously supported utilizing a request and response approach as an alternative to the current customer database. See, e.g., related discussion on page 4 of the request from the CAT plan participants, including FINRA, for exemptive relief from certain provisions of the CAT NMS plan (Jan. 29, 2020).
13 It might also be argued that eliminating personal information from the customer database limits the ability of regulators to derive useful regulatory insights from this information. In FINRA's experience, however, regulators would not be giving up much in this regard because existing extensive—and appropriate—restrictions on the use of the current customer database make it challenging to derive insights from it other than identifying the investor behind a particular account.
14 “Large Traders,” a term defined in SEC Rule 13h-1, are traders who conduct such a substantial amount of trading in securities, as measured by volume or market value, that their activities could potentially impact the markets. Congress explicitly authorized the SEC to define and implement certain regulations regarding Large Traders. Under this statutory authority, since 2011, the SEC has required Large Traders to identify themselves as such to the SEC, receive a Large Trader ID from the SEC, and provide that ID to broker-dealers carrying their accounts to facilitate oversight of their trading. With the implementation of CAT, broker-dealers were also required to report SEC-issued Large Trader IDs to the customer database.
FINRA has previously suggested that the scope of investors whose information is reported to CAT could be limited to Large Traders. For example, when CAT was first proposed, FINRA had suggested the SEC initially collect information only on Large Traders, and then over time analyze the costs and benefits of expanding CAT to include information on retail accounts. See FINRA’s letter to the SEC providing a blueprint for building CAT (Apr. 6, 2011). I also mentioned the possibility of limiting CAT customer data to Large Traders during testimony to Congress in 2017. See FINRA Oversight Hearing before the Subcommittee on Capital Markets, Securities and Investment of the Committee on Financial Services of the House of Representatives (Sept. 7, 2017). Arguments for collecting information only on Large Traders, rather than retail investors, included that this approach would utilize a Congressionally-authorized classification of market participants and focus on those traders whose activity is so substantial that it might impact the market.
15 It is also worth noting that eliminating the collection and storage of investors’ personal information in the customer database would likely result in material cost savings—a welcome outcome given the overall cost concerns associated with CAT and the minimal regulatory impact the removal of this information would have.