By Ralph Magee and Buddy Doyle
Consolidated Audit Trail CAIS Reporting – It’s Time to Test and Prepare
Consolidated Audit Trail reporting has reached a new regulatory stage, with upcoming Customer and Account Information System (CAIS) reporting requirements and interim obligations. Deadlines for achieving compliance with the requirements is December 12, 2022, only three months away.
In this Oyster Stew podcast, our experts share what the CAIS reporting requirements are, issues we are seeing from our own clients as they go down this path, and what firms should be doing to meet the deadlines successfully.
Transcript provided by TEMI
Libby Hall: Hi, and welcome to the Oyster stew podcast. I’m Libby Hall, Director of CommuniCATions for Oyster Consulting. Consolidated Audit Trail reporting has reached a new regulatory stage with upcoming customer and account information, or case reporting requirements, and interim obligations. Deadlines for achieving compliance with the requirements is December 12th, 2022, only three months away. In today’s podcast, Oyster Consulting experts share what the case requirements are, issues we are seeing with our own clients as they go down this path, and what firms should be doing to meet the deadlines successfully. Let’s get started, Buddy.
Buddy Doyle: Thank you, Libby, and welcome everybody. I’m pleased today to be joined by Ralph McGee. Ralph, you’ve been involved with this Consolidated Audit Trail reporting stuff, since before there was a Consolidated Audit Trail. I really appreciate all the work you’ve done to help us get up to speed on CAT, and today we’re going to talk a little bit about CAT CAIS for the first time, at least on this podcast. Ralph, maybe not everybody is as deep into the CAT as you are. You mentioned a few different things here that I want to make sure our listeners understand because some of us are digging into this maybe for the first time, or the first few times. But can you tell us just really quick, what is CAT CAIS anyway? I think we know Consolidated Audit Trail by now. That’s the big regulatory transactional reporting, trying to find the whole life cycle of an order from soup to nuts, if you will, including every leg of the transactions and executions and alloCATions and things like that. But what is CAIS?
Ralph Magee: It’s my pleasure to be with you today, Buddy, and thanks for the opportunity to discuss this with you. Well, it’s an acronym, as a lot of things that we deal with in CAT world are. We are full of acronyms that’s for sure, but CAIS stands for the Customer and Account Information System. And so this is where the account and further details about that account are reported to the CAIS system, which is a separate database from that of the transactional CAT reporting that you’ve mentioned. And this will allow regulators to tie both the transactional CAT reporting to the end customer. And let’s say influencers of those accounts because that’s part of the reporting requirement for case is not only do you have to report details about the account, but also who has control over that account.
Buddy Doyle: So this is taking us, regulatory speaking, from the what to the who. I think that’s the important piece.
Ralph Magee: It’s putting the what and the who together. So yeah, if you, Buddy, have a brokerage account at multiple brokerage firms across the industry, now the regulators will be able to know you as an individual across the entire industry and can monitor the trading that you’re doing over several of those broker dealers. And they’re looking for that kind of collusion or manipulation of the market.
Buddy Doyle: And I think, that’s really why they got started on this. If you remember, the flash crash was really their final straw in getting the Consolidated Audit Trail approved, with the idea – we’re going to figure out what caused this. And they just had a really hard time, and they blamed the wrong people, at least according to the people they blamed. I think it’s been an interesting run through that. Ralph, maybe you can give us a quick history of sort of how we got here.
Ralph Magee: Sure. Yeah. We’ve got an important implementation upon us in the consolidated trail of the CAT world, as we call it. Back on May 27th of this year, a month or so ahead of the original compliance date for the phase two E implementation of CAT, there was a delay announced by the industry and they pushed back the new compliance date until December 12th from the original compliance state of July. So we’re seeing a, a little bit of delay that was to address some challenges and the delays and error feedback and processing from CAT’s perspective. And this was to allow industry members a little bit more time to deal with those delays as well. At that time we did, and we put out a blog. We recommended that folks should continue to test and take full advantage of this extra time to go through their case reporting, whether they submitted it on their own behalf or whether they have a submitter doing that on their behalf.
So work closely with those CAT reporting agents and submitters to test the data. And we also reminded members of the requirements that they needed to still certify for the production access by July 25th of this year. As I mentioned, December 12th is the new date, but there was also some interim reporting obligations that were announced at the same time that industry members and CAT reporting agents need to achieve full compliance with that. So this kind of brings us back to the current time. We have just completed the first interim reporting obligation where CAT submitters between the dates of August 15th and September 15th had to submit a 10% submission of their full case data for active CAT transaction reports or accounts for that submission period. So one date, a 10% across the entire spectrum of their DDS for active reportable transaction to CAT accounts and FDIDs needed to be reported. So that brings us to current.
Buddy Doyle: And now, we’re here. I know we’ve been doing testing with their clients and submitting a case into that test environment. What are some of the things that firms ought to be thinking about as they’re doing their CAT testing?
Ralph Magee: Well, one thing is just to acknowledge what the next steps will be. So we have interim reporting obligations, two, three, and four that will take place in between now and the go live compliance date of December 12th. Later this year obligation two is going to start in October and it’ll be run from October 10th to October 31st. This is where firms will be required to do a full submission, all the CAT where the accounts that had CAT reportable activity between June 12th of this year and September 30th. That will progress into interim reporting obligation three, which will start on November 7th, where the daily reporting of all FDID records any changes. In additions to FDIDs previously reported have to be reported the next day T+1 by 8:00 AM. And then we’ll enter the final stage of the interim reporting obligation, which is obligation number four, where all industry members on December 5th will start to report to CAIS all of the rejections and have to not only report all of the transactions, excuse me.
But they will also have to deal with any of the rejections and material inconsistencies in that reporting. And then that will go into compliance on the 12th. So a week later from that fourth obligation, all of this is outlined just for industry members, that they would like to have another reference guide. It’s in the CAT alert, 2022-1. They can find all of these details and that entire schedule that are related to the interim obligations for CAT CAIS. So some of the common issues that we’re seeing while we’re testing with clients is where firms have issues with their books and records and certain data points within their books and records. For example, a date of birth is one that I can easily touch on. That’s a manual entry in some cases for broker dealers and for accounts or for clients that have multiple accounts at the same broker dealers, sometimes an error is made in that data entry point.
There’s also instances where firms would have a default value for a particular type of account when it comes to the date of birth that’s there. So that can lead to some inconsistencies across the firm’s books and records for that data point of date of birth. So we’re seeing that as being a common rejection and most of our clients are in a process of going through and cleaning up a lot of those books and record data points that are causing some of these rejections on related DIDs. We’re seeing some rejections because an additional client’s DID was rejected for various number of reasons. So if you have a client that has multiple FDIDs at the firm, maybe there’s a trust account and an individual account, and then a joint account, one of those accounts is being rejected for a number of reasons that are possible there. And then that would, would spill over into rejection 22532, which is that customer is being rejected because an associated FDID was rejected. So we’re seeing some overlap in that footprint there as well. And then the normal type of roles and responsibilities or missing data points is also an issue as firms clean up their books and records here ahead of the obligation,
Buddy Doyle: RSO data quality is really important there. And testing through that will identify all those data quality issues. And the good news is you have some time to get that together before you have to hit the compliance date. So I think that’s a great update on sort of where we’ve gotten to. And Ralph, you mentioned, all members need to do this. I know not everybody had to report to OATS. There was a definition of OATS and who had to report, and then there were some exemptions. Are there any exemptions at this point for CAT reporting?
Ralph Magee: There are none. It’s a great point that you bring up. It’s something people should be well aware of. I think there is an important distinction for folks to make here when it comes to CAT reporting. In CAIS reporting there are no exemptions, but it is also important to understand fully how you report to CAT and how you report to CAIS. You may use a CAT reporting agent or a third-party vendor in order to compile and report your data to CAIS or to CAT for that matter. But when you’re using that process, you have to realize that you cannot rely on those vendors or that CAT reporting agent to do the surveillance and the compliance of the obligation that you have as an introducing broker or an industry member. If you’re your own submitter, you are near and dear to the data that’s being compiled and reported. But when you outsource that reporting to someone else to do it on your behalf, you’re a step removed from that. So special attention needs to be made by those firms that employ a CRA or CAT submitter, third party CAT submitter, and realizing that they have the ultimate obligation to make sure that the data is good and true, and that those rejects get repaired within the acceptable window of repair.
Buddy Doyle: So that’s a really important thing. So you don’t have an exemption. Congratulations. You got a couple of decades of exemptions on OATS, but you don’t have one for CAT, at least not yet. You can outsource this, but you can only outsource the tactics and the task. You can’t outsource the responsibility. So you want to make sure you have a good handle on what your third parties are doing for you and make sure they’re aware of who you are and how you operate. It’s one thing, people outsource stuff to us, and it’s really important to understand the nuances of what your business is and how it operates, even though it’s pretty well defined and methodical in the CAT. If you don’t know enough, you may really whiff on some things and that’s not the third party’s fault as far as the SEC is concerned. You’re the member you made the choices, you signed the contracts. So you’re going to own that risk. So work through that, as you’re putting this together. How will you control that risk? How will you look at that risk? Should you take such a move?
Ralph Magee: Yeah. It’s incredibly important for firms to take a current state assessment of where they are, especially when using that CAT reporting agent or third-party vendor. We’re on a three-month window here, right before we go live with the compliance state. Now’s the time to make sure that you have a good understanding of where you are in the interim reporting obligation. Number one, firms have only submitted a 10% submission rate of their full customer account list. Is that a true indication of all the errors that you may see across a hundred percent of your accounts? That’s something that firms really need to have. They need to be watching the needle on that very closely, because we don’t want firms to get to December 12th and submit to CAIS on that first day for compliance and have 300,000 errors.
It’s almost impossible for a firm to be able to comply with the T + 3 error correction window. When you’re doing that across 300,000 errors, that’s not the perfect world scenario that we want to be in. So we want to use this window of time that we have between now and the compliance go live date of December 12th, to weed through those, to get to the root cause of these errors and systematically, or either one by one, make those corrections to the books and records, which will ultimately drive the reporting case.
Buddy Doyle: Yep. And I think they’ll start producing their case score cards, I believe at the end of the first quarter of next year. Is that right? Ralph?
Ralph Magee: That is correct. Yes.
Buddy Doyle: So you will be measured, you will be scored, but they do give you three days to make corrections. But you’ll want to be, to Ralph’s point, it’s so much more efficient to do it right the first time than to go back and correct. But if you do have to go back and correct, depending on that volume, you may need some software tools to help you do that efficiently because Ralph mentioned 300,000 events. If you’ve got to do something like that and you don’t have software, you’re probably in trouble. So I think that is a difficult animal to get through. If you don’t look at that, a shameless plug, which I don’t normally do, but we do have software that does this. And we’ve got Ralph that is the master of it. I do think it’s good that you’ve had that experience of both submitting to the CAT and working with issues and the data and rejects and corrections. And you’ve been doing it in CAIS since the test window opened.
Ralph Magee: The software that we have not only gives you an account concentric view of your accounts and your customers, but it gives you that customer concentric view, which firms sometimes struggle with their OSS and other operational systems within the firm to really know what the customer has across your entire universe and with the TID value, the transform identifier value, that CAIS has a requirement for, we’re able to group that by customer and give you a concentric view across that customer of what that customer has and all the DIDs and related people to those accounts across your firm. So that’s a very important aspect of the software that gives you the insight to who your customer is and how many accounts they stretch over.
Buddy Doyle: Yeah. I think it’s a really important evolution that is occurring here for broker dealers in particular, that we’re moving from account-based analysis to client based analysis, and so are the regulators. So I think it is it’s time to line that up and really take a good hard look at that within your organization, because it’s about to become really evident if you have issues linking your clients’ accounts together. All right. Ralph, any other bits of, of wisdom that you would like to share with their, with their group?
Ralph Magee: Yes. We obviously have a little bit of a runway here when it continues to urge people to test, test and test the reporting obligations that firms are under now are the minimum requirements. Certainly can, they can drive that all the way up to the maximum full account submissions. If they’d like to. We encourage that, especially if you have a software tool that helps you monitor that and gives you some feedback so that helps you narrow down where the errors actually are and what the root cause of those errors are. If you don’t have that, I would certainly be querying your books and records for material inconsistencies. Date of birth was one of the examples that we have already provided. There’s numerous others that we could go through. It’s important to also think about drafting your firm desk procedures now.
This is a new requirement. This is going to take a lot of effort. And this effort is going to span across multiple sections of the organization – new accounts, books, and records. There will be a lot of people that are touching the data that drives this reporting. So the more organized you are now, and the more prepared you are with good thoughtful desk procedures for your associates, I think the more successful your firm is going to be in meeting the requirements that are ahead of them. I was just going to say, just communicate. Overcommunicate, if anything, internally at your organization, especially if you’re using a CRA or a third party to report your data. You should be having weekly calls at a minimum with these reporters to know where they are, to know what the big errors are, to know what the systematic repairs are to some of the data points that are being reported. And then obviously, upon the compliance date, December 12th, you’ll need to update your policies and procedures to reflect this new regulatory implementation.
Buddy Doyle: Yeah. And that’s a good point, Ralph. I think that when you look at, you just unloaded a whole implementation process there of one the regulatory remediations that I typically have been involved with and Oyster’s been involved with. Particularly systematic issues have been related to the fact that it wasn’t well tested when it was implemented or when it was updated that software. And I think you can avoid a lot of problems down the road with that, but you do need to get your procedures lined up to your systems to be efficient, to be effective. But it’s the desk procedures that get it done. And when you get that done, how do you supervise that? And how do you test it? And you’ll update your risk assessments and your testing programs and all of that with this. It’s all a thing.
It all goes together into one big implementation. But I do think you’ve got time to get this right. Not much, but there is time to get this right. The data issues can feel overwhelming when you get started, to Ralph’s point. You’ve got multiple accounts, same person, different birth dates. How did that happen? But I think there could be challenges that come up again. Deal with them, get them on a list, figure out who’s going to take care of those challenges. Can you handle it internally? Do you need a hand from somebody else? What does that look like? How long does that last? And you’ll be able to get through this. But I would encourage you to start now because December will be here before you know it with that. Thank you, Ralph, for your time today and sharing your knowledge with the listeners and myself. And we really appreciate it. I’m Buddy Doyle. And thank you all for listening.
Libby Hall: Thanks everyone for listening. If you’d like to learn more about our experts and how Oyster can help your firm, visit our website at oysterllc.com. And if you like what you heard today, follow us on whatever platform you listen to and give us a review. Reviews make it easier for people to find us. Have a great day.