On Friday, October 29, 2021, the SEC issued an order that disapproved a proposed plan amendment to allow the insertion of limited liability provisions into the Consolidated Audit Trail (CAT) Reporting Agreement and the CAT Reporting Agent Agreements.
The Operating Committee for CAT had submitted this amendment on December 18, 2020 and it was published for comment in the Federal Register on January 6, 2021. Not surprisingly, this was met with great resistance from the Industry Members who are required to submit, or have submitted on their behalf, data to CAT which will eventually include Personally Identifiable Information (PII). Under the amendment, once the data is submitted, the Industry Members have very little, if any, control over the storage and protection of their customer data; yet they face significant risk if the CAT data were to become compromised.
In April 2021 the SEC started proceedings to rule on the amendment and designated a longer period to conclude the hearings in June and then again in September. There were a wide range of objections submitted by commenters for consideration. These include, but are not limited to, Cyber Insurance, the input of Industry Members and visibility into the overall Security of the CAT, regulatory immunity and the risk of data breaches and their subsequent costs.
As a result, the SEC did believe that the Participants demonstrated it was necessary to limit the liability to Industry Members to a maximum of $500 per calendar year as proposed and that damages related to any breach of data would potentially exceed that amount. The order also details why the proposed amendment would likely have a negative impact on the Efficiency, Competition and Capital Formation.
Through carefully crafted, practical Industry Member comments and the persistence of financial advocacy groups such as the Securities Industry and Financial Markets Association (SIFMA), Industry Members can celebrate a hard-fought victory which will go a long way to easing security concerns. However, the reality is that little time can be spent in celebration as the next phased implementation of CAT, Phase 2d, becomes effective on December 13, 2021.
Our consultants use their deep regulatory experience in trade reporting with our Oyster Solutions CAT reporting application to enable firms to achieve their CAT reporting obligations. Oyster’s CAT Application consolidates CAT reporting events, error analysis and validation data into a central program, where it will identify errors, linkage and gaps between vendor data and CAT reported data. Click here to learn more about how Oyster can help your firm with its CAT reporting requirements or to request a demo of our reporting application.