US Securities and Exchange Commission chairman Jay Clayton will make a tough sales pitch when he tries to convince lawmakers that his agency can protect reams of personal data shortly after it disclosed a hack that shook confidence in Wall Street’s top regulator.
Clayton is testifying at a US House hearing, where he is expected to be grilled about a massive new database being built that is meant to help the SEC quickly figure out what causes market disruptions and investigate illegal trading. Known as the Consolidated Audit Trail, the repository could hold everything from brokerage account information to Social Security numbers.
Members of Congress are concerned about the CAT’s security because it will be even bigger than Edgar, the SEC database cybercriminals breached last year that houses millions of corporate filings.
“I appreciate that security issues are particularly acute with respect to a data repository that contains comprehensive information on trading activity in the securities markets, especially in light of recent events,” Clayton said in his prepared remarks. “We have committed to review periodically the effectiveness of our confidentiality and data-use procedures.”
The SEC’s September 20 disclosure of the Edgar hack, which followed the highly publicised breach at Equifax Inc, has fuelled calls for the CAT to be put on hold. Stock exchanges are set to begin feeding data into the system next month, while brokers have to start submitting information in November 2018.
The database could ultimately include personal details for more than 100mn trading accounts, and is meant to track billions of daily orders to buy and sell stocks. Lobbyists for the New York Stock Exchange, the Nasdaq Stock Market and trade associations for brokerage firms have been telling congressional offices that regulators need to make sure all that information can be protected.
“Given the recent hacks at Equifax and the SEC, a delay of the CAT implementation would be prudent to determine whether collecting a customer’s personally identifiable information is really necessary,” said Christopher Iacovella, chief executive officer of the Equity Dealers of America, a group representing regional financial services firms.
The CAT has already been a long time coming. The SEC started kicking the idea around years ago, and it gained traction as the regulator struggled to figure out the causes of the May 2010 flash crash.
The database has been billed as an essential step to improve monitoring and understanding market moves. Thesys Technologies is leading the construction of the system which is directly overseen by the exchanges and the industry-backed Financial Industry Regulatory Authority.
Brokers and exchanges have often clashed over who will pick up the tab for the system. While both sides have been pushing for the delay, neither has called for the CAT to be scrapped altogether.
Clayton is appearing before the House Financial Services Committee. Jeb Hensarling, the Texas Republican who leads the panel, and two other GOP lawmakers urged the SEC chief last week to delay the CAT’s implementation. In a letter to Clayton, they said the agency should hold off until it can set “information security safeguards and internal controls to ensure the security of confidential and sensitive data.”
“As the 2016 breach of the Edgar filing system revealed that it may have provided the basis for illicit gains through trading, the need to delay the CAT’s implementation until there is an independent assessment of the SEC’s information security regime is only amplified,” wrote Hensarling and Representatives Bill Huizenga and Randy Hultgren in the September 28 letter.
Clayton: Testifying at a US House hearing.
