SEC Market-Surveillance Project Hits Snag Over Hacker Fears
Brokers cite concerns that they could face costly lawsuits if database is breached. SEC Market-Surveillance Project Hits Snag Over Hacker Fears
A project to create a massive market-surveillance database for U.S. financial regulators is encountering fresh resistance from Wall Street brokerages that fear it could be targeted by hackers seeking investors’ private information.
Some of the biggest U.S. brokerage firms are balking at a contract they must sign to connect their systems to the Consolidated Audit Trail, or CAT, ahead of a deadline just three months away. The brokers have cited concerns that they could be held liable if the database is breached, spurring costly lawsuits, people familiar with the matter said.
Firms that have raised concerns over the contract include Credit Suisse Group AG, Goldman Sachs Group Inc., JPMorgan Chase & Co., Morgan Stanley, TD Ameritrade Holding Corp. and UBS Group AG, these people said.
The CAT was conceived nearly a decade ago as a way to help the Securities and Exchange Commission investigate stock-market manipulation and episodes of anomalous trading like the May 6, 2010, “flash crash” that sent the Dow plummeting nearly 1,000 points.
Proponents say the CAT will help regulators make sense of complex U.S. financial markets, by putting data from disparate markets in one place and pinning down the time of each trade to the millisecond. Kara Stein, a former Democratic commissioner at the SEC, has called it a “Hubble Telescope” for the securities markets. When complete, it is expected to ingest more than 58 billion records a day to become the world’s largest repository of stock-trading data.
But the CAT has faced repeated delays and come under fire for potentially exposing Americans’ private financial information to hackers. Advocacy groups including the American Civil Liberties Union have blasted the project for plans to store the personal data, such as Social Security numbers and birth dates, of individuals behind stock trades.
“We are concerned that the CAT will pose significant risks to the privacy of millions of investors,” the ACLU wrote in a Dec. 16 letter to SEC Chairman Jay Clayton.
Among the concerns cited by the ACLU and other critics: An estimated 3,000 employees of regulatory agencies and exchanges are expected to have access to CAT data, potentially increasing the risk of an unauthorized download of sensitive information.
Mr. Clayton, a proponent of the CAT who has also criticized the way it has been implemented, has said he is willing to keep sensitive personal information out of the database. The SEC says it is considering an industry proposal to remove Social Security numbers, birth dates and taxpayer IDs from the database, and instead use ID tags that couldn’t be as easily traced to an individual’s identity.
“Chairman Clayton remains committed to moving CAT from concept to reality,” an SEC spokeswoman said in an emailed statement. “This requires addressing valid privacy issues.”
The CAT is overseen by a consortium of stock and options exchanges, including the New York Stock Exchange and Nasdaq Inc., as well as the Financial Industry Regulatory Authority, Wall Street’s self-regulator. The consortium created the contract that brokers must sign to connect to the database, called the CAT Reporter Agreement.
The contract, which is available online, limits the liability of the consortium to any broker making a claim against it to $500. Brokers worry this provision would leave them exposed to lawsuits if the CAT were hacked and they were sued by investors upset about the breach, according to the Securities Industry and Financial Markets Association, or Sifma, a Wall Street group representing brokers in negotiations over the contract.
Sifma “believes that such sweeping limitations on liability are inappropriate,” the group wrote in a Jan. 8 letter to the CAT consortium that was reviewed by The Wall Street Journal.
The dispute threatens to derail progress toward an April 20 deadline for large brokers to begin reporting data to the CAT. Of around 1,300 brokerages that need to sign the contract by then to start reporting data, about 650 have signed, a person close to the CAT consortium said.
In the Jan. 8 letter and other statements, Sifma has said it would be more appropriate for the consortium and its main contractor building the database, a unit of Finra, to face liability for a breach.
Sifma has also said the exchanges and Finra should waive the immunity that they enjoy as self-regulatory organizations when it comes to the risk of a CAT breach. As SROs—entities that have a government charter to regulate market activity—the exchanges and Finra are generally immune from lawsuits regulated to their regulatory role.
The SEC is aware of industry concerns over the CAT contract, the spokeswoman for the commission said. “We continue to work with the SROs and broker-dealers as we move toward broker-dealer CAT reporting in April,” she said.
A spokesman for the CAT consortium declined to comment on the dispute over the contract, but pointed to a Nov. 27 letter defending the contract from Sifma’s criticism. The CAT Reporter Agreement is “not substantively different” from similar contracts that brokers have signed to report data for regulatory reasons, the CAT consortium said in that letter, which was addressed to the SEC’s Mr. Clayton. The letter also said it was appropriate for management of the CAT to fall under the immunity principle that shields exchanges and Finra from lawsuits.
The CAT will start receiving data from brokers in April as planned, according to the consortium spokesman. “We expect large broker-dealers will begin reporting to the CAT by the April 20, 2020, deadline,” he said.
Related Articles:
Major Companies Shared Vulnerability Used In Travelex Cyberattack (#GotBitcoin?)
Microsoft Releases Patch To Patch Windows Flaw Detected By NSA
VPN Tier List 2020 (Comparison Table)
Inside China’s Major US Corporate Hack
Twitter Bug Exposed Millions of User Phone Numbers
U.S. Cyber Officials Give Holiday Shopping Advice For Consumers
Is Cayla The Toy Doll A Domestic Spy?
Google’s “Project Nightingale” Faces Government Inquiry Over Patient Privacy.
Which Password Managers Have Been Hacked?
DNS Over HTTPS Increases User Privacy And Security By Preventing Eavesdropping And Manipulation
Russia Steps Up Efforts To Shield Its Hackers From Extradition To U.S.
Barr Revives Debate Over ‘Warrant-Proof’ Encryption (#GotBitcoin?)
Should Consumers Be Able To Sell Their Own Personal Data?
Doordash Says Security Breach Affected Millions Of People (#GotBitcoin?)
Fraudsters Used AI To Mimic CEO’s Voice In Unusual Cybercrime Case (#GotBitcoin?)
Pearson Hack Exposed Details on Thousands of U.S. Students (#GotBitcoin?)
Cyber Hack Got Access To Over 700,000 IRS Accounts (#GotBitcoin?)
Take A Road Trip With Hotel Hackers (#GotBitcoin?)
Hackers Target Loyalty Rewards Programs (#GotBitcoin?)
Taxpayer Money Finances IRS “Star Trek” Parody (#GotBitcoin?)
IRS Fails To Prevent $1.6 Billion In Tax Identity Theft (#GotBitcoin?)
IRS Workers Who Failed To Pay Taxes Got Bonuses (#GotBitcoin?)
Trump DOJ Declines To Charge Lois Lerner In IRS Scandal (#GotBitcoin?)
DMV Hacked! Your Personal Records Are Now Being Transmitted To Croatia (#GotBitcoin?)
Poor Cyber Practices Plague The Pentagon (#GotBitcoin?)
Tensions Flare As Hackers Root Out Flaws In Voting Machines (#GotBitcoin?)
Overseas Traders Face Charges For Hacking SEC’s Public Filings Site (#GotBitcoin?)
Group Hacks FBI Websites, Posts Personal Info On Agents. Trump Can’t Protect You! (#GotBitcoin?)
SEC Hack Proves Bitcoin Has Better Data Security (#GotBitcoin?)
Your Questions And Comments Are Greatly Appreciated.
Monty H. & Carolyn A.
Go back
Leave a Reply
You must be logged in to post a comment.