PRIMER: The Consolidated Audit Trail

Author: John Crabb | Published: 5 Apr 2019
Email a friend

Please enter a maximum of 5 recipients. Use ; to separate more than one email address.

What is it?

The Consolidated Audit Trail (CAT) is a central repository commissioned by the US Securities and Exchange Commission (SEC) intended to help regulators efficiently and accurately track activity in the US National Market System (NMS) securities markets.

"The CAT will track orders throughout their lifecycle and identify the broker-dealers handling them, thus allowing regulators to more efficiently track activity in Eligible Securities throughout the US markets," reads the official CAT NMS plan website. "The primary goal of SEC Rule 613 is to improve the ability of the SEC and the Self-Regulatory Organisations (SROs) to oversee trading in the US securities markets."

When established, Rule 613 required US national securities exchanges and Financial Industry Regulatory Authority (Finra) to provide detailed information to the CAT providing information of each quote and order in an NMS security. For every order this is to include every single reportable event with respect to origination, modification, cancellation, routing, and execution.

Out of the bag: understanding the tools of CAT

Rule 613 was established by the SEC on July 11 2012 after the 2010 flash crash that saw the Dow Jones drop by 1,000 points in a matter of minutes. The crash happened after a trader bought and sold hundreds of mini-futures on the CME, and caused trillions of dollars to disappear from the system. The CAT was conceived as a means of tracking the system to avoid situations like this.

The SEC approved the CAT NMS plan on November 15 2016, which set in motion the actions that broker-dealers and SROs had to perform going forward.

What and who reports to it?

The data will be used by regulators to effectively survey the market, allowing them to focus their reconstruction efforts more effectively. Broker-dealers operating in the US equity and options markets are required to report order lifecycles for these markets on a daily basis, including orders, quotes, cancels, routes and allocations.

Broker-dealers, SROs and securities information processors (SIPs) — collectively the CAT reporters — are required to provide these specific record identifiers to support linkage processes. This list includes Finra and other national securities exchanges, and broker-dealers of all sizes.

This will have a significant impact on broker-dealers, who will have to adapt to be able to provide customer information reporting capability, order lifecycle reporting capability, synchronise clocks to an exacting standard time, and adapt processes to abide by CAT considerations. Whereas existing regulatory regimes like the order audit trail system (OATS) do not require customer-identifying information, it must be included for CAT – which has caused significant concern.

The task of reporting is obviously a mammoth one. An estimated 58 billion data points will be collected each day when it is in full operation. When asked what types of specific information are critical to include when reporting this data at the CAT and the Future of Market Surveillance panel at the Securities Industry and Financial Markets Association’s (Sifma) Equity Market Structure Conference in New York last November, senior policy advisor at the SEC Mark Donohue said it is a question of practical, cost and use.

From the SEC perspective, he said, one of the major uses is market construction and understanding what happened during times of stress, by recreating the data.

"Rejection messages are very helpful to understand market reconstruction, but may not be as advantageous from a surveillance standpoint," he said.

He added: "We need to keep in mind the market reconstruction and policy components as well."

Donohue continued that he can conceive a future where data elements get added to CAT so that policy decisions can be made on a more informed basis. Additional elements can point you in different directions, he concluded.

What problems is it facing?

The contract to build the CAT system was initially awarded to a subsidiary of Thesys Technologies, Thesys CAT LLC, which acted as plan processor. Thesys initially had just 11 months to build the entire system from scratch.

The first deadline for data reporting to the CAT was November 15 2017, which the SROs requested relief from. Although they were rejected by chair Jay Clayton, no reporting took place for another year.

A year later, several industry members released  technical specifications for participants in the CAT to help understand their responsibilities in relation to SEC Rule 613 and the CAT plan, and also describe requirements for reporting CAT data such as detailed information about data elements and the file formats of each reportable event. This was the first time a fully-fledged, detailed specification has been provided to the industry, only three weeks before the already extended deadline.

In a statement, Brett Redfearn, director of the SEC division of trading and markets, announced the SEC wouldn’t expect to take enforcement action for failure to report data to the CAT 'if the CAT is not sufficiently developed to receive that data'.

The big ask from the industry standpoint was a technical legal issue that the SEC had not come out and recognised. The plan required firms and SROs to be compliant and start uploading data by November, but Redfearn’s statement suggests that the staff were offering a legal pass on that because it is impossible.

"We are dealing with compliance officers and boards of directors at firms, and they have a legal obligation to make sure they are meeting all of the requirements, so there has been a longstanding request to have the SEC make a legally binding or public statement on what happens if broker-dealers miss the November 2018 deadline – which they certainty will," said Gregg Berman, director of the market analytics and regulatory structure unit of Citadel Securities.

It's unlikely that most broker-dealers would care about that. It isn't possible to send data if the CAT doesn’t exist, which is currently the case. 

What happened to Thesys?

Although in January Thesys told IFLR Practice Insight that the initial stages of reporting were progressing as hoped after the reporting schedule started, and that accuracy and security remain high priorities, they were shortly replaced by the SEC – which reassigned the task to Finra.

During a December 11 testimony before the US Senate Committee on Banking, Housing, and Urban Affairs, however, SEC chairman Jay Clayton said the regulator remains frustrated by the failure of SROs to meet their obligations, as well as by delays in the development of the CAT.

See also in Practice Insight: Market and SEC clash on CAT progress

The market too was uncertain. It now seems entirely possible that the system will not function as originally intended, and the cybersecurity issues that have surrounded it since inception remain a significant concern.

During testimony, however, Clayton explained that the SROs responsible for developing and implementing CAT had missed their initial November 15 2017 deadline. "While the CAT has now begun receiving equity and options data with limited functionality, the SROs remain out of compliance with the CAT NMS plan today," he said.

"The SROs are making some progress, but the development and implementation process remains slow and cumbersome due largely to what I believe are project governance and project management issues experienced by the SROs," he continued.

Clayton went on to say that the Commission is frustrated, that the projected date of full delivery of March 31 2019 was not good enough, and that SROs are not meeting obligations.

In February 2019, Thesys was fired from its role, and Finra appointed. Finra and CAT NMS confirmed that it will be transitioning the CAT project to a new plan processor. In doing so, there will be a significant impact on existing implementation plans. "While certain dates may change, there are no material changes planned for the industry member technical specifications," they said.

Despite this change, issues regarding data and personally identifiable information (PII) remain. In March at another Sifma conference, Clayton confirmed the agency is working on a unique customer identification for the CAT, which could allay certain fears that the industry may have – as long as it worked with the SEC.  

"There are solutions here. We'll get to a responsible place on customer data as long as everybody remains constructive," he said.

See also: SEC statement on CAT delay exactly what industry was looking for