SIFMA released the following statement from Kenneth E. Bentsen, Jr., SIFMA president and CEO, on the Consolidated Audit Trail:
“SIFMA remains very
concerned about investor data security of the CAT. SIFMA and its members
are supportive of the CAT and its regulatory intent but have repeatedly
expressed strong concerns regarding the risks to our customers’ sensitive
financial data information, including the wholesale collection of personally
identifiable information (PII) and transaction data being compiled in one
place. This risk is further compounded by a lack of liability coverage for the
broker dealers who are obligated to report to the CAT. Allowing
twenty-four self-regulatory organizations (“SROs”) to have the ability to bulk
download and store all such data, including transactions and customer data, on
their own systems, dramatically increases exposure to data breach and
theft. As SEC Chairman Clayton rightly noted at a Senate Banking hearing
today, data security must be a paramount concern with a database this large.
Allowing up to 3,000 users at twenty-four different SROs to hold the data
internally with personnel having unfettered access makes absolutely no
sense. SIFMA believes that all surveillance and analysis on CAT data
should occur within a highly controlled, limited access secure analytics
environment within the FINRA CAT Processor and only the SEC and FINRA should
have access to the full database. The SROs should only access their own
transaction data and should not have access to the customer database. We
urge the SEC to address these concerns immediately.”
