As a result of the 2010 Flash Crash, which wiped out around $1 trillion from the US stock market within minutes and the difficulty regulators faced in its investigation, the SEC developed Rule 613. It took regulators 5 months to piece together the events of the Flash Crash and create consolidated view of all equity market activity. SEC Rule 613 mandates the development of a Consolidated Audit Trail (“CAT”) and will impact any broker dealer that has any in-scope activity in the United States. This will impact all US Banks, FBOs and broker-dealers which have equity or equity options operations in the United States. For example, if a French client purchases US equity through a French Bank’s US broker dealer operations, this activity will have to be reported.
SEC Rule 613 requires broker-dealers to report all transactions conducted in the US equities and listed options markets daily to the Consolidated Audit Trail (CAT) database, enabling the SEC to conduct cross-market surveillance and reconstruct market events.
What are the key implementation challenges for impacted broker-dealers ?
Reporting Systems
Developing a single consolidated daily report to track all equity and options activity can be challenging as firms typically have multiple disparate trading systems and client databases that did not previously interact.
To comply with this regulation, firms must :
Develop an internal data repository before sending information to the processor.
Leverage existing OATS infrastructure; however, CAT’s requirements are more exhaustive and include equity options.
Consider current systems’ compliance with the regulation, and address potential gaps.
Determine how to enhance the systems for the CAT while maintaining compliance to OATS and EBS.
Cybersecurity threats
The enormous and valuable database of financial transactions contained in the CAT will be a target for cyber criminals. This is an area that the CAT processor will likely be heavily investing in. For individual broker-dealers, their own CAT reporting data will contain the sensitive information and will also be a target both in transmission and in storage. The potential threats are as follows : financial transactions database, confidential trading strategies or personal identifiable information…
Having a secure system in place will be vital to protect this sensitive data as well as to reduce the risks of cyberattacks.
Data Accuracy
On top of the fact that firms need to gather and submit a large amount of data which they previously did not consolidate, the data needs to be accurate.
The acceptable error rate until April 2021 is 5% and drops to 1% for large broker-dealers. This error rate becomes more difficult to accomplish when we are dealing with micro-seconds.
Allocation data needs to be reconciled and matched internally with the trade data, and any identified gaps should be remediated before reporting to the CAT.
Personal identifiable information (PII)
A major point of contention since the regulation was published is the requirement to include client data in the submission.
The date of implementation for customer and account data has been moved back to November 2021 to allow for continued discussion.
Financial institutions are hesitant to provide this type of data to anyone because of the complex web of data privacy and security regulations.
The inclusion of this type of information in the CAT only increases the likelihood of cyber-attacks and a corresponding necessity to invest in its protection.
What should be the key priorities for broker-dealers ?
Related Insights
Paul Mutawe
Jack Lockie
Rohith Raamachandren