The use of technology has changed the structure of the equity market and the way investors implement their trading strategies. Several issues related to the use of technology, however, have shed light on significant limits in the Securities and Exchange Commission’s (“SEC” or the “Commission”) ability to effectively monitor the stock market and adequately understand its dynamics. Isolated events (such as the 2010 flash crash) and structural transformations (such as the proliferation of dark pools) have created the need for the SEC to have direct access to continuous information concerning orders instructed by investors in the equity market. To gain such access, the SEC adopted Rule 613 of Regulation NMS (Regulation of the National Market System) in 2012, for the creation of a consolidated audit trial.
The SEC Consolidated Audit Trial (CAT) is a system structured in a central repository to which national securities exchanges and national securities associations and their respective members will have to report – on a daily basis – specific information concerning stock and options orders instructed by customers. In particular, national securities exchanges, FINRA, and broker-dealers are required to report details (such as, customer identity, date, price, size, order type, side, long, short, short exempt, etc.) for each order and its modification, cancellation, and execution. National securities exchanges and FINRA (collectively, SROs) will begin reporting on November 15, 2017, while broker-dealers will start reporting on November 15, 2018. The collection of the data and their reporting will take place in accordance with the National Market System (NMS) plan, which was approved by the SEC in 2016.
In essence, CAT is a new reporting system of trading orders information in which formally the reporting persons are SROs and broker-dealers (who also bear the related costs). But in effect the data to be reported concern the trading activity of the “customers,” namely investors instructing trading orders through exchanges and broker-dealers. The “central repository” is thus the new direct source of data on trading activities from which the SEC (and, in general, regulators) may draw information for regulatory and enforcement purposes. A “direct” access to information on trading orders is expected to produce a significant impact on the ways the Commission interacts with the equity market. Before the adoption of this system, the SEC was able to indirectly access some of the data related to orders in the secondary market through ad hoc requests to market participants. CAT eliminates the need for those specific requests. In addition, the SEC will have access to more information than those generally collected by SROs and broker-dealers through their own existing audit trials.
Given the level of technological sophistication used by some traders in the stock and options markets, the lack of a direct access for the Commission to data concerning trading orders was no longer justified. Thus, CAT should help to boost the credibility of the SEC as a market regulator in an equity market profoundly transformed by technological innovation and structural fragmentation. The Commission believes that CAT will improve its ability to analyze and reconstruct broad-based market events, such as the flash crash of 2010, and the overall equity market structure. But the main goal that the SEC intends to achieve is improving the accuracy and efficiency of the process of identifying potentially manipulative trading practices and insider trading cases. In particular, since CAT would allow to link orders across markets, cross-market surveillance is expected to improve significantly.
One element that the SEC considered essential to make CAT an effective tool for market surveillance is the reporting of the identity of the customers instructing the orders. Specifically, within the CAT system, each customer is identified by a code, and by accessing the central repository regulators will be able to know the identity and the account information of the customer linked to that code. This characteristic of CAT has received criticism, since it makes the central repository a likely target for cyber-attacks. Should one of these attacks succeed, investor confidence would deteriorate dramatically. In this regard, some scholars have expressed the opinion that the SEC does not need to know the identity of all customers instructing orders in the market. According to these scholars, the SEC could request broker-dealers the identities of the customers after having identified suspicious activities.
As above said, one of the main goal that the SEC intended to achieve through CAT was the elimination of the need for ad hoc requests of trading information to market participants. However, given the gravity of the consequences that could result from a cyber-attack, the SEC could have reasonably considered a system in which the code of a customer and the identity of the customer associated with that code are not stored in the same place. A consolidated audit trial is effective to the extent that it allows the SEC to find correlations among orders, customers instructing the orders, and events. The presence in the central repository of a customer code without the identity of the customer associated with that code does not necessarily hamper the possibility to identify relevant correlations. In a system where the code is stored in the “central repository” accessible to regulators and the identity of the customer associated with that code is stored in the local repository of the broker-dealer, the consequences of a cyber-attack could likely be less dramatic.
Giovanni Patti serves as the graduate editor of the NYU Journal of Law & Business. He is an LLM candidate in Corporation Law (Dean’s Graduate Awards) and a research assistant at the NYU Pollack Center for Law & Business. He holds a PhD in Corporate Law from the University of Roma Tor Vergata. Prior to attending NYU, he was an associate in an Italian-based law firm, where he practiced corporate and banking law. He also worked as a research assistant at the University of Roma Tre.