U.S. Securities and Exchange Commission Chairman Jay Clayton will make a tough sales pitch Wednesday when he tries to convince lawmakers that his agency can protect reams of personal data shortly after it disclosed a hack that shook confidence in Wall Street’s top regulator.
Clayton is testifying at a U.S. House hearing, where he is expected to be grilled about a massive new database being built that is meant to help the SEC quickly figure out what causes market disruptions and investigate illegal trading. Known as the Consolidated Audit Trail, the repository could hold everything from brokerage account information to Social Security numbers.
Members of Congress are concerned about the CAT’s security because it will be even bigger than Edgar, the SEC database cybercriminals breached last year that houses millions of corporate filings.
“I appreciate that security issues are particularly acute with respect to a data repository that contains comprehensive information on trading activity in the securities markets, especially in light of recent events,” Clayton said in his prepared remarks. “We have committed to review periodically the effectiveness of our confidentiality and data-use procedures.”
Equifax Breach
The SEC’s Sept. 20 disclosure of the Edgar hack, which followed the highly publicized breach at Equifax Inc., has fueled calls for the CAT to be put on hold. Stock exchanges are set to begin feeding data into the system next month, while brokers have to start submitting information in November 2018.
The database could ultimately include personal details for more than 100 million trading accounts, and is meant to track billions of daily orders to buy and sell stocks. Lobbyists for the New York Stock Exchange, the Nasdaq Stock Market and trade associations for brokerage firms have been telling congressional offices that regulators need to make sure all that information can be protected.
“Given the recent hacks at Equifax and the SEC, a delay of the CAT implementation would be prudent to determine whether collecting a customer’s personally identifiable information is really necessary,” said Christopher Iacovella, chief executive officer of the Equity Dealers of America, a group representing regional financial services firms.
The CAT has already been a long time coming. The SEC started kicking the idea around years ago, and it gained traction as the regulator struggled to figure out the causes of the May 2010 flash crash.
The database has been billed as an essential step to improve monitoring and understanding market moves. Thesys Technologies is leading the construction of the system which is directly overseen by the exchanges and the industry-backed Financial Industry Regulatory Authority.