Commissioner Peirce Sounds the Alarm About Feeding the SEC's CAT

May 18, 2020

About six months ago in December 2019, Securities and Exchange Commission Commissioner Hester M Peirce considered the then-ongoing efforts by the federal regulator to develop the Consolidated Audit Trail ("CAT"):

[T]he so-called CAT, which is not yet up and running, will collect data from brokers across the country and aggregate it in a data pool in which the SEC and other regulators can fish.  The data pool will contain all transactions in our equity and options markets.  As you can imagine, regulators and enforcement staff love such a rich reservoir, but it is not cheap -- the exchanges and brokers have already incurred huge expenses to get the CAT almost ready to launch and will continue to incur costs throughout the CAT's life; if cyberthieves break in, there will be additional costs to the investors' whose data are compromised; and, not least, there is the cost of eroded liberty, as the government monitors Americans' financial transactions.   

At Mochas, Mariners, and Morality -- Remarks before the National Economists Club (Speech by SEC Commissioner Hester M. Peirce / December 12, 2019) 
https://www.sec.gov/news/speech/speech-peirce-2019-12-12#_ftnref2

Where some saw the worthy reform of a wheezing, gasping, and failing process for collecting data in order to pursue fraud, Commissioner Peirce saw the potential for data theft and cybercrime. Those are not mutually exclusive concerns. Reform advocates are justified in seeking to implement the CAT, but Peirce is equally justified in warning against unbridled enthusiasm.

Far too many years of delay in creating a reliable repository for market data has harmed the investing public by impeding Wall Street regulators' ability to timely compile reliable trade data in furtherance of critical anti-fraud investigations. Consider, for example, the cost of the ongoing struggle to overhaul the outdated Electronic Blue Sheets ("EBS") system and the rising price-tag attendant to implementing the CAT. Indeed, the oft-delayed launch of the proposed CAT has not been without an often staggering regulatory cost, as recent SEC regulatory settlements underscore:

https://www.sec.gov/news/press-release/2018-275, which alleges, in part, that:

The Securities and Exchange Commission today announced that three broker-dealers have agreed to pay more than $6 million to settle charges for providing the SEC with incomplete and inaccurate securities trading information in required SEC productions known as "blue sheet data," which the SEC uses to carry out its enforcement and regulatory obligations, including the investigation of insider trading and other fraudulent activity. 

According to the SEC's orders, over a period of several years, Citadel Securities LLC, Natixis Securities Americas LLC, and MUFG Securities Americas Inc. each made numerous deficient blue sheet submissions containing inaccurate or missing data; incorrect order execution times that failed to adjust for time zone changes; and incorrect or missing exchange codes, transaction type identifiers, opposing broker number and contra-party identifiers.  Citadel, the largest provider of blue sheet data of the firms charged today, submitted incorrect data for nearly 80 million trades while Natixis and MUFG submitted incorrect data for approximately 150,000 trades and 650,000 trades, respectively.  These deficiencies largely stemmed from undetected coding errors.  None of the firms had adequate processes designed to validate the accuracy of its submissions. 

https://www.sec.gov/news/press-release/2019-177, which alleges, in part, that:

The Securities and Exchange Commission today announced that Stifel, Nicolaus & Co., Inc. has agreed to pay $2.7 million and BMO Capital Markets Corp. has agreed to pay $1.95 million to settle charges for providing incomplete and inaccurate securities trading information to the SEC. Broker-dealers are required to provide the information known as "blue sheet data," which the SEC uses to carry out its enforcement and regulatory obligations, including investigations of insider trading and other fraudulent activity.

According to the SEC's orders, over a period of several years, Stifel and BMO each made numerous deficient blue sheet submissions containing missing or inaccurate data, largely due to undetected coding errors. The SEC found that Stifel failed to report data for approximately 9.8 million transactions and provided inaccurate information for approximately 1.4 million transactions. Separately, the SEC found that BMO submitted missing or incorrect data for approximately 5.4 million transactions. According to the SEC's orders, neither firm had adequate processes designed to validate the accuracy of its submissions and each willfully violated the broker-dealer books and records and reporting provisions of the federal securities laws.


The Securities and Exchange Commission today announced that Cantor Fitzgerald & Co. has agreed to pay $3.2 million to settle charges for providing the SEC with incomplete and inaccurate securities trading information known as "blue sheet data."

According to the SEC's order, for almost five years, Cantor Fitzgerald made numerous deficient blue sheet submissions containing missing or inaccurate data, largely due to inadequate processes designed to validate the accuracy of its submissions and undetected coding errors. The SEC found that Cantor Fitzgerald submitted missing or incorrect data for approximately 35 million transactions.  Broker-dealers are required to provide this information, which the SEC uses to carry out its enforcement and regulatory obligations, including investigations of insider trading and other fraudulent activity.

The unreliable nature of trade data provided to the regulatory community via the outdated EBS has been well documented. The question that we must now confront is whether a new NMS/CAT scheme will get the job done. Similarly worthy of consideration is whether the compilation by the government of a data bank of confidential information about largely innocent citizens is an appropriate cost in order to cull information from such records to prosecute fraudsters and other malefactors. Is the loss of some civil liberties and rights the necessary price of ensuring freedom and protecting the integrity of our markets? Who draws the line and when becomes a very critical consideration.  In further considering the scope of the data that would be needed to feed and nurture the CAT, Peirce warned that:

The temptation to collect more data only grows with the sophistication of our analytical techniques and tools.  Collecting data, however, is not free -- not for us, not for the industry from which we collect it, and not for investors.  Registrants that provide the data often incur very large direct costs to produce the data in the timeframe and at the frequency we require.  They also may experience other kinds of costs if the data fall into the wrong hands. . .

At Mochas, Mariners, and Morality -- Remarks before the National Economists Club (Speech by SEC Commissioner Hester M. Peirce / December 12, 2019)
https://www.sec.gov/news/speech/speech-peirce-2019-12-12#_ftnref2

Is Enough, Enough?

In her December 12, 2019 speech, Peirce warns that "[o]nce we start down the road of collecting data, it is hard to rein ourselves in . . . we ought to think carefully about how much data is enough."

How much data is enough? 

A fair question, but one that prompts the equally appropriate query of  "how much fraud is enough?"  

I am a libertarian by political bent, and, as such, I get Peirce's concerns and warnings, all of which I find are fairly raised and largely valid -- accordingly, my riposte is less criticism than critique. Clearly, where Commissioner Peirce and I find common ground, is in her belief that:

[O]ne way we can enlist the help of others is to do a better job at making data available for people outside the agency to analyze.  Whether it is improving the data about municipal issuers, increasing transparency about transactions in the fixed income markets, giving investors greater insight into financial institutions' balance sheets, or ensuring that brokers' customers can get information about how their orders have been executed, more data can be a powerful tool for market participants.  Armed with the data, market participants are able to make better decisions.  Even for some functions that are often found in regulatory hands, outside help can be beneficial. 2

I have been a critic of post-financial crisis regulation that looks to regulators alone to identify and solve problems; no offense to any government economists in the audience, but lots of people working independently are better at identifying problems and generating solutions than a small group of regulators holed up in musty regulatory agencies in Washington, D.C.  An important question for both lawyers and economists working in regulatory agencies is:  How can we enlist the help of people outside of government in regulating the activities we are responsible for overseeing?

= = = = =

Footnote 2Our whistleblower program is an example of how important such outside help can be.  See, e.g., Report Suspected Securities Fraud or Wrongdoing, https://www.sec.gov/tcr (last visited Dec. 12, 2019).  See also Marcos López de Prado, Testimony before the Task Force on Artificial Intelligence of the House Committee on Financial Services (Dec. 6, 2019), https://financialservices.house.gov/uploadedfiles/hhrg-116-ba00-wstate-lopezdepradom-20191206.pdf (suggesting that outside data scientists could be enlisted to unravel discrete events like the Flash Crash).

At Mochas, Mariners, and Morality -- Remarks before the National Economists Club (Speech by SEC Commissioner Hester M. Peirce / December 12, 2019) 
https://www.sec.gov/news/speech/speech-peirce-2019-12-12#_ftnref2

Overhaul the SEC's Whistleblower Program

In rising to Commissioner Peirce's challenge about how the SEC can enlist outsiders to help better regulate Wall Street, the SEC must overhaul -- profoundly -- its Whistleblower program. Whistleblowers have proven to be a treasure trove of tips and serve as a formidable early-warning system against regulatory misconduct in the industry and the marketplace. Unfortunately, the SEC's interaction with these "people outside of government" has often been one of dismissiveness bordering on hostility by which whistleblowers are frequently seen as criminal defendants or administrative respondents. The SEC needs to alter the angle of its prism. As Peirce urges, whistleblowers must be seen as "market participants" who are "working independently" at "identifying problems and generating solutions" beyond the confines of "musty regulatory agencies." Also read: 

https://www.sec.gov/comments/s7-16-18/s71618-173238.htm

"SEC Whistleblower Program Is A Black Hole Of Despair" (BrokeAndBroker.com Blog, April 9, 2015).

May 15, 2020: SEC Adopts NMS/CAT Amendments

Eureka! On May 15, 2020, the regulatory world awakened to the profound announcement that the much-delayed, much revised, much reviled NMS/CAT plan had been approved. SEC Adopts Amendments to the CAT NMS Plan to Improve Transparency and Financial Accountability (SEC Release) https://www.sec.gov/news/press-release/2020-114

At long last, the SEC adopted NMS/CAT amendments, which purportedly impose public transparency requirements on the self-regulatory organizations that are participants in the plan. Additionally, participants will be subject to financial accountability provisions; required to publish and file with the SEC a complete CAT implementation plan and quarterly progress reports; and obligated to establish financial accountability provisions. As set forth in part in the SEC Release:

  • The Participants must file with the Commission, and make publicly available, a detailed implementation plan and ongoing quarterly progress reports. 
  • Each document must be submitted to the CEO, President, or an equivalently situated senior officer at each Participant and then approved by a supermajority vote of the Operating Committee. 
  • To the extent that any document is approved without a unanimous vote of the Operating Committee, each Participant whose Operating Committee member did not vote to approve the document must separately file with the Commission, and make publicly available, a statement identifying itself and explaining why it did not vote to approve the document in question.
Commissioner Peirce Dissents

Not unexpectedly, Commissioner Peirce dissented from the SEC's NMS/CAT announcement  -- and she set forth her impassioned and thoughtful comments in [Ed: footnotes omitted -- read the full-text speech with footnotes via the link below]:
 
https://www.sec.gov/news/public-statement/peirce-statement-response-release-34-88890-051520 

I write to dissent from the financial incentive amendments to the National Market System plan governing the Consolidated Audit Trail (CAT) that the Commission is adopting today. These amendments use financial penalties to encourage plan participants to get the CAT up and running quickly after years of implementation problems. Rather than encourage the CAT's expeditious completion, we should reconsider the project in light of the clear threat it poses to Americans' liberty and privacy.

Concerned by the 2010 "Flash Crash" and the subsequent difficulty in analyzing the events of that day, the Commission devised a plan in 2012 to create a consolidated audit trail. The Commission could have required self-regulatory organizations (SROs), which include securities exchanges and the Financial Industry Regulatory Authority (FINRA), to develop a tool designed to make it easier for the Commission and SROs to analyze similar market events in the future. Such a tool could have built on existing databases and trade-reporting processes to allow reconstructions of trading patterns preceding significant market disruptions.

What the Commission chose to do in 2012 was very different. It ordered the SROs to create a comprehensive surveillance database that will collect and store every equity and option trade and quote, from every account at every broker, by every investor. This ambitious objective means the CAT must contain, in some form, voluminous amounts of personal and business confidential information. This gigantic database, housing all this information in a single place, will be accessible to thousands of people at the Commission and the SROs, who will be able to watch investors' every move in real time.

As is common with projects of such grandiose scale, CAT implementation has been plagued with repeated delays. Chairman Jay Clayton, having inherited this project, has worked hard to see it through to completion, while also seeking to mitigate the risks it presents. His efforts have borne fruit in the form of changes that should make this information materially less susceptible to misappropriation and misuse by bad actors.

These changes, however, do not address the deeper problem with the CAT, namely the significant costs that a comprehensive surveillance tool of this type presents to Americans' liberty and privacy. The CAT's financial burden has grown increasingly apparent as the implementation process has dragged on. Staff of the SROs, broker-dealers, and Commission have expended countless hours and dollars to build the CAT's intricate regulatory, legal, and technological infrastructure. On the other hand, the costs our rules impose on liberty and privacy often draw less attention, in part because these costs are harder to measure than mere financial costs. However, the CAT's impending launch and the increasing emphasis on the value of the CAT's comprehensive, real-time database as an enforcement tool demand just such an analysis.

As an initial matter, it is doubtful whether the CAT's comprehensive surveillance database will significantly advance the Commission's mission. That mission is to protect investors; maintain fair, orderly, and efficient markets; and facilitate capital formation. The Commission's enforcement program is an important tool in pursuing that mission, and the CAT may make it a bit easier to investigate certain types of market misconduct. However, it is unlikely that it will materially change the types or number of enforcement cases the Commission brings. Is this questionable benefit worth the CAT's costs?

Even if the CAT were likely to advance the Commission's mission in a significant way, to determine whether pursuing the CAT further is worthwhile, we need to look carefully at all of the costs that the CAT is likely to impose after it is operational. As noted above, some of these costs are economic, but the most important costs are the non-quantifiable costs to society and to the liberty and privacy that all Americans hold dear. Perhaps somewhat counter-intuitively, the Commission needs to take seriously the public's interest in not having a single, comprehensive surveillance database that allows thousands of users to track every person's activities in the securities markets.

The non-financial costs of being surveilled reach to the very core of our humanity. Freedom of thought, expression, and action are key to unlocking each person's unique potential to contribute to society. Untargeted government surveillance programs, even well-intentioned ones, threaten that freedom. A fundamental expectation of a free people is to not be subject to unwarranted monitoring.

Our legal tradition recognizes these costs and limits when and how government can gather information about our lives. For example, if the government suspects that someone is planning a murder, it may seek to monitor her communications, but only in compliance with statutory and constitutional safeguards such as the requirement to show probable cause. Getting a warrant or following other required procedures may take time and inconvenience law enforcement officials, but Americans have decided that this burden on government is an acceptable, indeed necessary, safeguard of our liberties. The typical American would find it offensive if law enforcement decided willy-nilly to monitor her communications on the off chance that she might someday decide to plan a murder. Sure, such an approach might allow the police to prevent a few additional crimes each year, but society has decided that the cost would be too high.

Some surveillance defenders might say, "Well, if you are not planning a murder, you have nothing to be worried about." The matter is not so simple; ongoing, unwarranted monitoring imposes costs that fall on the innocent and guilty alike. Being watched can change the way people-even people whose actions are beyond reproach-behave. It eats away at the psyche and soul. It is not only being watched while you act that matters; being watched while you think is also problematic. As Professor Neil Richards has explained, "intellectual surveillance," which he describes as "surveillance of people when they are thinking, reading, and communicating with others in order to make up their minds about political and social issues"-"is especially dangerous."Among other problems, such surveillance dissuades them from exploring ideas that fall outside the mainstream.It also changes the "power dynamic between the watcher and the watched" by exposing the watched to the risk of "discrimination, coercion, and the threat of selective enforcement where critics of the government can be prosecuted or blackmailed for wrongdoing unrelated to the purpose of the surveillance."

Concerns like these have motivated Americans to resist surveillance that tracks our activities as drivers, bikers, shoppers, readers, and internet searchers.Many Americans find it troubling to have their activities monitored by any organization, public or private. We ought to be particularly troubled when the power of the state requires Americans to acquiesce to such monitoring as a condition of engaging in political, economic, or other activity. If many of us find the notion of a government agent looking over our shoulders while we browse the internet or shop for books obnoxious and a little creepy, should we feel any differently about being watched by the government as we trade?

Some people might say, "Of course it's different: trading history is not protected expression; it is simply information about an economic transaction with no expressive value." However, economic transactions offer a window into a person's deepest thoughts and core values. Our purchases and sales of securities, particularly when aggregated together as the CAT would do, are a rich form of value expression. They might express a view of how markets work, a determination on the efficiency of markets, expectations about the future, or even a moral philosophy. Investors' trades may flow from a carefully crafted trading strategy based on a person's education, careful data analysis, intuition, or market experience. People may trade to express their belief about how a company, industry, or nation will perform in the short- or long-term. People might sell stock because they fear a recession is coming or buy stock because they anticipate that the election of a particular candidate or party will bring a period of economic prosperity. An investor might buy shares of a movie company because she is sure a particular movie will be popular, shares of a technology company because she believes the company's engineers are geniuses, or the shares of a cellphone provider because she believes a strategic merger is on the horizon.

People's investment decisions-what they buy, what they sell, what they avoid buying-may also or alternatively reflect their moral convictions. An investor may purchase shares of a clothing company because he likes the political messages of its celebrity spokesperson or shares of a restaurant chain because it donates to his favorite charity. On the other hand, an investor may choose to avoid or sell companies that are associated with things he opposes-carbon emissions, dictatorial regimes, alcohol, tobacco, guns, pornography, discrimination, poor treatment of workers, abortion, the military, gambling, shoddy products, or any other of the many things about which people have strong feelings. Another investor may choose to express her defiance of popular sentiment by investing in companies that produce guns, alcohol, or cigarettes. Our markets provide all of these alternatives, and more, to suit the divergent values and tastes of the remarkably diverse investors in our markets.

Investors whose trades are not a direct reflection of granular moral, ethical, or religious beliefs may fear rebukes from other people who view trading decisions as morally motivated. Of course, the Commission and the SROs do not plan to assess investor virtue; rather, they intend to use CAT data to evaluate people's compliance with the securities laws. It should be evident, though, that today's good intentions do not protect against tomorrow's bad actors. One can imagine a future in which a delectably large database of trades becomes a tool for the government to single people out for making trading decisions that reflect-or are interpreted to reflect-opinions deemed unacceptable in the reigning gestalt. This concern may be premature, but thinking about it seriously now is necessary to protect the liberty of future investors in our markets.

Given their expressive value, untargeted surveillance of financial transactions raises the same types of civil liberty concerns as other mass surveillance programs. The Commission is a securities regulator, and it is tempting to think that First Amendment and other concerns about individual liberty are outside our job description; however, our responsibilities include defending the Constitution, and our rules are part of the legal framework that determines how freely Americans can exercise their constitutional rights. We must take care that our surveillance tools are consistent with these rights. Doing so means recognizing that, as with respect to her other activities, a person's trading activity merits watching only when there is a reason to suspect that she is violating the law. Recognizing this means resisting the desire to surveil a person's every move in the securities marketplace simply because she might do something wrong. It means understanding that a person's buying and selling of securities is an expression of what she knows and believes. It means acknowledging that markets are powerful precisely because they draw upon the unique, intensely personal knowledge and expertise of the participants in the marketplace. And finally, it means acknowledging that we cannot, in our desire for investigative efficiency, disregard the liberty and privacy interests of ordinary Americans.

For all of these reasons, it is a mistake to view the CAT as nothing more than an innocuous repository of dry economic data. The CAT will be a comprehensive record of decisions made by millions of Americans that communicate their carefully constructed trading strategies, their opinions about the prospects of particular issuers and industries, and, for some, their moral, ethical, or religious beliefs. That some investors undoubtedly are engaged in misconduct in our financial markets cannot justify amassing this information, especially when more targeted techniques, such as electronic blue sheets, exist. We do not set up mass surveillance programs of other types of activity simply because some of it is illegal. There is no principled basis for treating Americans' activity in financial markets any differently from other types of activity that reflect a person's thoughts, preferences, fears, and hopes.

Moreover, gathering all of this sensitive information in a single database to facilitate more convenient surveillance of investors creates other risks for the very investors the CAT is purportedly intended to protect. Because the surveillance function requires a comprehensive database, the CAT will gather data from thousands of reporting entities, including many that have not previously been required to stream all of their customers' transaction data to an outside entity. Because the surveillance function requires eyes to watch and minds to interpret the data, thousands of Commission staff and employees of the participants must have access to the database.

The sheer value and size of the database will make the CAT an inviting target, and the number of users and reporting entities will make it a more vulnerable one. Each of the thousands of users and each of CAT's many contributors will afford a would-be hacker a potential point of entry. Each of these thousands of users will be able to track investors' market moves, and, with a little effort, also will be able to reconstruct and misappropriate proprietary and confidential trading strategies.

My colleagues are taking the security of the CAT very seriously, as are the SROs, but such a large database will remain an attractive target. As noted above, Chairman Clayton has directed-and the rest of the Commission has embraced-numerous, welcome changes to the CAT to make it more secure. In addition, the Commission and the SROs will continue to take considerable steps to screen employees carefully to weed out potential bad actors. After all, the reputation of each of these organizations depends largely on the quality of its employees, and on their prudence, discretion, and responsibility in fulfilling their critically important functions. Even the most vigilant employer, however, cannot identify every possible bad actor, and one security lapse involving only one of the CAT's thousands of users could compromise the entire database. Moreover, even an honest employee can become the inadvertent conduit for a cyber-breach. If history is any guide, unauthorized access to, or disclosure of, the information contained in the CAT is almost certainly just a matter of time.

Given these risks, we should eliminate the CAT. As Justice Roberts said, "Privacy comes at a cost." In this instance, that cost would not be terribly high. The Commission's enforcement program already performs very well without the CAT. If the Commission believes the program needs further improvement, we could enhance both the rules regarding responses to electronic blue sheets and FINRA's Order Audit Trail System (OATS). Both tools already allow us to get the information we need, and incremental improvements to reduce delays and errors could make our investigations more efficient without sacrificing Americans' liberty and privacy.

Because we should be working to shelve this well-intentioned, but ill-conceived project, not encouraging its quick completion, I cannot support the Commission's action today.

Bill Singer's Comment

In the rush to regulate, we frequently fail to discern between the "value" of various regulatory initiatives versus the "cost" of same. Indeed, the "thrill" of amassing a heretofore non-existent regulatory database has a narcotic-dependency-like effect, which drives us to find ways to obtain and archive even more and more data. That often insatiable zeal for collecting and categorizing everything about everyone, presages a world in which we have gone too far, too fast -- with no way to go back. 

Think back to a time before social media when we all didn't live a synthetic, online life. When the Cancel Culture was not running amok. When fake news and state-sanctioned propaganda had not supplanted the truth. When predators were not easily able to hack their ways into our homes and workplaces. You may prefer this Facebook/Twitter society to the one that we left behind. You may have willingly sacrificed civility and decency on the altar of emojis and hast-tags. Was the value of all that online interaction worth the cost we have paid both individually and as a society? Are you prepared to go off the grid -- and if you are, just what do you think you can return to? So, yes, I advocate for Wall Street reform and, yes, I support the framework of the SEC's just-announced CAT and, yes, I will continue to speak up and out on behalf of whistleblowers' rights. Nonetheless, I also heed Commissioner Peirce's call to pump the breaks. Before we drive through the stop sign, let's come to a complete halt. Let's look right. Let's look left. Let's do that once more. Then . . . let's roll forward, slowly, and get safely across the Street. All the while, as we're stopping, looking, and moving forward, let's remember William Butler Yeats' vision of the future as a place where:

The best lack all conviction, while the worst   
Are full of passionate intensity.


SEC Orders Credit Rating Agency to Pay $3.5 Million for Conflicts of Interest Violations (SEC Release)

Commissioner Peirce Sounds the Alarm About Feeding the SEC's CAT
(BrokeAndBroker.com Blog)

Head Of Investment Management Firm Pleads Guilty In Connection With $18 Million Pre-IPO Securities Fraud Scheme / Fred Elm, Who Fled to Canada in 2017 Prior to His Original Plea Date, Was Extradited Back to the U.S. Earlier This Year (DOJ Release)

Stockbroker Fined and Suspended for Emailing Confidential/Proprietary Information
In the Matter of Brandon Rolle, Respondent (FINRA AWC)

Stockbroker Fined and Suspended for Private Securities Transaction
In the Matter of Jason N. Dukas, Respondent (FINRA AWC)

Order Seeks to Lower Curtain on Nick Steele & TheCryptoFacts (TSSB Release)

Dallas Adviser Lorintine Fined $10,000 for Charging Performance-Based Fees (TSSB Release)

With TV ad commitments plummeting, the advertising business may never look the same (CNBC by Julia Boorstin)