The U.S. Securities and Exchange Commission (“SEC”) recently provided relief relating to the implementation of the Consolidated Audit Trail (“CAT”). First, on March 16, 2020, the SEC’s Division of Trading & Markets staff issued a No-Action Letter (“NAL”) to temporarily allow broker-dealer personnel who are working on CAT implementation to focus on critical operations. Second, on March 17, 2020, the SEC granted relief aimed at reducing CAT cybersecurity risks by exempting self-regulatory organizations (“SROs”) from collecting or retaining certain retail customer data. In addition, as a result of the market volatility caused by the COVID-19 pandemic, the SEC’s Division of Enforcement issued a reminder on the importance of maintaining market integrity.
Temporary COVID-19 NAL
The CAT is a system that consolidates trading information from equities and option markets. Initially approved in 2016, its implementation has been extended from 2018 to present. As explained in the NAL, the Trading and Markets’ staff is aware of the operational strains that the COVID-19 pandemic may be placing on broker-dealers. In particular, the Trading and Markets’ staff acknowledged the potential need for certain personnel who are otherwise working on CAT implementation to adjust their focus if the broker-dealer has implemented its business continuity plan in order to meet operational needs in a time of increased market stress. As a result, the NAL provides temporary relief through May 20, 2020 so that personnel who are working on CAT implementation can instead focus on critical operations. The staff may extend the relief if necessary.
CAT Cybersecurity Relief
As expressed in a statement by Chairman Jay Clayton, despite the NAL and the COVID-19 pandemic, the SEC still remains committed to establishing a functioning CAT. In doing so, the SEC is interested in balancing the need for the consolidated information provided by CAT with the cybersecurity risks of collecting such information, particularly for retail investors. In an effort to reduce such risk, the SEC issued relief exempting the SROs from collecting certain retail customer data, including: (1) social security numbers or tax payer identification numbers; (2) dates of birth, and (3) account numbers. Instead, under the relief, broker-dealers are required to report an account holder’s name, address, and birth year. Additionally, in his statement, Chairman Clayton stated that he has asked the SEC staff to prepare a recommendation for the SEC on “improving the data security requirements in the CAT NMS Plan” in 2020.
Enforcement Reminder on Market Integrity
On March 23, 2020, the directors of the SEC’s Division of Enforcement issued a statement on market integrity amidst the rapid changes caused by the COVID-19 pandemic. The co-directors noted that because of the pandemic, certain filings or earnings reports may be delayed, and insiders may possess additional material non-public information. As a result of this potential increase in material non-public information, the directors provided a reminder that insiders should still maintain disclosure controls, insider trading prohibitions, codes of ethics, and Regulation FD and selective disclosure prohibitions. In short, the SEC will remain vigilant and be surveilling the markets for indications of trading based on material non-public information and issuers and market participants alike should be vigilant.