Despite a one-year delay and other missed deadlines, the order-tracking system known as the Consolidated Audit Trail is back on track as exchanges were due to begin reporting required equities and options data into the CAT on Nov. 15.

That message was conveyed by panelists at a recent industry conference.

Executives speaking at Tabb Group's FinTech Festival on Nov. 1st spoke about the hurdles and opportunities of CAT, including the complexity of linking order data across equities and options, along with cybersecurity concerns about the protection of customer data. They also said there were opportunities to leverage the data in other areas.

“I think this has been a long-time coming,’ said Adam Dix, director of regulatory reporting for Kx, a division of First Derivatives plc, who spoke on the panel. “From what we see this is going to be a reality,” said Dix. On Sept. 30, the customer specification for large broker-dealer reporting was posted. “Everyone knows that this is now final,” said Dix.

However, a Nov. 14 story in The Wall Street Journal raised concerns about CAT’s functionality, including the ability of the huge database to handle the volume of data and the contractor’s ability “to stitch together” all of the orders across the marketplace.

In “Stock-Market Supercomputer to Launch with Glitches ” the WSJ said that CAT was going to launch the next day with reporting from exchange, “but with less functionality than previously anticipated, including limits on how many people can search it.” Another issue is that not as many users, including regulators, will be able to search the database due to the high volume of data which is too much for the structure of the database,” wrote the Journal.

The SEC ordered the creation of an audit trail system in 2012 after it took the SEC several months to access the data it needed to analyze the sudden decline in U.S. stocks that occurred on May 20, 2010, known as the “flash crash.”

“It sounds like they still have work to do which is disappointing eight years out,” commented Joseph Saluzzi, partner and co-head of equity trading at Themis Trading LLC in Chatham, NJ.  “That’s unacceptable when we have a market structure with 13 stock exchanges, when we had a flash crash and you can’t get to the data quickly,” said Saluzzi.

In 2012, the SEC finalized Reg NMS Rule 613 ordering all of the exchanges and FINRA to develop a consolidated audit trail that would collect order, quote and trade data across equities and options into a single database.

One of the main purposes of building CAT is to help the SEC and FINRA surveil the markets and detect manipulative trading activity across the fast, complex and fragmented market structure.

Regulators are not happy with the progress, said Saluzzi, pointing to public remarks that SEC officials made at an STA event in the spring of this year. “It looks bad for them. While there hasn’t been another flash crash in eight years, what If another market event happens?” he asked.  It puts the SEC at risk if it has to investigate another event and if it takes months to report to Congress, said Saluzzi.

Speculating on the cause of CAT delays, Saluzzi said it looks like exchanges are trying to slow down the process.  The database will provide more transparency into high frequency trading, he said. “The more eyes you put on the market, the more chances you catch someone doing something wrong,” said Saluzzi. “Maybe that person is a large revenue producer for the exchange,” he said.

To be fair, CAT is a massive undertaking in capital markets that has never been attempted before.

“Obviously having a consolidated database like that with equities and options will be brand new. It doesn’t exist,” said Shelly Bohlin, Quality of Markets Section, FINRA’s Market Regulation Department, speaking at Tabb Group’s FinTech Festival conference. While a lot of infrastructure exists for equities and options, it doesn’t exist for consolidated options and equities, said Bohlin.

CAT would capture messages for orders across all markets from the time of order inception through routing, cancellation, modification and execution, states the CAT NMS Plan website.

Data Linkages

Some of the complexity of CAT “is not only getting all the information into a single database but ensuring how the information is linked altogether to capture the lifecycle of an order from the time an order originates through all of its modifications and routes,” said Todd Golub, head of product management at Thesys CAT LLC, on the panel.

Tracking the trajectory of an order includes “partial executions, aggregations, split orders, and all the machinations that could take place through the U.S. equity and options markets,” explained Golub. “That all needs to be collected and tied together from the beginning to middle to end,” he said. This gets even more complicated with linking options data to the underlying equities, he pointed out.

However, Saluzzi questioned why FINRA was not selected to build CAT, and why the SEC had allowed the CAT operating committee, mainly comprised of exchanges, to make the decision. He pointed out that Thesys Technologies, the parent of Thesis CAT, was previously affiliated with Tradeworx, a high- frequency trading firm. [In January 2018, Tradeworx sold off its trading business to focus solely on the growth and expansion of the financial technology business of its wholly owned subsidiary, Thesys Technologies.]  “FINRA currently conducts surveillance. They are doing a great job,“ said Saluzzi. FINRA builds reports by getting information from various SROs through OATS for Nasdaq-listed securities and Electronic Blue Sheets (EBS) for over-the-counter securities; whereas “CAT is supposed to make it easier, at the push of a button,” he said.

Meanwhile, the delays have caused some tension between the SEC and the exchanges.

Exchanges missed the original start date for CAT compliance on Nov. 15, 2017.  Last fall, the exchanges requested another delay for CAT compliance, but that request for relief was denied by SEC Chairman Jay Clayton.

“Chairman Clayton was unwilling to support such an extension request in the absence of a comprehensive and credible work plan,” said Brett Redfearn, Director, SEC Division of Trading and Markets, in a public statement on Aug. 27, 2018.   Instead of granting a further delay, the SEC urged the exchanges to work with the SROs on a credible work plan, including verifiable milestones and a detailed time line as well as governance and security enhancements. The SEC received the “Master Plan” on May 25, 2018 in which the SROs proposed five essential phases starting with equities reporting.

Next Up: Broker-Dealer Reporting

Now attention is turning to large broker-dealers who are scheduled to submit their equities data into CAT by Nov. 15, 2019. Brokers will enter orders executed on behalf of institutional clients, adding more order messages into the database.

“While the reporting can be challenging, a lot of brokers are approaching this as a data aggregation opportunity,” said David Campbell, VP of strategy and business development, Global Technology & Operations, Broadridge, which is providing a reporting solution to firms. “They’re aiming to keep data that is relevant to CAT in one place, but they’re also looking at other regulations for supervisory activities. So, this is an opportunity for them to start linking that data together and being able to use that data for multiple purposes,” said Campbell.  With better linked data, “there is an opportunity to do better compliance and surveillance internally and to better respond to queries from regulators,” said Campbell.

But not all data and functionality will be available on those dates, said Bohlin. Only equities data, and not options data, will be included in the large broker-dealer reporting which will commence on Nov. 15, 2019, according to the SEC’s August public statement. Simple, single electronic options orders will be submitted in May of 2020, followed by manual options orders and more complex equity and options linkages by May 15, 2021.  Reporting to a customer account database will not be ready until Nov. 15, 2021, said Bohlin. Small broker-dealers will have until Nov. 15, 2022 to report all of their data.

Cybersecurity Risks & Safeguards

One of the major cybersecurity concerns is that CAT is going to house orders sent by buy-side firms to their large broker-dealers.  “Obviously, it’s a huge database with a lot of valuable data, client information, personal data, and we’ve seen high profile hacks, such as Equifax,” said Tim Cave, analyst at Tabb Group, the panel’s moderator.

Golub acknowledged security concerns noting that CAT will contain every order or trade that takes place in the market along with customer information. “It’s a very large target,” said Golub but “a number of measures have been taken,” he assured attendees. First, Thesys CAT has a chief information security officer who is working closely with all the CISOs of the various SROs.  “[CAT] has been built from the ground up with security in mind,” said Golub. For example, order and trade information is kept physically separated from customer information from the start, he said. As far as getting access to the system, there are only two types of users: reporters, which would be all the SROs/exchanges and FINRA, and every industry member next year. Secondly, only regulators and the SEC have access to total information out of CAT or to access a view of the information that exists within CAT,” he said.

“The SEC and the Division of Trading & Markets will continue to monitor the development of cybersecurity controls for the CAT and work with the SROs, Thesys, and the industry regarding the security of CAT data,” said Redfearn in the SEC’s August public statement.

A reason cited for the SRO’s “standoff” in reporting data was the risk of hackers exposing customers data.  “Every order will have an account number associated with it that is linked with a particular customer who is authorized to place trades,” said Bohlin on the panel.

Speakers on the panel said that dealing with personally identifiable information, or PII, is well-known and is being addressed.

Kx’s Dix said he didn’t have any concerns about PII. He said the CAT NMS Operating committee did a good job by deciding to phase-in CAT. Next year broker-dealers are going to input simple items close to OATS reporting into CAT, which will allow vendors to address PII data. “There’s going to be a lot of attention on it between now and then, said Dix.

But right now, observers like Saluzzi are wondering when the project will ever get completed?

He compares the situation to hiring a contractor to renovate a kitchen. The homeowner pays thousands of dollars upfront; the contractor demolishes the kitchen and doesn’t finish the job.

In the case of CAT, the contractor was paid $50 million in 2017, and is due to make another payment this year, reported The WSJ.

However, the contractor is working with the SROs and FINRA and has not disappeared.  Thesys built and delivered MIDAS, a big data and analytics system for the SEC in 2012. In addition, it provided ultra-low latency market access and risk control platforms for Bank of America Merrill Lynch in 2011 and fully-hosted matching engine technology to Level ATS in 2013 and Convergex in 2014.

“Regulators need to be concerned and they have to push them,” said Saluzzi.

While past delays have disrupted the momentum, broker-dealers are said to be preparing to begin reporting data to CAT next year.

“In the past year, teams were put on ice or disbanded, and budgets were removed,” said Dix of broker-dealers. “Right now, budgets are being put back in place because CAT is going to be real,” he said. Teams have been reassembled early in the year, and broker-dealers have put together their own action plans,” he said. “Simultaneously, there’s a new urgency around CAT,” he said.