Consolidated Audit Trail Go-Live is Now a Certainty

6 September 2018 | 10 minutes

 

By Adam E. Dix

In this first article in a series about the roll out of the SEC’s Consolidated Audit Trail, KX Regulatory Reporting Director Adam E. Dix provides an update on the status of the regulation which will improve the ability of the US Securities and Exchange Commission (SEC) and Self-Regulatory Organizations (SRO’s) to more effectively oversee the US securities markets.  

The SEC’s Regulation 613 – the Consolidated Audit Trail National Market System Plan (the CAT) – has been kicking around the industry for about six years now. Despite criticisms surrounding cost, complexity, security and even need over this period, it had in some ways evolved into the Energizer Bunny of regulatory initiatives – aimlessly going, and going. But this is no longer the case. This CAT is now cleanly sprinting towards the end zone – and if you’ve been relaxing on the beach over the summer, take note: developments towards its ‘go-live’ have strengthened considerably in recent months, and the date for broker/dealer reporting is now coalescing around November 15, 2019.

If you are a US broker/dealer executive with a Compliance, Trading Ops or IT role in determining how your firm will meet its CAT reporting responsibilities, you’re likely aware of this shift. If you’re a business executive responsible for budget allocation and have allowed monies to slip away from 2018, you may want to consider pulling them back. Time is soon to be of the essence.

Late yesterday the CAT Operating Committee released an update to the Member Reporting Technical Specification, version 0.6.  At first blush, the most notable difference to prior reporting specifications is the change in characterization of the state of readiness of this version of the spec. As recently as June 6, draft version 0.3.1 contained, at the bottom of every page in bolded red print, the following caveat:

“THIS IS A DRAFT DOCUMENT. FOR DISCUSSION PURPOSES ONLY. NOT FINAL – PLEASE DO NOT USE FOR CODING. NOT APPROVED BY THE OPERATING COMMITTEE OF CAT NMS, LLC.”

This new spec, draft version 0.6, now contains an updated caveat (no longer in red):

“THIS IS A DRAFT DOCUMENT. SUBJECT TO CHANGE.  APPROVED BY THE OPERATING COMMITTEE OF CAT NMS, LLC FOR CAT IMPLEMENTATION PLANNING.”

In removing the prohibition on coding, the CAT Operating Committee is sending the industry a clear message: time to get working. In a later section entitled “THE PHASED APPROACH”, I’ll outline recent events that provide additional  basis for my conclusion that finally, after six years of discussion, planning, delays, and more planning, CAT’s momentum will now not be stopped.

Let’s start, though, with a quick rundown of how we got here. Why has the industry – for years – been suspect of CAT’s success?

THE CHALLENGES CAT HAS OVERCOME

Recall that Reg 613 laid out a specific set of milestones on its timeline to ‘Go-Live’. The likelihood of meeting these dates were swiftly called into question when, on January 15, 2017, the award of Plan Processor went to Thesys – a technology firm that had previously won the bid for the SEC’s market data aggregation service known as MIDAS. They were viewed as a dark horse against FINRA, the incumbent operator of the Order Audit Trail System (OATS) that CAT will one day replace.

Market data, however, is quite different than the full range of complex order event scenarios, including the myriad edge cases that Reg 613 demands to be collected from the institutional broker/dealers. Thesys began from a standing start with little direct insight into these complexities. Though they worked closely with the CAT Operating Committee to develop the first draft of a reporting specification for industry Members, it lacked direct broker/dealer community insight and was not well received.

Then, in the fall of 2017, there were the two cybersecurity hacks of Equifax and the SEC’s EDGAR database. These became a rallying cry around the safety of Personally Identifiable Information in the CAT, and a review of the CAT’s data protection protocols was demanded. Thesys, at that time, had yet to hire a CISO.

On November 13, 2017, the industry was jarred to learn the CAT OpCo had sent a letter  to the SEC seeking Exemptive Relief from having the Exchanges begin reporting in a mere two days, on November 15. Security of PII was a central point of contention, though it was well known they simply were not ready to report, and the Thesys Utility was not yet ready  to receive their files. At the time it felt as though this 48 page argument may have been a test of the SEC’s resolve. After all, it comes with a heavy cost and effort from the industry. Is it really necessary?

For a brief moment, this was the darkest day of CAT’s circuitous journey.

In point of fact though, yes, it really is. Early the very next day, on November 14, the SEC’s Chairman Clayton provided a quick commentary rejecting the request for Relief. Essentially, Chairman Clayton’s response instructed the Exchanges to stay the course – work hard at getting this right until you do.

THE PIVOT

Things then began to change. In the winter of 2017/2018 and into the spring, Thesys began catching up on their remit. By March they had hired a CISO and had also restructured their approach to the Member Reporting technical specification.

They had learned that broker/dealer practitioner insight was required, and the pivot began with an embrace of industry working groups (the Financial Industry Forum and SIFMA being two prominent examples) for detailed feedback. They also changed the structure of the CAT OpCo to engage more directly with the broker/dealer community.

In Q1 of 2018 there was a pretty sizeable divergence in both the approach and timing estimations coming from the OpCo versus Member industry working groups. But a movement towards a unified industry view was now underway.

THE PHASED APPROACH

Back in Q1 there were two broad courses of implementation under consideration. One was the ‘Big Bang’ approach – where all aspects of Reg 613 are implemented at once. The other was the ‘Phased Approach’ – a more sensible approach that broke out the implementation timeline into a series of phases, from simple to complex.

The phased approach quickly took hold with the broker/dealer industry working groups. It was pragmatic and addressed the two most important issues:

  • Retiring OATS as quickly as possible. By common sense analysis, introducing only simple Equity Order Events as the first Phase shortens the timeline of dual OATS/CAT reporting (based on the expected speed to reduce industry-wide CAT error rates) before OATS can be retired, and
  • Protecting Personally Identifiable Information. PII reporting is the ‘can that’s been kicked down the road’ with this approach. And that’s fine. PII is part of the final Phase and there are hard questions still to resolve. But there’s plenty of time, as that final phase of reporting is currently slated to begin on November 15, 2021.

On August 9th, 2018, the CAT OpCo held an industry conference call to confirm coalescence around their modestly different version of the broker/dealer’s Phased Approach. Further, they announced that Exchanges have begun UAT testing with the CAT Utility – NOTE: this is huge news – and plan to begin live reporting on November 15, 2018.

As an apparent confirmation of the importance of this moment, on August 27 the SEC’s Director of the Division of Trading and Markets, Brett Redfearn, released a Statement on Status of the Consolidated Audit Trail. In it, Mr. Redfearn outlined the broad history of CAT and the challenges it has encountered on its road towards implementation. It is the first commentary from the SEC since Chairman Clayton’s note of November 14, 2017.

Mr. Redfearn stops short of speculating what is likely to formally transpire in coming weeks and months. As it pertains to large broker/dealer reporting, he only goes as far as to write: the “Master Plan contemplates the following schedule” and yet provides the same detailed implementation calendar as presented in the OpCo’s call on August 9.

Two things will happen in coming weeks to cast the initial phase of this schedule in stone:

  • The SEC will publish a more declarative statement to the broker/dealer community stating the requirement that they must comply with this new timeline, and
  • The OpCo must stamp a Member Reporting Technical Specification “FINAL” by November 15, 2018 – allowing one year to prepare to report, as required by Reg 613.

Mr. Redfearn’s letter is a shot across the bow to the industry. CAT is about to get serious.

That said, things are still very fluid. As the Financial Industry Forum voiced to the CAT Leadership Team in a letter on August 20, 2018: “…the phased implementation approach, while representing a marked improvement from the SRO proposed November 2017 CAT Plan, continues to represent a highly aggressive implementation schedule.”

Over coming days and weeks there will be great scrutiny of yesterday’s revision to the Member Reporting technical specification. Changes will occur, of course, but given the feedback industry groups have provided to Thesys over recent months, there is now a far higher likelihood that a revised version of yesterday’s update will be stamped FINAL by November 15.

HOW WE GOT HERE

If you’ve been around the CAT dialog for these many years you’ll recall their origins in the Flash Crash of May 6, 2010. At the time, Gregg E. Berman, then-Senior Advisor to the Director, SEC Division of Trading and Markets, ran point on the forensic investigation as to what had actually happened that day. Shortly after publication of the joint SEC/CFTC findings report  on the events of May 6, Mr. Berman gave a speech to the 11th Annual SIFMA Market Structure Conference in NYC (October 13, 2010). In it, he presented a storyline summary of the events of the day, through to the conclusion of their forensic investigation. It’s a good read (the report itself weighs in at 104 pages).

In short, after much industry evaluation subsequent to the Findings Report dated September 30, 2010, the existing Order Audit Trail System (OATS) was determined to be no longer fit-for-purpose (though it’s interesting to note that Mr. Berman did not once directly mention the OATS inadequacy in his comments). In the months subsequent to these findings, the SEC was compelled to considered the question – what to do about our regulatory oversight?

After careful evaluation, it was decided that OATS would not be supplemented or reframed to serve the investigative needs of the regulators. On July 11, 2012, when the SEC announced the mandate to create a consolidated audit trail, OATS was effectively scrapped.

Mr. Berman’s conclusion in his speech is as relevant today as it was then, “…though the afternoon of May 6 was quite harrowing, I am confident that the lessons of that day will ultimately lead to lasting improvements that will benefit all market participants.”

CONCLUSION

As we continue to work through the challenges of implementing CAT, we cannot lose sight of Mr. Berman’s optimism. The improvements CAT will deliver to protect the integrity of our markets is well established, and we’re on the cusp of seeing them become our reality. You may choose to cobble together and re-purpose legacy OATS infrastructure components and apply them to your CAT reporting responsibility. Or you might take a cue from the SEC’s ‘clean sheet’ approach to their regulatory responsibilities and pursue your own “lasting improvements.”

The SEC is compelling our industry to execute against their objectives; whether you choose to develop a CAT reporting solution with a similar, strategic, long view of data ownership, control and governance, unlocking this golden store of data leverage-ability, is up to you. These opportunities don’t come along often.

 

Adam E. Dix is Director of Regulatory Reporting at KX, currently based in New York City. He has extensive experience in product strategy and the development of enterprise financial software, including senior roles at Thomson Reuters.

Demo kdb, the fastest time-series data analytics engine in the cloud








    For information on how we collect and use your data, please see our privacy notice. By clicking “Download Now” you understand and accept the terms of the License Agreement and the Acceptable Use Policy.