New Bill Puts Clamp on SEC's CAT

News July 13, 2023 at 09:32 AM
Share & Print

New legislation introduced Wednesday would prohibit the Securities and Exchange Commission from requiring that personally identifiable information be collected under its Consolidated Audit Trail, or CAT.

Rep. Barry Loudermilk, R-Ga., said Wednesday in introducing the Protecting Investors' Personally Identifiable Information Act, H.R. 4551, that "the federal government has two huge problems when it comes to cybersecurity: they collect way too much personally identifiable information (PII), and they have a poor track record of protecting this information from hackers. Look no further than the 2021 SolarWinds hack, which saw more than 30,000 public and private organizations breached and is considered one of the largest cyber hacks in modern history."

Ken Bentsen, president and CEO of the Securities Industry and Financial Markets Association, and Ellen Greene, managing director, Equity and Options Market Structure at SIFMA, warned in January that as of March 17, investors' PII became available via the CAT.

Bentsen and Greene called the move a failure by the SEC to implement changes to protect investor privacy.

Loundermilk's bill is co-sponsored by Reps. French Hill, R-Ark.; Bill Huizenga, R-Mich.; Ann Wagner, R-Mo.; Dan Meuser, R-Pa.; Young Kim, R-Calif.; and Zach Nunn, R-Iowa.

Sen. John Kennedy, R-La., has introduced companion legislation in the Senate.

The SEC, Loundermilk said, "has been barreling forward" with CAT, "which tracks every trade an individual investor makes and links it to their identity through a centralized system."

Loundermilk added: "Not only is collecting all this information unnecessary, regulators already have similar systems that don't easily match identities with transactions, but it also creates another security vulnerability and a target for hackers."

Former SEC Chairman Jay Clayton explained in 2019 that the CAT was "intended to enhance regulatory oversight of our securities markets. Our equities and options markets operate through multiple exchanges and other venues and the CAT will facilitate cross-market oversight and analysis, thereby improving investor protection and market integrity."

Loundermilk said his bill "would help prevent an accidental or intentional breach by restricting the SEC's ability to collect this data in the first place."

Under the bill, the SEC "would only be able to request this data if they are investigating or enforcing violations of federal securities law. Furthermore, they would be required to destroy the data after they are finished with it. This is a commonsense solution aimed to protect investors, and it in no way hinders the SEC's mission."

Kennedy added in the statement that CAT "would expose every American investor's Social Security number and personal data to malicious hackers. The CAT is unconstitutional, and it hoards personal information it doesn't need."

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Related Stories

Resource Center