The Effects of Consolidated Audit Trails on Broker-Dealers


Established by the Securities Exchange Act of 1934 (“The Act”), the Securities Exchange Commission (“SEC”) “governs the way in which the nation’s securities markets and its brokers and dealers operate.”[1] In an effort to better regulate the securities markets, the SEC has attempted to implement a program called the Consolidated Audit Trails (“CAT”).[2] CAT allows the SEC to collect information and track securities exchanges.[3] However, issues such as cyber security concerns, fees and costs, and additional litigation have caused the securities industry to push back on the SEC’s implementation of this program.[4]

Though there is some debate about the precise definition of “a security,” generally, it is a “fungible, negotiable financial instrument that holds some type of monetary value.”[5] Examples of securities include stocks, bonds, or options.[6] Section 3(a)(4)(A) of the Act gives a general definition of “a broker” as “any person engaged in the business of effecting transactions in securities for the account of others.”[7] Section 3(a)(5)(A) of the Act defines “a dealer” as “any person engaged in the business of buying and selling securities for his own account, through a broker or otherwise.”[8]

With respect to CATs, the SEC seeks to better regulate broker-dealer transactions, such as when they buy or sell stock. Self-Regulating Organizations (“SROs”), such as the Financial Industry Regulatory Authority (“FINRA”), also play a part in broker-dealer regulation.[9] An SRO is a “non-governmental organization” that can “create and enforce industry regulations and standards.”[10]

In 2012, the SEC voted to require national securities exchanges and FINRA to “establish a market-wide [CAT] that will significantly enhance regulators’ ability to monitor and analyze trading activity.”[11] This meant that national securities exchanges and FINRA would need to submit a “plan detailing how they would develop, implement, and maintain a [CAT] that must collect and accurately identify every order, cancellation, modification, and trade execution for all exchange-listed equities and equity options across all U.S. markets.”[12]

It is worth mentioning why the SEC voted to enforce such a measure. The driving force behind this regulation was the “Flash Crash,” which occurred on May 6, 2010. [13] In less than thirty minutes, the securities market dropped by approximately $1 trillion.[14] The SEC seemed to blame the Flash Crash on High Frequency Trading (“HFT”).[15] HFT is a “program trading platform that uses powerful computers to transact a large number of orders at very fast speeds.”[16] In response to the increasing prevalence of HFT, the SEC implemented the CAT system when it found its previous system too “outdated and inadequate” to oversee such a “highly automated” market system.[17] Instituting CATs is one measure the SEC is taking to avoid another Flash Crash.[18] The new CAT system is more effective in monitoring securities markets for several reasons: (1) it expands “the amount of data accessible to regulators by housing all trading data in the CAT repository,”[19] (2) it reduces the time it takes to retrieve this data, and[20] (3) it requires every account holder to have a unique ID.[21]

However, many securities exchanges are apprehensive of allowing the SEC to have such detailed information about all securities transactions.[22] This apprehension stems from the 2016 hack of the SEC’s EDGAR system, which is a database containing the federal filings of publicly traded companies and includes information such as, “company earnings, mergers and acquisitions, and executives’ share dealings.”[23] Hackers may have used this information to make trades of their own.[24] Implementing CAT means that the SEC would have information about “more than 100 million trading accounts.”[25] Exchanges are also concerned that if information about trades from these accounts is stolen, they might then become the target of lawsuits.[26]

Another issue with implementing CAT concerns which players in the securities markets will be paying for the system. It is estimated that it will cost the securities industry $50.7 million to implement the program, with broker-dealers paying for 75% of these costs and the SROs covering the other 25%.[27] This may be an inequitable cost structure, given that brokers are already paying for other costs in each securities transaction such as: “membership fees, registration and licensing fees, dedicated regulatory fees, options regulatory fees, and monetary fines.”[28]

The SEC rightly should take measures to ensure that another Flash Crash does not occur; acquiring more data on securities transactions will help ensure that drastic changes in the market are monitored. However, the privacy concerns voiced by the securities industry are well founded, not only because of the potential loss of sensitive information, but also the potential for litigation and the market consequences of hackers receiving inside knowledge on trades. CAT has not yet been fully implemented, but now that the securities industry is finally taking CAT seriously, the SEC should take further measures to ensure that the information procured through CAT is secure.

[1] U.S. Securities and Exchange Commission, Guides to Broker-Dealer Registration, (Apr. 2008),

[2] SEC Press Release, SEC Approves New Rule Requiring Consolidated Audit Trail to Monitor and Analyze Trading Activity, (July 11, 2012),

[3] Id.

[4] Hayden C. Holliman, The Consolidated Audit Trail: An Overreaction to the Danger of Flash Crashes from High Frequency Trading, 19 N.C. Banking Inst. 135, 158 (2015).

[5] Investopedia, Security,

[6] Id.

[7] U.S. Securities and Exchange Commission, Guides to Broker-Dealer Registration, (Apr. 2008),

[8] Id.

[9] Investopedia, Self-Regulatory Organization,

[10] Id.

[11] See SEC, supra, note 2.

[12] Id.

[13] Charlotte Chilton & Benjamin Bain, Wall Street Wins Round in Fight with Exchanges Over Audit System, Bloomberg (July 10, 2017),

[14] Hayden C. Holliman, The Consolidated Audit Trail: An Overreaction to the Danger of Flash Crashes from High Frequency Trading, 19 N.C. Banking Inst. 135 (2015).

[15] Id. at 141.

[16] Investopedia, High-Frequency Trading – HFT,

[17] 77 Fed. Reg. 45722-01.

[18] Holliman, supra note 14, at 144.

[19] Id. at 155.

[20] Id.

[21] Id. at 156.

[22] Benjamin Bain, Audit Trail Could Boost Cybersecurity Threat, Exchanges Say, Bloomberg (Oct. 10, 2017),

[23] Selena Larson, SEC Says Personal Information Compromised In 2016 Hack, (Oct. 2, 2017),

[24] Id.

[25] Bain, supra note 22.

[26] Dave Michaels, Key Lawmaker Calls for SEC to Delay Trading Database, Wall Street J. (Oct. 4, 2017),

[27] John McCrank, New U.S. Trading Database To Cost Industry $50.7 Million This Year, Reuters (May 5, 2017),

[28] Terry Flanagan, CAT Takes Shape, (Sept. 18, 2017),


About Author

Comments are closed.

Fordham Journal of Corporate & Financial Law