Data Protection in CAT Explained

Michael Volpe

After spending a decade in finance, Michael Volpe has been a freelance investigative journalist since 2009. His work has been published locally in the Chicago Reader, Chicago Crusader, Chicago Heights Patch, and New City. Nationally, Volpe's work has appeared in a wide variety of publications including the Washington Examiner, the Daily Caller, Crime Magazine, the Southern Christian Leadership Conference Newsletter, and Counter Punch. Volpe has been recognized by whistleblowers as leading the charge in getting their stories out. His first book Prosecutors Gone Wild was published in October 2012, his second book The Definitive Dossier of PTSD in Whistleblowers was published in February 2013 and his third book Bullied to Death was published in August 2015.


Data Protection in CAT Explained

October 31, 2019

The framers of the Consolidated Audit Trail explained how Personally Identifiable Information (PII) or (data protection )will be protected.

The Senate Committee on Banking, Housing, and Urban Affairs held a hearing entitled “Oversight of the Status of the Consolidated Audit Trail.”

CAT, “will track orders throughout their life cycle and identify the broker-dealers handling them, thus allowing regulators to more efficiently track activity in Eligible Securities throughout the U.S. markets,” according to its description on the CAT Plan website.

One recurring theme was the protection of PII.

“FINRA CAT understands concerns that continue to be raised about the inherent risk of handling CAT data, particularly PII. Even with the enhanced architectural and program controls required by the plan for PII—such as containing PII in its own separate system with restricted access—there may be policy questions for the SEC and SRO consortium to discuss about the costs and benefits of collecting and storing sensitive personal data,” said Judy McDonald, in her written testimony.

McDonald is the Chair of the CAT NMS Advisory Committee and one of three witnesses in the hearing.

Mike Crapo is a Republican Senator from the State of Idaho and he chairs the committee.

During his five minute question and answer period some of the complexities of protecting PII, namely people’s social security numbers and other personal information, came into focus.

“Given that the PII information will be excluded from the data will be excluded from collection, can the data that is collected be reverse engineered?’ Crapo asked.

Michael Simon, the CAT NMS Plan Operating Committee Chair first answered.

He said the person making the trade will be identified by what is referred to as the CCID, the Cat Customer ID.

“It’s important to note that broker/dealers will not be sending social security numbers to the CAT; the CAT will never receive or store them. Rather, we have a multi step system in place that FINRA CAT will be building so that the broker/dealers will be dealing some hashing.”

This CCID, Simon explained, will be attached to the trade and not an indvidual’s social security number.

But Crapo did not seem impressed, he followed up by saying, “that (CCID) seems like it just begs for reverse engineering.”

Shelly Bohlin

Shelly Bohlin is the President & Chief Operating Officer of FINRA CAT LLC FINRA and the third person who testified.

She explained further how the system would work.

“The objective is to be able to identify a single customer trading across all broker/dealers,” Bohlin said of the reason CCID was created.

She further explained why reverse engineering is difficult, “The CCID is only known by CAT; it is not returned to the broker/dealer, no one outside of CAT will ever have access or know the CCID,” she said, “The customer account data is segregated from the transaction data. The CCID- while it will have associated with it customer information in the customer and account database- it is not available to the transaction data. Only the actual CCID, not knowing who it is, whether it is an institution or a natural person.”

FINRA, the Financial Industry Regulatory Authority, and other self-regulatory organizations, have taken the lead in building the CAT, which continues.

CAT was originally proposed by the SEC in the aftermath of the flash crash which occurred almost ten years ago.

Login To MyTis Comment Or Register to MyTIS

Notify of
Inline Feedbacks
View all comments


Register now to receive the latest news and information for global trading industry.

Latest Articles

Working, Accenture, FPC, 2%, purchases

BOE: Asset Purchase Facility: Gilt Purchases – Market Notice 6 August 2020

On 17 June the MPC voted for the Bank of England to continue with its existing programme of £200bn of UK government bond and sterling non-financial investment-grade corporate bond purchases, …

Would love your thoughts, please comment.x