The potential delay in launching the SEC's consolidated audit trail on equity and options trades because of cybersecurity concerns could stall another regulatory data collection initiative — the CFTC's registry of algorithmic trading codes, sources said.
The CAT delay, in particular, is tied to concerns about the 2016 attack on the Securities and Exchange Commission's EDGAR corporate filing system.
SEC Chairman Jay Clayton said in testimony before the House Committee on Financial Services Oct. 4 that so far the Nov. 15 start date for CAT, which will track the lifecycle of all equity and options trades and identify all trade participants, has not changed. But he also doesn't want to collect too much information.
"The questions I've been asking are: 'What information are we taking in, do we need it, and can we protect it?' I don't want information unless we need it," Mr. Clayton said.
Mr. Clayton said the SEC "won't take" CAT live until those questions are answered. Rep. Jeb Hensarling, R-Texas, the House committee chairman, said he supported a delay.
"I understand what (Mr.) Clayton is doing and probably would do the same thing," said David Weisberger, head of equities, at ViableMkts, a trading technology and market structure advisory firm in New York. "The cybersecurity issue is real, since the CAT data is important and could be market moving." Mr. Weisberger said with the SEC, the Financial Industry Regulatory Authority and other self-regulatory organizations such as exchanges having access to the data, "the risk of a hack grows dramatically."
A similar delay could affect Regulation Automated Trading at the Commodity Futures Trading Commission, which is slated to begin later this year but already has an opponent in newly confirmed Commissioner Brian Quintenz, who said in a prepared statement at an Oct. 4 conference that "the prior administration's massively overreaching and highly concerning 'source code repository' proposal is D-E-A-D."