The Path Forward for Broker Dealers with CAT (Consolidated Audit Trail)
CAT is looking to be the powerhouse central repository for regulators to better manage the US options and equities markets. Without a strategic approach, brokers dealers can miss opportunities for cost efficiencies and deeper insights into client and market dynamics.
Background- The Long and Winding Road
In November 2016, the Securities and Exchange Commission approved the much-anticipated Consolidated Audit Trail (CAT) establishing the National Market System (NMS), a central repository of transaction data for all equities and options trades in the US. What was serious reaction to the flash crash of May 2010, the long road to CAT formally began in 2012 with the SEC’s adoption of Rule 613. After multiyear struggles and delays, CAT had finally arrived.
CAT is envisioned as a real-time trading surveillance tool for regulators, greatly expanding the capabilities of FINRA’s Order Audit Trail System (OATS), Electronic Blue Sheets, and COATS. National market exchanges and self-regulatory organizations (SRO’s) like FINRA will jointly spearhead efforts on the NMS plan to create, implement, and execute CAT. These groups, including broker dealers and securities information processor (SIP’s) are now required to report daily transaction data covering a trade from inception, routing, cancellations modification to final execution, customer and price information to NMS. For all market participants, the SEC expects implementation deliverables spanning two years from 2017 to 2019.
With still many unanswered questions around CAT’s implementation, broker dealers have their work cut out for them. The NMS plan requires enhanced data capture, reporting and retention, significantly impacting compliance, operations, risk and governance infrastructure within firms. Last March, CAT reporters synchronized their business clocks marking four months from the NMS Plan effective date. On January 17, 2017, Thesys Technologies LLC was selected by the SRO’s to build and operate the CAT central repository. To date, Thesys has released technical specifications for SRO’s, with those for other groups expected on or before the November 15, 2017 deadline. SRO’s will also begin reporting to the CAT processor on this date. The next key milestone occurs on November 15, 2018 where large industry members must report customer information and smaller industry members a year later.
Industry groups and CAT reporters have made clear serious concerns. Until the technical specifications for CAT reporters are released this November, much anxiety remains as to the extent of technology build out necessary to become compliant. One lingering question revolves on CAT’s future capability to adapt to the emerging block chain technology. Broker dealers will be given only 12 months from November 2017, to start submitting order cycle data to CAT. No clear date as to the decommissioning of OATS and other duplicative systems have been set nor the elimination of existing reporting requirements. Broker dealers carrying up to 75% of total CAT operating costs continues to be a sore point. To add insult to injury, access to CAT data is presently limited to the regulators and SRO’s only. Many fear that the non-access may prompt broker dealers to venture in building their own in-house capabilities thereby replicating CAT.
The Silver Lining
Despite the burden of increased operational demands, broker dealers can view CAT as an opportunity to strengthen existing technology platforms and develop cost efficiencies over time. With enhanced surveillance capabilities to regulators, building analytical functionality for end to end trading activities will be critical.
If CAT reporters do indeed build their own CAT query capabilities, data completeness will allow for more insights on reportable events and client performance. One important off shoot can point to increased transparency across markets. Increased data granularity offers broker dealers increased transparency on trading and execution and interactions with the markets.
GIBC Digital and CAT Solutions
CAT Readiness- A Strategic and Tactical View
At this point, brokers dealers should have drafted an early framework for various development stages, assessed overall impact to systems and regulatory reporting, formed working groups across various stakeholders, and determined budgets for all phases of software development and testing timelines. While Thesys underscored its commitment to flexibility in accepting technical specifications from market participants, broker dealers face the challenge in integrating internal architectural and technical environments with CAT NMS. Several key considerations for large broker dealers to meet the November 2018 compliance milestone:
Build out of expanded data sets for reporting beyond OATS requiring more information, such as unique customer identifier, unique identifier for broker dealers for each order life cycle, firm designated identifier (FDI) for each trading account, timestamp for orders, and trade details (security symbol, price, order type and other material terms). Although further down the road, the decommissioning of OATS and other duplicative systems is more than likely and needs to be part of firms phased plan. CAT will also require data on options and allocations.
Creation of a data dictionary capturing the full universe of information currently reported to eliminate duplicative reporting and assess opportunities for consolidation and simplification.
- Build out of internal identifiers to support CAT processing linkages, creating unique customer identifier (personally identifiable information (PII)) using (i.e.name, social security number, individual taxpayer identification number), accurately capturing and storing daily customer information.
- Maintain accuracy of clock synchronization based on National Institute of Standards and Technology (NIST) and ascertain technology requirements to comply with trade reporting to the nearest millisecond versus current practice of the nearest second
- Develop enhanced data and cybersecurity technology and controls framework. Data Security remains a paramount concern given the threats of breach and confidentiality to a centralized data repository. Although the SEC has strengthened several of the data security requirements to the NMS plan focusing on personally identifiable information, firms are tasked to enhance existing technology and data processing tools to ensure client information security and privacy.
- Develop regulatory and compliance enhancements and technology workout based on existing legacy systems and processes. Performing a gap analysis comparing CAT versus OATS regulatory requirements to plan for implementation support.
- Evaluate technology requirements to comply with initial maximum error rate of 5% for data reported to central repository subject to quality assurance with adjustments for each launch date of CAT reporters with periodic review by NMS operating committee. A decrease to lower this error rate on a phased approach has been determined.
- Implement updated Risk Management and Governance policies and procedures to comply with new CAT requirements. Evaluate gaps, create new exception reporting, escalation processes and initiate staff training to handle new set of controls and overall compliance.
GIBC’s deep expertise in technology and implementation provides broker dealers the ability to build a best in class technology approach and cost effective solutions for CAT. Critical engagement areas identified are:
Requirements Analysis and Design
Conduct comprehensive ongoing assessments of CAT readiness across various areas, ensuring clock synchronization to NIST standards, order life cycle process, and customer reference data.
Perform impact analysis on changes to front and middle office and client onboarding processes. Provide gap analysis on CAT vs OATs focusing on a) data sources/feeds between CAT and data elements otherwise not covered under OATS b) CAT vs OATS customer data. Map out existing reporting capabilities vs new requirements. Design future state CAT reporting capabilities.
Cost analysis whether to buy or build necessary infrastructure.
Utilizing information derived from assessments and specifications, develop detailed and phased CAT testing plan. Develop parallel reporting in the near term for CAT, OATS, and EBS.
Develop an Operational Excellence Approach
Naturally, with a heavy commitment to tracking customers, providing consolidated and accurate information for each, on a daily basis, the overhead to existing processes could be considerable. By adopting an Operational Excellence approach, broker-dealers can analyze potential impact to their value-chain and ensure that resources are aligned, control frameworks are optimized and that processes are fully updated for the efficient handling of CAT reporting.
Design a Comprehensive Data and Cybersecurity Program
Assess current data security deficiencies versus requirements to include connectivity and data transfer, encryption, storage, access, and breach management. Develop rigorous cybersecurity framework to maintain information-security protocols, confidentiality, integrity, and availability of CAT data. Prepare training modules to address the security and confidentiality of information. Create policies and procedures and control structures related to data security.
Risk and Governance Controls Design
Develop and prepare a strategic plan to comply with additional requirements by CAT.
Create updates inventory of regulatory reports, list of active authorized users, access to CAT regulators. Develop staff compliance awareness and training program.