Cybersecurity concerns will not cause a delay in the rollout of the Securities and Exchange Commission's massive trading database, Commissioner Michael Piwowar said at the Georgetown Financial Markets Quality Conference on Oct. 10.
The database, called the consolidated audit trail, or CAT, has come under increased scrutiny from lawmakers and industry participants in light of several large-scale hacks into credit monitoring agency Equifax and the SEC's corporate filing database.
Piwowar echoed Chairman Jay Clayton's comments that the regulator would not take any data from the CAT until its systems are secure.
"We, the SEC, are not going to take any of that data until we are confident and comfortable that we have a robust cybersecurity [plan], a way to protect it," Piwowar said. "While we are looking at trying to find ways to protect this to make sure we exceed the standards that are out there, that in no ways affects the process."
The comments came just weeks ahead of a Nov. 15 implementation date for self-regulatory organizations, when institutions such as stock and options exchanges will begin reporting to the database's central repository. At the same event, stock exchange executives, including the head of the Intercontinental Exchange Inc.-owned New York Stock Exchange, expressed concerns over the CAT's security and the types of data it will hold.
"Forget about a delay. Do we want to have this audit trail with the personally identifiable information for everybody who trades in the equity markets, even 10 years from now? I'm suggesting we don't. The New York Stock Exchange is suggesting we don't," NYSE President Tom Farley said at the event.
Piwowar said he had not thought about reopening the CAT's underlying rule to revise the inclusion of personally identifiable information, but he emphasized that the CAT's security would be treated seriously by the regulator.
"We need to make sure before we have any access to this data that we can protect it," he said.