On November 15, the Securities and Exchange Commission approved the consolidated audit trail (CAT) plan proposed by the self-regulatory organizations (SROs). As specified by the CAT plan, the CAT will be designed to create a central repository to track all trading activity in national market system (NMS) securities, including options and equity securities.

The SROs propose to conduct the activities of the CAT through a nonprofit Delaware limited liability company, which they would own jointly and which would be managed by an operating committee comprised of all of the SROs, each with one vote. In addition, broker-dealers, specialists and others would serve on an advisory committee.

Within two months of approval of the plan, SROs will be required to select a plan processor to build and operate the CAT. SROs will be required to begin reporting to the CAT within one year of approval, with large broker-dealers reporting in the following year and small broker-dealers in the year after that.

Under the CAT plan, SROs and broker-dealers would be required to submit information about an order, including the identity of the customer, the date and time, the relevant broker-dealer, and the price, size, symbol and order type. Such information would need to be recorded contemporaneously with an order event (e.g., upon origination, routing, modification/cancellation and execution of the order) and reported to the central repository by 8:00 a.m. (ET) on the following day. For the sake of uniformity, the CAT NMS plan would require broker-dealers to synchronize their business clocks to the time maintained by the National Institute of Standards and Technology.

The SROs and the SEC would have access to the data contained in the central repository for regulatory and oversight purposes. The CAT plan, however, provides data security requirements regarding connectivity and data transfer, encryption, storage, access, breach management and personally identifiable information. In addition, the SROs would handle CAT data under information security protocols as rigorous as those applicable to the central repository.

The CAT plan provides details on data recording and reporting, governance, regulatory access and use, data security and confidentiality, and other items.

More information is available here.