Perspectives

Managing data challenges for consolidated audit trail (CAT) reporting

Implementing data management platforms

The consolidated audit trail is a paradigm shift in the regulation of US markets. Though compliance deadlines are fast approaching, there's still time for broker-dealers to take the lead in addressing data management challenges—and ultimately disrupt through innovation.

New reporting requirements

On November 15, 2016, the Securities and Exchange Commission (SEC) (under Rule 613) approved a joint plan by the Financial Industry Regulatory Authority (FINRA) and the securities exchanges (collectively called the self-regulatory organizations, or SROs) to create a consolidated audit trail.

SROs are required to begin reporting to the CAT starting on November 15, 2017, and large broker-dealers on November 15, 2018. Small broker-dealer members will begin to submit data by November 15, 2019. As part of their readiness efforts, the CAT National Market System (NMS) plan requires SROs and broker-dealers to make significant investments to enhance their technology, processes, and controls for daily CAT reporting.

The SROs and broker-dealers are required to submit the information listed below about the various stages in the life cycle of an order event by 8 a.m. ET on T+1, or the trading day following the reportable event:

  • Initial set of customer personally identifiable information (PII), including ITIN or SSN along with a unique customer identifier assigned by the broker-dealer
  • An identifier, provided by the SRO, for the broker-dealer receiving, originating, routing, or executing the order
  • The date and time of the order event
  • The security symbol, price, size, order type, and other material terms of the order

Common reporting challenges

Duplicative reporting

The SROs already maintain their own audit trail systems, which vary in scope, data requirements, and format. And the disparate nature of these audit trail systems makes it difficult for regulators to trace orders across multiple markets.

The SEC has tried to address the issue of duplicative reporting by recommending SROs submit rule change proposals for duplicative rules and systems within six months of the plan's approval. These rule change proposals provide that the retirement of duplicative rules and systems would be effective when the CAT data meets minimum standards of accuracy and reliability.

While broker-dealers prepare to transition from the existing regulatory landscape to implementing CAT, they should assess their current state and take stock of existing constraints and challenges in an endeavor to address these as part of their CAT readiness plans.

Data submission and quality violations

Over the past few years, there has been a significant increase in penalties and fines issued by US regulatory authorities (e.g., SEC and FINRA) against financial institutions for failure to report complete and accurate trade data in a timely manner as part of their blue sheet submissions. Even though the institutions concerned have neither admitted nor denied the charges in settling these matters in most cases, the failures have resulted in substantial material and reputational damages.

Over the last three years, regulatory authorities have fined regional and global financial institutions amounts in the range of $1M-$7M, with some of the commonly reported causes being:

  • Missing or inaccurate trade and transaction data
  • Computer coding and programming errors resulting in deficient or delayed submissions
  • Inadequate audit leading to inadvertent omission or misrepresentation of trades

A quick review of these reported causes revealed three core challenges financial institutions should address:

  • Data management constraints
  • Siloed systems and technology shortcomings
  • Customer privacy and data security issues

Data readiness capabilities

In preparation for the daily reporting of huge volumes of data to CAT, broker-dealers should assess their current data readiness capabilities (data sourcing, data quality, and data governance), identify gaps, and implement needed enhanced data management architecture and operating models. As part of their data readiness for CAT reporting requirements, broker-dealers should keep in mind the following considerations:

  • Assess data management and reporting capabilities of authoritative sources (e.g., trade capture and customer management information systems) and implement enhanced data architecture to meet CAT reporting requirements
  • Implement enhanced data governance capabilities, including data reconciliation and data controls, to ensure accuracy and integrity across duplicative reporting requirements for CAT and the existing reporting requirements for electronic blue sheets (EBS) and the Order Audit Trail System (OATS)
  • Implement improved data sourcing process with enhanced data security, data archival, and data recovery capabilities
  • Consider robotic process automation (RPA), cognitive technologies, and big data analytics solutions to achieve higher efficiency across regulatory reporting and data management processes
  • Improve data visualization tools and dashboards

The road ahead

The first reporting deadline for CAT is almost here. And broker-dealers will need to take immediate action. Enhanced governance and data management hygiene is integral to the CAT plan and must not be overlooked. Broker-dealers should leverage available data frameworks within their organizations and align their processes and technologies to established standards and policies.

In the absence of any pre-existing frameworks or governance structure, as a tactical arrangement to ensure good quality data for CAT reporting in the short term, they should strive to implement the fundamental data controls, business checks, and reconciliation procedures between trade data sources.

Going forward, broker-dealers can then further build out these capabilities to implement a more resolute data management platform that includes other necessary competencies such as a centralized reporting repository, authorized trade data sources, advanced security features, and process automation.

What else can you do to overcome these challenges under the new CAT reporting requirements? Download the full PDF to learn more.

Did you find this useful?