Chinese Hackers and the CAT?

While the industry gears up for the beginning of testing for the Consolidated Audit Trail (CAT) this December, there are still some that want to derail the project.  After the SRO’s finally booted Thesys Technologies from the project, completion of the CAT seemed to be gaining momentum. FINRA has taken over production of the CAT and the CAT NMS Plan has produced what looks to be a reasonable timeline However, there are those that continue to balk at the idea of having personally identifiable information (PII) reside in the CAT database.  The latest objector is Senator John Kennedy (R-LA) who just sent a letter to the SEC outlining his case against having PII in the CAT. 

Chinese hackers? Really?  Is that the latest excuse for slowing down a project that was conceived as a result of the Flash Crash?  We’re not sure who is advising Sen. Kennedy (his OpenSecrets page doesn’t show any major financial donors) but we think his letter is ill-conceived and dangerous since it may further delay the CAT.  In his letter, he spells out a doomsday scenario if the CAT is hacked:

Rather than worry about how Chinese hackers could use PII to manipulate the market, we think Sen. Kennedy should be more concerned about how overseas traders have been spoofing and manipulating the stock market for years.  They have been able to do this because the SEC still lacks the proper surveillance tools to detect market manipulation in a timely manner.  The recent Clearpool settlement is a prime example of how market manipulation from foreign traders continues to occur. In the Clearpool case :

“From July 2014 to September 2016, Clearpool executed Fund X’s trades and introduced its order flow to other broker-dealers for execution. Fund X traded through more than 1,000 foreign, unregistered individual traders, and triggered thousands of surveillance alerts at FINRA and multiple exchanges for potentially manipulative trading known as “layering” and “spoofing.”

The industry has recently been discussing alternatives to PII such as creating unique trader id’s that would map in a separate database.  This could be the solution that satisfies both sides.  In the meantime, does Sen. Kennedy really want to continue to allow market manipulation to go undetected?  We don’t think so.  If the risk of a Chinese hack is the price that we have to pay to finally get a legitimate surveillance system, then that’s a chance that we’re willing to take.