The exemption will help mitigate security risks posed by “bad actors” who could, in the event of a data breach, use the information to illegally take control of brokerage accounts, the regulator said.The move was endorsed by the securities industry.In a statement, Kenneth Bentsen, Jr., president and CEO of the U.S. Securities Industry and Financial Markets Association (SIFMA), said that the industry group applauded the regulator’s action.“For a decade, SIFMA has expressed strong concerns on behalf of the industry and investors that the information in the CAT — the largest database of retail and institutional trading ever created — was a ripe target for cyber criminals and collecting [personal information] put investors’ data at risk,” he said. “This bold decision by the commission is entirely appropriate and long overdue.”However, the move was criticized by SEC commissioner, Caroline Crenshaw, as potentially undermining the agency’s ability to oversee trading activity.“The CAT helps make our markets safer, more efficient, and can act as a powerful tool in ferreting out wrongdoing. Yet today, by eliminating critical data collection, we undermine its use and our own effectiveness. We are wiping away the fingerprints from the scene of the crime,” she said.Crenshaw noted that the CAT was adopted, partly in response to the “flash crash” that occurred in 2010, which revealed that regulators didn’t have adequate data to properly analyze and address these sorts of market events.“Unfortunately, today we eliminate the CAT’s collection of the most basic customer identifying information, thus impairing regulators’ ability to understand suspicious activity, unwind events or stave off market disruptions,” she said.“There is no question that this decision is a loss for markets and investor protection,” she added.In a release, acting SEC chairman, Mark Uyeda, said that the decision to stop the collection of personal information reflects the fact that this information, “is not necessary to achieve CAT’s objectives.”And, he said that, even without that information, regulators will still have enough data to guard against insider trading, market manipulation and other forms of illicit trading.
