New SEC Consolidated Audit Trail Requirements: Implications for Financial Services Firms and Vendors

As has been widely predicted by many observers, including yours truly, new financial industry records management requirements are about to be promulgated by federal regulators. When I wrote about this in April, I thought the catalyst for the new regulations was going to be the new omnibus financial reform bill now in its final throes in Congress. It turns out that a more pressing intervening event, the May 6, 2010 market crash, served to light a fire under the SEC. On May 26, the SEC released a proposed rule to create a consolidated audit trail for trading that calls for a real time, trade data repository to be managed by the SEC, and/or FINRA and its agents.

Overview of the proposed Consolidated Audit Trail requirements

The impetus for the new rule is based on the SEC’s belief that,

  • “(W)ith today’s fast, electronic and interconnected markets, there is a heightened need for a single uniform electronic cross-market order and execution tracking system that includes more information than is captured by the existing SRO audit trails, and in a uniform format.” (p17)

The scope of the rule:

  • “(W)ould require the consolidated audit trail to capture certain information about each order for an NMS security, including the identity of the customer placing the order and the routing, modification, cancellation or execution of the order, in real time. In effect, the proposal would create a time-stamped “electronic audit trail record or report” for every order, and each market participant that touches the order would be required to report information about certain reportable events, such as routing or execution of the order. “(p33)

While the first phase of the rule is limited to National Market Securities, the SEC plainly intends to expand its scope to virtually every variety of regulated equity and debt (including asset backed securities);

  • “The Commission ultimately intends for the consolidated audit trail to cover secondary market transactions in other securities, including equity securities that are not NMS securities, corporate bonds, municipal bonds, and asset- backed securities and other debt instruments; credit default swaps, equity swaps, and other security-based swaps; and any other products that may come under the Commission’s jurisdiction in the future. Further, the Commission preliminarily believes that it would be beneficial to provide for the possible expansion of the consolidated audit trail to include information on primary market transactions in NMS stocks and other equity securities that are not NMS stocks, as well as primary market transactions in debt securities.” (p50-51)

While not based solely on the SEC Broker Dealer Books and Records Act(SEC Rule 17a), the proposed rule is intended to work hand in hand with the Books and Records act:

  • “(T)he information would allow for better trend analysis and outlier identification. It also would improve pre-examination work and the asset verification process, and focus document requests, making the examination process more efficient for the Commission staff and the registrants subject to the process.” (p53)

The proposed Rule also moves the SEC and the rest of the regulatory community closer to its goal of full life time scrutiny of a debt or equity:

  • “The Commission preliminarily believes that the required execution information, in combination with the proposed information pertaining to order receipt or origination, modification, or cancellation, would provide regulators with a comprehensive, near real time view of all stages and all participants in the life of an order.” (p81)

In its proposed Rule, the SEC has left open the questions of who should run the Central Repository, precisely what data it should contain and in what format the data should be stored, but the following quote indicates that the Commission is thinking of the open XBRL format:

  • “The Commission has recently required that issuers report certain data in interactive data format such as XBRL.     This proposal does not specify any particular or required data format, but allows the SROs to select a data format. Should the Commission require that the data be transmitted or stored in any particular format? What are the relative merits of flat data files, relational data files, and interactive data files? What other formats should be considered? In what format can the SROs and their members efficiently transmit data? In what format would the data required in the proposal be most easily accessed.” (p93)

Finally, the SEC estimates the initial cost to develop the repository at $4 Billion with annual additional costs at $2.1 Billion. These costs are the estimates for all the exchanges and exchange members.

Implications for Financial Services firms

It’s no secret that financial services firms have information repositories that may charitably be described as ‘highly distributed’. A less charitable description would be a pile of “pick-up” sticks. At first glance, it would appear that implementing the CAT requirements might not be too difficult for them — if all they need to do is map their current trading systems to XBRL and send out a feed. However, a closer reading of the proposed rule reveals that the feed, in the short term, must integrate with Customer Relationship Management systems to provide a unique customer number to all trades and to the firm’s Human Resource systems to provide a unique ID number for all traders. This is going to be harder than it appears. Last year, I worked on a proposal for a Tier 1 FS firm to prepare it to comply with the FDIC’s new “Sweep Account” rules. This effort reminded me how difficult it is for most large FS firms – who are all the product of multiple acquisitions and mergers – to distill a single view of any customers account.

The downstream requirements of the proposed rule are even more daunting for the FS firms. If the rule is extended to all manner of debts and equities across their entire life, it will require FS firms to integrate at the customer, trader and servicing level, all of their systems. This is the holy grail of every FS CIO and one that it not currently within reach of any of them as far as I know. But this is a cloud with a silver lining; there is not a single FS firm that could not reduce its Information Technology complexity and costs if it built an IT framework around this level of integration. Moreover, if XBRL were used as the lingua franca of this framework, it would make merger and separation of business units, assets and systems much easier to accomplish.

Implications for Information Technology firms

This could and should be the next great gold rush for the firms that provide Information Technology to the Financial Services industry. The vendors that profited by the SEC’s extension of the Books and Records (17a 3-4) act to include all email and messaging systems used this event to create a substantial business around message archiving (e.g., Autonomy, Symantec, Iron Mountain and EMC). The proposed CAT rules are the most significant change to the Broker Dealer retention requirements since the 2003 amendment of 17a 3 and 4. The new CAT rules also call to mind the new business model which resulted from the SEC’s move to electronic filing, a move that resulted in the creation of the EDGAR system.

However, the largest implication of the proposed CAT rules for technology vendors is that it shoves the door open to a Cloud based system for managing and storing the complete life cycle history and artifacts associated with every type of regulated equity or debt instrument. This is huge – both symbolically and financially. The SEC estimates a cost of $4 Billion to establish the CAT system and annual upkeep of $2.1 Billion. Moreover, the SEC is clearly looking for an open system that will be integrated to and accessed by a large community of regulators, the regulated and perhaps third parties as well. If ever a set of requirements were custom made for a cloud solution, this is it.

So, who might be well advised to look at participating in this “bonanza”:

  • Cloud Providers: CAT would be a natural play for any cloud provider with experience building secure, scalable repositories wrapped in web services. The first player who comes to mind is Google. Google is now building private clouds for government – e.g. consider their recent deal teaming with CSC for the implementation of a cloud for Los Angeles County.
  • Enterprise Content Management Providers: IBM, EMC, Autonomy and Oracle all have the combination of:
    • large scale ECM systems
    • Compliance tool frameworks
    • the ability to consume XBRL in their middleware and Business Process Management tools
    • a large installed based among FS firms
  • Legal Publishers/Virtual Deal Room Providers/Archive Cloud Providers: Merrill, Donnelley, Bowne and Intralinks or IBM (with its new Lotus-live powered cloud and collaboration space), EDGAR Online (especially now that it has acquired XBRL leader UBMatrix), Iron Mountain and Viewpointe. What all of these vendors have in common is:
    • They manage large, secure clouds used by the FS industry ecosystem (regulators, regulated, lawyers and dealmakers).
    • A need to grow new revenues given the fallout from the financial crisis.
    • The ability, as crowd aggregators to leverage the ecosystem for significant ancillary revenue streams.
  • Government system integrators/AKA ‘Beltway Bandits”: These folks tend to focus on Defense/Intelligence deals, but CSC is very much a member of the Beltway Bandit club and, as noted above, they teamed with Google to provide the LA County Cloud.

What all of the technology providers should be doing right now is:

  • Develop a business plan around CAT requirements. The smart ones will come up with a plan that uses exploitation of ancillary revenue streams to reduce the costs to FINRA, the SEC and even the regulated entities. The players who are most adept at this are Google and the Legal Publishers.
  • Position themselves as a thought leaders in CAT (across the legal, regulatory, operational and technological domains) A toss up here, the large technology players have difficulty with business thought leadership and the large publishers are not the most adept at creating technology agendas that become large scale industry drivers.
  • Develop a sand box that becomes CAT headquarters for the major stakeholders in the new ecosystem. Here, if you look to either what Google regularly does via Google Labs, or what firms like UBMatrix did with XBRL, you can see how a sandbox can drive adoption of standards and platforms.

Implications for the Public

I am of the firm belief that one of the root causes of the financial crisis is the lack of transparency in financial transactions. The “Sell Side” used the obscurity to demand premium prices and hide risk. The regulators and their enablers in government used the obscurity to control their turf. An open, cloud based information base which can be integrated with every analytical and social networking tool in the infosphere will benefit the “Buy Side”, regulators and risk managers everywhere. This in turn will greatly benefit the public



About Gary Rylander

CEO Strategic Governance Solutions
This entry was posted in Compliance, Records management and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s