The U.S. Securities and Exchange Commission (SEC) wields a powerful new tool: the Consolidated Audit Trail (CAT). This system tracks every transaction across U.S. markets, creating a vast database of investor activity. While proponents hail the CAT as a weapon against fraud and manipulation, critics warn of a chilling effect on privacy – concerns that now extend to cryptocurrency investors as the SEC is proposing to include them.
Previously, trading data resided in silos across different exchanges and trading venues. CAT centralizes this information, allowing regulators to track activity more comprehensively and efficiently. This can be crucial for identifying potential manipulation or misconduct that might have been obscured when looking at fragmented data.
While the SEC’s goal was ostensibly to create a more robust and transparent market ecosystem, the threat that CAT represents to liberty and privacy make it not worth it, argues SEC Commissioner Hester Peirce, noting “tracking our trading behavior won’t stop bad events from happening in the markets, it will just make it a bit easier to understand what happened after the fact.”
The threat to cryptocurrency investors specifically comes in the form of two new rules the SEC is proposing, write crypto law experts Amanda Tuminelli and Marisa T. Coppel on Coindesk. The new rules will expand the SEC’s definitions of dealers and exchanges, causing cryptocurrency transactions to be encompassed by CAT.
Opponents to CAT are concerned about the amount of data collected and the potential security risks of such a large database. CAT collects Customer Identification Information (designed to identify the customers behind the orders) along with details about every order and trade in listed equities and options. The volume of data represented by CAT make it an incredibly appealing target for hackers.
The SEC proposed data security rules in 2020 to enhance CAT security, but these haven’t been implemented yet (even though CAT went live at the end of May). Crucially, the SEC hasn’t applied the cybersecurity standards it mandates for public companies to its own CAT system.
While CAT represents a vast trove of financial data for the SEC, it’s important to note that the SEC is not the only government entity that will have access to it. Not only will the thousands of SEC employees be able to tap into CAT, but so will multitudes of government entities and private organizations. In other words, the potential access points for bad actors are numerous.
Ultimately, what CAT represents is antithetical to cryptocurrency, which generally supports investor privacy through pseudonymity (meaning investor identities are hidden behind wallet identifiers). If CAT itself stands, and if its measures to expand its rules to include cryptocurrency also stand, then the SEC will gain access to the financial dealings of millions of crypto investors.