Privacy and cryptocurrencies are supposed to go hand in hand. That is the perception of newcomers who enter the crypto world for the first time.
However, regulations are making it harder than ever to protect the privacy of crypto users. One particular rule implemented by the US Securities and Exchange Commission (SEC) threatens to impose a mass surveillance tool on the crypto economy.
We are discussing the US SEC’s Consolidated Audit Trail (CAT). In this article, we explore its implications for crypto privacy.
Key Takeaways
- SEC proposed the creation of CAT after the Dow Jones index plunged nearly 1,000 points in minutes on May 6, 2010.
- On May 31, 2024, CAT became fully operational.
- Cryptocurrencies will be subject to CAT surveillance if they are classified as securities.
- Critics fear the CAT database will attract hackers.
- New Civil Liberties Alliance (NCLA) filed a lawsuit to halt the SEC’s CAT program.
What Is the Consolidated Audit Trail (CAT)?
The Consolidated Audit Trail is a US SEC mandate that requires securities exchanges in the US to maintain records of every order and trade of equity and options processed.
In 2010, the SEC proposed the creation of CAT after the Dow Jones index plunged nearly 1,000 points (or about 9% at the time) in minutes in early afternoon trading on May 6, 2010.
The market regulator found that it didn’t have enough information to explain the “Flash Crash of May 2010,” so it ordered the creation of a database to monitor transactions and the identities of everyone who invests in the US stock market.
The CAT surveillance system was approved by the US SEC in July 2012. Industry testing of CAT began in September 2019. On May 31, 2024, CAT became fully operational, according to the Securities Industry and Financial Markets Association (SIFMA) – a trade association for broker-dealers, investment banks, and asset managers in the US.
What Does CAT Mean for the Crypto Industry?
If cryptocurrencies are categorized as securities in the future, they will have to adhere to the US SEC-mandated CAT system. Here is how crypto transactions will be tracked by the CAT database:
- Crypto trades occurring on SEC-regulated centralized crypto exchanges will record orders throughout their entire life cycle from generation to routing, modification, cancellation, or execution.
- The CAT system will assign account holders a unique code to consistently identify the account holder and their trades.
- Each and every trade will be recorded with accurate timestamps.
Will Crypto Be Subjected to CAT Surveillance?
We return to an all-too-familiar question: Are cryptocurrencies securities or commodities? This is the key question that will decide whether cryptocurrency trades will be subject to CAT surveillance.
The SEC and Commodity Futures Trading Commission (CFTC) have been fighting over who gets to regulate cryptocurrencies in the US for years.
In the eyes of the SEC, all cryptocurrencies, except Bitcoin (BTC), are crypto securities. Meanwhile, the CFTC chooses to refer to cryptocurrencies as “virtual currencies” and claims regulatory oversight authority over them.
The SEC, in particular, has been persistent with its claims that all cryptos, except Bitcoin, are securities. In 2023, the regulator filed lawsuits against the three biggest crypto exchanges operating in the US – Binance, Coinbase, and Kraken – for operating as “unregistered securities exchanges.”
The SEC explicitly named several popular cryptocurrencies, including Solana (SOL), Cardano (ADA), and Polygon (MATIC), as securities in its lawsuits.
Thankfully, progress has been made in delivering regulatory clarity for the crypto industry in the US.
On May 22, 2024, the US House of Representatives passed the Financial Innovation and Technology for the 21st Century Act (FIT21) which aims to clearly define cryptocurrencies and categorize whether a particular crypto is a security or a commodity.
Most interestingly, the FIT21 bill is also designed to allow a crypto token to decentralize over time to become a commodity.
Data Security Risks to the World’s Largest Securities Database
Critics expect the CAT database to be an attractive target for hackers, as the CAT reports will contain personal, identifiable information of every retail and institutional investor in the US.
For context, the CAT database will be the largest database of securities transactions ever built, according to the SIFMA.
On May 17, 2024, concerns on CAT’s data security were voiced by US Representative French Hill, who called the SEC’s CAT market surveillance tool a “cybersecurity and national security risk.”
I'm opposed to the SEC's Consolidated Audit Trail (CAT). It creates:
– Privacy concerns
– A cybersecurity and national security risk
– Explosive implementation costs @SECGov and @FINRA already have the market surveillance tools to get the information they need. There's no… pic.twitter.com/BlZUiem7Fp— French Hill (@RepFrenchHill) May 16, 2024
Representative Hill said:
“We don’t need to create another big target for cyber threats in this country. The CAT database is a prime location for cyber criminals to steal the identity of Americans, add to the public data that is already available, look for patterns of life and target people for theft with information available on this database.”
Elsewhere, on May 24, 2024, a nonprofit civil rights group called New Civil Liberties Alliance (NCLA) filed a lawsuit asking a US District Court to halt the SEC’s CAT program.
“The unconstitutional CAT is the largest government-mandated mass collection of personal financial data in American history,” said NCLA.
“Without any statutory authorization from Congress, SEC is forcing brokers, exchanges, clearing agencies and alternative trading systems to capture and send detailed information on every investor’s trades in U.S. markets to a centralized database, which SEC and private regulators can access forever (but whose security they cannot ensure).”
⚠️WARNING: Your financial data is at risk!
The SEC's CAT program threatens the financial security of Americans with its invasive data collection.
That's why NCLA's @Trink44 is working to put an end to this overreach and safeguard privacy rights!
Listen to the full interview… pic.twitter.com/UXYJKXPZid
— New Civil Liberties Alliance (@NCLAlegal) April 18, 2024
Still, many CAT supporters advocate the system’s ability to “reveal the bad actors” and offer increased “transparency for investors.”
The Bottom Line
CAT was created by the SEC with good intentions: to protect investors from fraudulent activities and market manipulation.
Although the surveillance tool aims to ensure that the securities market in the US operates in a fair and equitable manner, many are concerned about the privacy tradeoffs that they have to give up to the CAT program.
FAQs
What does the consolidated audit trail do?
What is the purpose of CAT reporting?
What does it mean for crypto to be a security?
References
- Securities and Exchange Commission (Sec)
- Flash Crash – MarketsWiki, A Commonwealth of Market Knowledge (Marketswiki)
- A Safer CAT for Investors – SIFMA – A Safer CAT for Investors – SIFMA
(Sifma) - SEC.gov | Rule 613 (Consolidated Audit Trail) (Sec)
- Introduction to Virtual Currency (Cftc)
- CAT Data Security: The Clock is Ticking – SIFMA – CAT Data Security: The Clock is Ticking – SIFMA
(Sifma) - NCLA Asks Court to Halt SEC’s Unauthorized and Unlawful Mass Data Collection Regime (Nclalegal)
- Sam Hill on X (X)