U.S. Rep. Steve Womack (R-AR) is among several Republican lawmakers who have expressed concerns to Securities and Exchange Commission (SEC) Chair Gary Gensler about the privacy risks and national security threats associated with the consolidated audit trail (CAT).
The CAT is a data management platform that tracks all trade information from broker deals, trading venues, retail investments, and stock exchanges. Starting in July 2024, Womack said the CAT will start to collect personally indefinable information (PII) from Americans with money in the stock market. Womack said this makes the database a prime target for foreign cyber espionage and hacking attacks.
“A database that unnecessarily stores the personal information of millions of Americans might as well be a flaming target for hackers and foreign adversaries. The SEC should eliminate any plans to collect this sensitive data. This is fundamentally about protecting the public,” Womack said.
To mitigate these threats, Womack believes the SEC should prohibit the collection of any PII by the CAT and make clear to financial institutions that they will not be forced to hand over the personal information of their own customers to the CAT.
Womack, the ranking member of the House Appropriations Subcommittee on Financial Services and General Government, which has jurisdiction over the SEC, expressed his view via a letter to Gensler. It was also signed by Reps. Dave Joyce (R-OH), Chris Stewart (R-UT), and Mark Amodei (R-NV).
“Protecting the personal and financial information of every American investor from hackers and cyber criminals from Russia and China is of the utmost importance,” American Securities Association CEO Chris Iacovella said. “We thank Reps. Steve Womack, David Joyce, Chris Stewart, and Mark Amodei for their leadership and sending a message to the SEC that it must not collect any of this information.”