The answer was to develop the CAT, which will be a giant data base—the biggest financial data base ever assembled—that would include all trades a company made, including cancelled bids and offers. Each trade would be accompanied by an identifier that would tag the identity of the person making the trade (and include personal information) and the identity of the firm.
Wall Street pushed back, arguing against the cost (no one knows), who will pay for it, and—most importantly—who has access to the data?
You get where I’m going: the Street is terrified someone will hack the data base. Once you hack the data base, not only do you have access to personal information, you have access to the trading history of Wall Street.
“You would be able to reconstruct positions and trades for everyone on Wall Street,” David Franasiak, a securities attorney with Williams & Jensen, told me.
That means even the big guys: Goldman Sachs. JP Morgan. Citadel. Renaissance. Everyone.
That would be the Fort Knox of Wall Street for real.
The first implementation stage for the CAT is set to begin in November. Oh boy.
“This has the potential to seriously delay the CAT,” Franasiak told me.
As for Wall Street—the brokerage firms, the asset managers, the exchanges–cyberattacks have been a hot topic for a long time. I called Kenneth Bentsen, a former Congressman who now heads up the Securities Industry and Financial Markets Association (SIFMA), the trade group that represents Wall Street in Washington.
“Cyber security is a C-Suite and Board level issue and has been a top industry priority for several years,” he told me. “The financial services industry is a top target facing tens of thousands of attacks each day. We are constantly working to improve cyber defenses, resiliency and recovery through massive monetary investment in technology and personnel, regular training, industry exercises, and close coordination between the financial sector and the government including our regulators.”
The new SEC Chair, Jay Clayton, will appear before the Senate Banking Committee next Tuesday. The Committee chairman, Mark Warner (D-VA), has already issued a statement saying that “government and businesses need to step up their efforts to protect our most sensitive personal and commercial information.”
You can say that again. One of the only good things that may come out of these recent security debacles is better legislation. There is no uniform standard for how companies should respond to a cyberattack, believe it or not. There have been attempts to craft legislation that would create a nationwide and uniform data breach standard that would require more timely notification of breaches, and setting data protection standards, but it has gone nowhere.
You can bet that has a better chance of passing now.