SIFMA has urged the U.S. Securities and Exchange Commission to take over the funding and direct control of the Consolidated Audit Trail, arguing that the current governance model leaves broker-dealers paying most of the cost for a regulatory system they do not control.
In a June 22 response to the SEC’s concept release on CAT and other audit trails, SIFMA said the Commission should immediately assume responsibility for 100% of CAT costs through its annual congressional budget process, then move toward eliminating the CAT NMS Plan and operating CAT directly under SEC control. The trade group said CAT’s 2026 annual budget stood at approximately $147 million as of March 2026, even after recent cost reduction efforts.
The letter turns a technical market data review into a larger debate over who should pay for the surveillance infrastructure that regulators use to monitor U.S. equities and listed options markets. SIFMA’s position is that the SEC is the system’s largest beneficiary, uses CAT for surveillance, enforcement and rulemaking, and effectively controls its development, yet bears none of its direct funding burden.
SIFMA Says CAT’s Governance Model Is Broken
CAT was created after the 2010 flash crash to give regulators a complete audit trail for U.S. equities and listed options. The system was approved through an NMS plan structure in 2016 and reached full implementation in 2024 after years of delays, milestones and escalating costs. SIFMA argues that this history shows the current model has failed because formal governance sits with self-regulatory organizations, while industry members and investors fund most of the system without a direct vote.
The trade group says industry members effectively pay 80% or more of CAT costs because broker-dealers fund their own reporting obligations and also fund FINRA’s portion of SRO costs. SIFMA argues that the Commission’s latest funding model can still shift the economic burden to industry members despite an appeals court ruling that vacated the original CAT funding model.
| Current CAT Model | SIFMA Proposal |
|---|---|
| Governed through CAT NMS Plan | CAT NMS Plan eventually eliminated |
| SRO Operating Committee controls formal governance | SEC directly controls the system |
| Industry members bear most costs | SEC funds CAT through congressional budget |
| Broker-dealers have no direct governance vote | Expanded advisory committee with industry and SRO input |
| Electronic Blue Sheets still used | EBS eliminated for equities and listed options |
| Exchange access to CAT data remains a concern | Regulator access narrowed by role and need |
SIFMA’s proposal would unfold in two phases. First, the SEC would include CAT costs in its annual budget request to Congress and pay the full system cost, with those expenses ultimately recovered through the existing Section 31 fee process. Second, the Commission would amend Rule 613, remove the CAT NMS Plan structure and convert CAT into a Commission-controlled regulatory system.
That would place CAT closer to systems such as EDGAR and MIDAS, which are funded and managed through the SEC’s own budget. SIFMA argues that this would better align incentives because the same regulator that controls the system’s scope would also need to justify its cost through the appropriations process.
The warning also comes at a time when U.S. market structure is being rewritten by 24-hour trading, tokenized equities and new execution venues. FinanceFeeds recently reported on 24X seeking SEC approval for tokenized Russell 1000 stocks and ETFs and 24X seeking a waiver to start overnight stock trading before consolidated data systems are ready. SIFMA’s letter argues that if tokenized equities trade outside broker-dealers and exchanges, CAT’s value as a complete market surveillance system could be weakened unless the SEC updates the reporting perimeter.
The Letter Targets Duplicate Reporting, Data Deletion And Cybersecurity
SIFMA also uses the letter to revive a long-running complaint about Electronic Blue Sheets. CAT was partly justified on the basis that it would allow legacy audit trails to be retired, but broker-dealers still receive EBS requests for equities and listed options even after CAT became fully functional. SIFMA says this forces firms to report transaction data to CAT while continuing to respond to overlapping EBS requests, increasing cost and exposing unmasked personal information through an older process.
The trade group proposes replacing EBS for equities and listed options with a secure centralized request-response system. Regulators would use CAT transaction records and account identifiers to send targeted requests to broker-dealers, which would respond through an automated secure channel. SIFMA says this would allow regulators to identify accounts tied to suspicious trading while avoiding a permanent central database of investor personal information.
| Issue | Current Situation | SIFMA Proposal |
|---|---|---|
| CAT annual budget | About $147 million in 2026 | SEC includes CAT in its budget |
| Effective industry burden | 80% or more of costs, according to SIFMA | SEC funding through appropriations |
| Electronic Blue Sheets | Still used alongside CAT | Retire EBS for equities and options |
| Historical data | SROs allowed to delete CAT data older than three years | Pause deletion pending broader review |
| Customer data requests | Multiple regulator request channels | Single secure request-response system |
The three-year data retention issue is another point of conflict. SIFMA supports reducing CAT costs, but it warns that deleting older CAT data could backfire if regulators then increase direct historical data requests to broker-dealers or continue relying on EBS to fill the gaps. In that case, cost savings at the CAT level would simply become compliance costs at the firm level.
The cybersecurity section is equally pointed. SIFMA says the SEC should revisit its abandoned 2020 CAT Data Security Proposal, including the idea of a secure analytical workspace that would prevent regulators from bulk downloading CAT data into separate systems. The trade group argues that allowing each exchange to download broad CAT datasets multiplies the number of environments where sensitive trading data exists and increases breach risk.
| Cybersecurity Area | SIFMA Concern | Requested Change |
|---|---|---|
| Bulk downloads | CAT data may reside in multiple regulator systems | Use secure analytical workspace or equivalent controls |
| Exchange visibility | Exchanges may see trading activity on other markets | Limit each exchange to its own market data except defined regulatory cases |
| Security governance | No formal permanent CAT Security Working Group | Create permanent group with industry input |
| Confidentiality policies | Policies may vary across SROs | Uniform written policies and annual examinations |
| Foreign access | Overseas access not clearly limited | Restrict non-U.S. access and require U.S.-based data centers |
| AI cyber risk | New autonomous hacking capabilities | Review CAT security and CCID encryption |
The data security issue carries broader market implications because CAT contains detailed order lifecycle data across U.S. equities and listed options. FinanceFeeds recently covered how the SEC used CAT data to uncover a $47 million front-running scheme, illustrating the system’s enforcement value. SIFMA’s argument is that this same value makes CAT a high-risk target and requires stronger controls over access, downloads and regulator use.
The Fight Is About Future Market Structure, Not Only Costs
The letter lands as the SEC and market participants debate what U.S. equity trading will look like over the next decade. Overnight equities, tokenized stocks, blockchain settlement, retail execution models and AI-driven surveillance all raise questions about whether regulators can maintain a complete view of trading activity. SIFMA’s point is that CAT cannot remain both expensive and incomplete. If regulators rely on it as the central map of market activity, the system must capture economically equivalent trading activity and must be governed by the regulator that depends on it.
The tokenization issue is especially important. SIFMA warns that if tokenized equities are allowed to trade away from registered exchanges and broker-dealers, those trades may not be reported to CAT unless the Commission takes action. That would leave regulators with detailed lifecycle data for conventional trades but not for functionally similar transactions executed through newer models. FinanceFeeds has also reported on SEC discussions around tokenized stocks and DeFi platforms, Morgan Stanley identifying asset tokenization as a growth frontier, and AMINA joining 21X as a listing sponsor for a regulated EU DLT trading venue. Those developments explain why CAT’s perimeter is now a market structure question rather than only a reporting question.
The proposal would also change the balance of power among the SEC, FINRA and exchanges. SIFMA argues that FINRA has only one vote on the CAT Operating Committee despite paying the largest share of the SRO cost burden and conducting most cross-market surveillance. At the same time, large exchange groups control multiple SRO votes under the current NMS plan structure. Direct SEC control would reduce that governance imbalance, while giving FINRA full access for cross-market regulation and limiting individual exchanges to the data needed for their own market oversight.
For broker-dealers and retail investors, the practical issue is whether surveillance costs continue to flow through the industry in ways that are difficult to challenge. SIFMA acknowledges that the industry would still ultimately fund the SEC budget through Section 31 fees, but argues that moving CAT into the SEC’s budget would create stronger public oversight and make the Commission more responsible for controlling scope, cost and data security.
Takeaway
SIFMA’s letter is one of the strongest challenges yet to the CAT operating model. The trade group is not asking for a minor cost adjustment. It wants the SEC to fund CAT, take direct control, retire Electronic Blue Sheets, limit regulator access to sensitive trading data and redesign cybersecurity controls. The timing matters because tokenized equities and overnight trading could test whether CAT remains a complete market surveillance system. If the SEC accepts even part of SIFMA’s proposal, the result would be a major shift in how U.S. equity and options markets are monitored, funded and governed.
