top of page

As Cyber Threats Rise, SEC Should Halt Collection of Retail Investor Data

New report identifies increase in financially motivated cybercrime & growth of nation-state adversaries

WASHINGTON – Following the release of a report from leading cybersecurity firm CrowdStrike, detailing the increased global cyber and data threat, the American Securities Association (ASA) once again called on the Securities and Exchange Commission (SEC) to protect America’s retail investors from identity theft and stop the collection of any of their personally identifiable information by the Consolidated Audit Trail (CAT) database.

“Nation-states and bad actors are increasingly working across the globe to target Americans and steal their identity,” said ASA CEO Chris Iacovella. “At this time of unprecedented global threats, it’s unbelievable that the SEC would create a one-stop-shop for cyber criminals.”

According to the 2020 CrowdStrike Global Threat Report, “financially motivated cybercrime activity occurred on a nearly continuous basis” and “increasingly these actors have begun conducting data exfiltration, enabling the weaponization of sensitive data.”

“Moving beyond eCrime, nation-state adversaries continued unabated throughout 2019, targeting a wide range of industries,” according to the report. “Another key trend in this year’s report is the telecommunications industry being targeted with increased frequency by threat actors, such as China and DPRK. CrowdStrike Intelligence assesses that various nations, particularly China, have interest in targeting this sector to steal intellectual property and competitive intelligence.”

This week’s report follows last month’s announcement from the Department of Justice indicting four members of the Chinese People’s Liberation Army for its involvement in the Equifax breach and stealing the personal data of 145 million Americans.

According to a nationwide Morning Consult survey, 72% of investors are not willing to put their personal information at risk in order to facilitate more insider trading cases, while 76% favor being allowed to ‘opt-out’ of having their PII collected under a system such as the CAT. There is growing momentum in Congress calling on the SEC to remove retail investor PII from the CAT. In July, a group of Senate Republicans sent a letter to the SEC highlighting the CAT’s national security risks. Leading members of the House Financial Services Committee sent a similar letter in April.

The collection of retail investor PII in no way bolsters the ability of the SEC to oversee equity markets more effectively as the Commission has brought over 387 insider trading cases since FY2011. ASA believes the CAT can surveil the marketplace and better understand market structure just as effectively by giving IDs to financial institutions, hedge funds, high-frequency and other large traders. Retail investors did not cause the flash crash.

ASA has been at the forefront of advocacy to remove retail investor PII from the CAT. ASA CEO Chris Iacovella penned an op-ed in The Hill titled “The National Security Risk No One Is Talking About.” To read our recent letter to the SEC, click here. To read our recent letter to the Senate Banking Committee, click here. To view a Morning Consult poll showing an overwhelming majority of American investors oppose sending their personal information to the CAT, click here.



bottom of page