The selection of AWS as cloud service provider for the CAT is extremely concerning given AWS’ role in the recent data breach at Capital One
WASHINGTON – The American Securities Association (ASA) today sent a letter to Treasury Secretary Mnuchin and members of the Financial Stability Oversight Council (FSOC) urging the Council to act to stop the collection of retail investor personally identifiable information (PII) through the Securities and Exchange Commission’s (SEC) Consolidated Audit Trail database. ASA’s letter comes at a time when FSOC is set to meet today to discuss the risks posed by third-party cloud service providers.
“As the FSOC examines the role of cloud service providers, the ASA urges the Council to consider the enormous risks posed by the collection of the PII of American retail investor by the SEC’s Consolidated Audit Trail,” ASA CEO Chris Iacovella wrote in the letter.
“The selection of AWS as cloud service provider for the CAT is extremely concerning to us given the open questions regarding AWS’ role in the recent data breach at Capital One, which impacted 100 million individuals.”
As the cloud service provider for the CAT, AWS will bear responsibility for the security of the PII of every American retail investor that trades in the U.S. equity markets, one of the largest databases in American history.
“While we have tried to work through the regular channels, it is becoming increasingly clear that the SEC would rather put the interests of its career enforcement personnel ahead of Mr. and Mrs. 401(k) and America’s retail investors,” Iacovella said. “The CAT will become one of the top targets for state-sponsored Chinese hackers and other cybercriminals. We are also deeply concerned over language included in the CAT Reporter Agreement that seems to absolve CAT plan participants and AWS from any liability related to the breach or misuse of any information that brokers will send to the CAT. The identity of hardworking Americans saving for retirement must not be needlessly put at risk by the government.”
According to a recent nationwide Morning Consult survey, 72% of investors are not willing to put their personal information at risk in order to facilitate more insider trading cases, while 76% favor being allowed to ‘opt-out’ of having their PII collected under a system such as the CAT. There is growing momentum in Congress calling on the SEC to remove retail investor PII from the CAT. In July, a group of Senate Republicans sent a letter to the SEC highlighting the CAT’s national security risks. Leading members of the House Financial Services Committee sent a similar letter in April.
The collection of retail investor PII in no way bolsters the ability of the SEC to oversee equity markets more effectively as the Commission has brought over 387 insider trading cases since FY2011. ASA believes the CAT can surveil the marketplace and better understand market structure just as effectively by giving IDs to financial institutions, hedge funds, high-frequency and other large traders. Retail investors did not cause the flash crash.
ASA has been at the forefront of advocacy to remove retail investor PII from the CAT. ASA CEO Chris Iacovella recently penned an op-ed in The Hill titled “The National Security Risk No One Is Talking About.” To read our recent letter to the SEC, click here. To read our recent letter to the Senate Banking Committee, click here. To view a Morning Consult poll showing an overwhelming majority of American investors oppose sending their personal information to the CAT, click here.