Concept Release on Consolidated Audit Trail and Other Audit Trails and Data Sources

Legal Status This site displays a prototype of a “Web 2.0” version of the daily
Federal Register. It is not an official legal edition of the Federal
Register, and does not replace the official print version or the official
electronic version on GPO’s govinfo.gov.

The documents posted on this site are XML renditions of published Federal
Register documents. Each document posted on the site includes a link to the
corresponding official PDF file on govinfo.gov. This prototype edition of the
daily Federal Register on FederalRegister.gov will remain an unofficial
informational resource until the Administrative Committee of the Federal
Register (ACFR) issues a regulation granting it official legal status.
For complete information about, and access to, our official publications
and services, go to About the Federal Register on NARA's archives.gov.

The OFR/GPO partnership is committed to presenting accurate and reliable
regulatory information on FederalRegister.gov with the objective of
establishing the XML-based Federal Register as an ACFR-sanctioned
publication in the future. While every effort has been made to ensure that
the material on FederalRegister.gov is accurately displayed, consistent with
the official SGML-based PDF version on govinfo.gov, those relying on it for
legal research should verify their results against an official edition of
the Federal Register. Until the ACFR grants it official status, the XML
rendition of the daily Federal Register on FederalRegister.gov does not
provide legal notice to the public or judicial notice to the courts.

Legal Status

Proposed Rule

Concept Release on Consolidated Audit Trail and Other Audit Trails and Data Sources

A Proposed Rule by the Securities and Exchange Commission on 04/20/2026

• 1.

1.
This document has a comment period that ends in 65 days.
(06/22/2026)

Thank you for taking the time to create a comment. Your input is important.

Once you have filled in the required fields below you can preview and/or submit your comment to the Securities and Exchange Commission for review. All comments are considered public and will be posted online once the Securities and Exchange Commission has reviewed them.

You can view or you may also comment via Regulations.gov at /documents/2026/04/20/2026-07651/concept-release-on-consolidated-audit-trail-and-other-audit-trails-and-data-sources.

It appears that you have attempted to comment on this document before
so we've restored your progress.
.
1.
2. Comment * What is your comment about? Upload File(s) Note: You can attach your comment as a file and/or attach supporting
documents to your comment. Attachment Requirements.

Email this will NOT be posted on regulations.gov

Opt to receive email confirmation of submission and tracking number? Tell us about yourself! I am... * An Individual An Organization Anonymous First Name * Last Name * City Region State Alabama Alaska American Samoa Arizona Arkansas California Colorado Connecticut Delaware District of Columbia Florida Georgia Guam Hawaii Idaho Illinois Indiana Iowa Kansas Kentucky Louisiana Maine Maryland Massachusetts Michigan Minnesota Mississippi Missouri Montana Nebraska Nevada New Hampshire New Jersey New Mexico New York North Carolina North Dakota Ohio Oklahoma Oregon Pennsylvania Puerto Rico Rhode Island South Carolina South Dakota Tennessee Texas Utah Vermont Virgin Islands Virginia Washington West Virginia Wisconsin Wyoming Zip Country Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia, Plurinational State of Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos (Keeling) Islands Colombia Comoros Congo Congo, the Democratic Republic of the Cook Islands Costa Rica Côte d'Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands (Malvinas) Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See (Vatican City State) Honduras Hong Kong Hungary Iceland India Indonesia Iran, Islamic Republic of Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati Korea, Democratic People's Republic of Korea, Republic of Kuwait Kyrgyzstan Lao People's Democratic Republic Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macao Macedonia, the Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia, Federated States of Moldova, Republic of Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestine, State of Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Barthélemy Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Martin (French part) Saint Pierre and Miquelon Saint Vincent and the Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Sint Maarten (Dutch part) Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and the South Sandwich Islands South Sudan Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan, Province of China Tajikistan Tanzania, United Republic of Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates United Kingdom United States United States Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela, Bolivarian Republic of Viet Nam Virgin Islands, British Virgin Islands, U.S. Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Phone Organization Type * Company Organization Federal State Local Tribal Regional Foreign U.S. House of Representatives U.S. Senate Organization Name * You are filing a document into an official docket. Any personal
information included in your comment text and/or uploaded
attachment(s) may be publicly viewable on the web. I read and understand the statement above.

2. Please review the Regulations.gov privacy notice and user notice.
3. Document Details Published Content - Document Details Agency Securities and Exchange Commission Agency/Docket Numbers Release No. 34-105251 File No. S7-2026-12 CFR 17 CFR 240 17 CFR 242 Document Citation 91 FR 20945 Document Number 2026-07651 Document Type Proposed Rule Pages 20945-20968 (24 pages) Publication Date 04/20/2026 RIN 3235-AN54 Published Content - Document Details

• PDF Official Content
  • View printed version (PDF) Official Content
• Document Details Published Content - Document Details Agency Securities and Exchange Commission Agency/Docket Numbers Release No. 34-105251 File No. S7-2026-12 CFR 17 CFR 240 17 CFR 242 Document Citation 91 FR 20945 Document Number 2026-07651 Document Type Proposed Rule Pages 20945-20968 (24 pages) Publication Date 04/20/2026 RIN 3235-AN54 Published Content - Document Details
• Document Dates Published Content - Document Dates Comments Close 06/22/2026 Dates Text Comments should be received on or before June 22, 2026. Published Content - Document Dates

• Table of Contents Enhanced Content - Table of Contents This table of contents is a navigational tool, processed from the
  headings within the legal text of Federal Register documents.
  This repetition of headings to form internal navigation links
  has no substantive legal effect.

  -

  -

  -

  -

  -

  -

  -

  -

  -

  -

  -

  -

  -

  -

  -

  -

  -

  -

  -

  -

  -

  -

  -

  -

  -

  • Enhanced Content - Table of Contents

• Public Comments Enhanced Content - Public Comments Comments are being accepted - .

Enhanced Content - Public Comments
- Regulations.gov Data Enhanced Content - Regulations.gov Data Additional information is not currently available for this document.

Enhanced Content - Regulations.gov Data

- Sharing Enhanced Content - Sharing Shorter Document URL https://www.federalregister.gov/d/2026-07651 Email Email this document to a friend Enhanced Content - Sharing

• Print Enhanced Content - Print
  • Enhanced Content - Print
• Document Statistics Enhanced Content - Document Statistics Document page views are updated periodically throughout the day and are cumulative counts for this document. Counts are subject to sampling, reprocessing and revision (up or down) throughout the day.

Page views 0
as of
04/18/2026 at 4:15 am EDT Enhanced Content - Document Statistics
- Other Formats Enhanced Content - Other Formats This document is also available in the following formats:

JSON Normalized attributes and metadata XML Original full text XML MODS Government Publishing Office metadata More information and documentation can be found in our developer tools pages.

Enhanced Content - Other Formats
- Public Inspection Public Inspection This PDF is FR Doc. 2026-07651 as it appeared on Public Inspection on
04/17/2026 at 8:45 am.

It was viewed
26
times while on Public Inspection.

If you are using public inspection listings for legal research, you
should verify the contents of the documents against a final, official
edition of the Federal Register. Only official editions of the
Federal Register provide legal notice of publication to the public and judicial notice
to the courts under 44 U.S.C. 1503 & 1507. Learn more here.

Public Inspection
Published Document: 2026-07651 (91 FR 20945) This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Document Headings Document headings vary by document type but may contain
the following:

1. the agency or agencies that issued and signed a document
2. the number of the CFR title and the number of each part the document amends, proposes to amend, or is directly related to
3. the agency docket number / agency internal file number
4. the RIN which identifies each regulatory action listed in the Unified Agenda of Federal Regulatory and Deregulatory Actions See the Document Drafting Handbook for more details.

Securities and Exchange Commission

1. 17 CFR Parts 240 and 242
2. [Release No. 34-105251; File No. S7-2026-12]
3. RIN 3235-AN54

AGENCY:

Securities and Exchange Commission.

ACTION:

Concept release; request for comments.

SUMMARY:

The Securities and Exchange Commission (the “Commission”) is publishing this concept release to solicit comments in support of a comprehensive review of the Consolidated Audit Trail and other audit trails and related data sources currently used in the regulation of U.S. ( printed page 20946) securities markets, including comments regarding the funding mechanisms for these audit trails and/or related data sources. There have been several developments since the Commission last evaluated the scope and sufficiency of these audit trails and related data sources. These developments have prompted the Commission to consider whether changes should be made to the rules and regulations governing existing audit trails and related data sources to better respond to and reflect current market conditions; demonstrated regulatory needs; civil liberty, privacy, and confidentiality concerns; cost-efficient technology solutions; and cybersecurity considerations.

DATES:

Comments should be received on or before June 22, 2026.

ADDRESSES:

Comments may be submitted by any of the following methods:

Electronic Comments

• Use the Commission's internet comment form (https://www.sec.gov/​rules/​submitcomments.htm); or
• Send an email to rule-comments@sec.gov. Please include File Number S7-2026-12 on the subject line.

Paper Comments

• Send paper comments to Secretary, Securities and Exchange Commission, 100 F Street NE, Washington, DC 20549-1090. All submissions should refer to File Number S7-2026-12. This file number should be included on the subject line if email is used. To help the Commission process and review your comments more efficiently, please use only one method of submission. The Commission will post all comments on the Commission's website (https://www.sec.gov/​rules-regulations/​rulemaking-activity). All comments received will be posted without change. Do not include personally identifiable information in submissions; you should submit only information that you wish to make available publicly. The Commission may redact in part or withhold entirely from publication submitted material that is obscene or subject to copyright protection.

Studies, memoranda, or other substantive items may be added by the Commission or staff to the comment file during this rulemaking. A notification of the inclusion in the comment file of any such materials will be made available on the Commission's website. To ensure direct electronic receipt of such notifications, sign up through the “Stay Connected” option at www.sec.gov to receive notifications by email.

FOR FURTHER INFORMATION CONTACT:

David Hsu, Assistant Director, and Erika Berg, Special Counsel, at (202) 551-5500, Office of Market Supervision, Division of Trading and Markets, Securities and Exchange Commission, 100 F Street NE, Washington, DC 20549.

SUPPLEMENTARY INFORMATION:

Table of Contents

I. Introduction

II. Current Audit Trails and Data Sources Utilized by Regulators

A. The CAT

B. EBS System

C. Other Audit Trails and Related Data Sources

III. Request for Comment

A. Regulatory Purpose of the CAT

B. Structure and Governance of the CAT

CAT NMS Plan

Operating Committee

Advisory Committee

C. CAT Funding and Cost Management

Cost Management

Funding Model and Allocation of Fees

Reserve Funds

Section 31 Fees and Alternative Methods of Funding the CAT

D. CAT Design and Scope

Scope

General Functionality

Lifecycle Linkage and Processing Timelines

Data Storage and Retention

CCID Generation

E. Previous Changes to CAT Requirements

Verbal Activity on Exchange Floors

Not Immediately Actionable Electronic Requests for Quotes

Port-Level Settings

Representative Order Linkage

F. Potential Changes to Other Data Sources and Related Rules

Retirement of Partially Duplicative Systems

Modification and/or Replacement of the EBS System

LTID

G. Civil Liberties and Privacy Considerations

H. Cybersecurity

The CAT

EBS

R&R System

LOPR

Other Audit Trails and/or Related Data Sources

I. Transparency and Process of Comprehensive Review

IV. General Request for Comment

V. Other Matters

VI. Conclusion

I. Introduction

The Securities and Exchange Act of 1934 (the “Exchange Act”), as amended, ] tasks the Commission with overseeing the U.S. securities markets, including supervising certain market participants such as broker-dealers, clearing agencies, and national securities exchanges. ] The Exchange Act further provides that specified entities, including national securities exchanges and registered securities associations, fall within the definition of a self-regulatory organization (“SRO”). ] As an SRO, each national securities exchange and national securities association must comply, and enforce the compliance by its members and associated persons, with the Exchange Act, the Commission's rules and regulations thereunder, and the SRO's own rules. ]

Effective market oversight by the Commission and SROs relies on, among other things, access by regulatory users at the Commission and the SROs to accurate and timely market data. Because the vast majority of securities transactions in modern markets occur electronically, at high speeds and volumes and across trading venues, cross-market audit trails and related data sources have come to play an important role in the oversight of securities markets. Such audit trails and related data sources aid regulators in conducting robust cross-market surveillances, investigations, enforcement activities, and engaging in cross-market reconstructions and analyses, as appropriate.

For several decades, broker-dealers furnished information to the Commission and the SROs through questionnaires known as “blue sheets” due to the color on which the forms were printed. In the late 1980s, as the volume of trading and securities transactions dramatically increased, the Commission and the SROs worked together to develop and implement a request-and-response system with a universal electronic format, commonly known as the “electronic blue sheet” or ( printed page 20947) “EBS” system, to replace the paper-based process. ] The Commission and the SROs also obtained data through other methods—including manual requests to market participants, daily reports produced by clearing agencies that provide aggregated information to the SROs and the Commission, market-specific matching engines and/or order book feeds, market-specific audit trails, trade reporting facilities, proprietary data feeds made available by SROs and/or off-exchange trading venues, and publicly-available consolidated data feeds provided by securities information processors. ]

Regulators also obtained data through audit trails. For example, in 1996, the National Association of Securities Dealers (n/k/a FINRA) was required, pursuant to a settled order, to design and implement an audit trail to provide an accurate, time-sequenced record of orders and transactions on Nasdaq-listed equities, which came to be known as the Order Audit Trail System (“OATS”). ] OATS was later expanded to include over-the-counter equity securities ] and all NMS stocks. ] FINRA also created an internal process by which it augmented the data it collected via OATS with order and trade execution data collected from other SROs with which it had regulatory services agreements. ] Similarly, in 2000, a group of options exchanges was required, pursuant to a settled order, to design and implement an audit trail to provide an accurate, time-sequenced record of orders, quotations, and transactions on those options exchanges. ] That audit trail became known as the Consolidated Options Audit Trail System (“COATS”) and was later expanded to incorporate reporting for activity on additional options exchanges. ]

Although these audit trails and related data sources were useful, they did not produce a comprehensive cross-market audit trail. Even with augmented OATS data, assembling a consolidated audit trail from the various data sources described above was a cumbersome, complex, and time-consuming process that was prone to error. ]

To improve the accuracy, completeness, accessibility, and timeliness of the data available to regulators, in 2012, the Commission adopted Rule 613 to require the SROs to jointly develop and submit to the Commission a national market system plan to create, implement, and maintain a consolidated audit trail (the “CAT”). ] In proposing and adopting Rule 613, the Commission stated that the increasingly high-speed, electronic, and widely dispersed markets had given rise to a need for efficient access to a more robust and comprehensive, cross-market audit trail, explaining that existing audit trails and/or data sources were otherwise limited in their scope and effectiveness. ] The national market system plan submitted by the SROs—the CAT NMS Plan—was approved by the Commission in 2016. ] On July 15, 2024, the SROs represented to the Commission that the CAT had been fully implemented. ]

There have been a number of developments in the nearly ten years since the Commission approved the CAT NMS Plan. Chief amongst these developments is the implementation and operation of the CAT itself in accordance with the CAT NMS Plan and its amendments. Once it was able to determine that its members were effectively reporting to the CAT and that the CAT's accuracy and reliability met certain standards, FINRA retired OATS, effective as of September 1, 2021. ] Other data sources, such as the EBS system, remain operational. The Commission has also provided exemptive relief and approved amendments to the CAT NMS Plan to enable the SROs to remove personally-identifiable information (“PII”) from the CAT, meaning that regulators have continued to rely on alternative data sources (including the EBS system) for fulfilling their regulatory obligations compared to what was contemplated by the Commission when it approved the CAT NMS Plan in 2016. ]

( printed page 20948) Importantly, the annual costs of maintaining and operating the CAT have grown well beyond the Commission's 2016 estimate of approximately $55.8 million, ] increasing to over $248 million per year in the 2025 budget initially approved by the SROs. ] Markets have experienced much higher volumes and more trading activity than the Commission anticipated in 2016, which has contributed to increased costs associated with storage, data processing, and message traffic. ] Recently, trading venues have also pushed to extend trading hours, ] which could further increase trading volumes. ] Although steps have been taken by the Commission and the SROs to manage and contain costs, ] the 2026 budget approved by the SROs of approximately $156 million ] remains significantly in excess of the operational costs estimated by the Commission when it approved the CAT NMS Plan in 2016. ]

In addition, the Commission has received suggestions from the SROs and other market participants about potential considerations for, and improvements to, audit trails and/or related data sources, ] including petitions for rulemaking related to the operation and funding of the CAT. ]

To further consider these market developments, as well as suggestions received from and concerns raised by the SROs and other market participants, the Commission has determined to conduct a comprehensive review of the CAT and other audit trails and related data sources currently used by securities regulators, including regulatory users at the SROs. This review will allow the Commission to examine the effectiveness, regulatory use, and costs of these data sources and to obtain crucial feedback regarding whether changes should be made to their structure, scope, functionality, and security, including changes that would strike a different balance between privacy considerations and regulatory need.

This concept release begins with a brief overview of the audit trails and data sources used by the Commission ( printed page 20949) and the SROs to meet market oversight responsibilities. The release then solicits comments on whether changes should be made to the rules and regulations governing existing audit trails and related data sources to better respond to and reflect current market conditions, demonstrated regulatory needs, civil liberty and privacy concerns, cost-efficient technology solutions, and cybersecurity considerations.

II. Current Audit Trails and Data Sources Utilized by Regulators

Pursuant to Section 17 of the Exchange Act, ] the Commission can request books and records to monitor and oversee trading in the securities markets under its jurisdiction. Each SRO has its own recordkeeping rules and similarly can request books and records from its members. ] The Commission and the SROs have used these powers to create audit trails and/or data sources and/or to obtain data for market oversight purposes as follows.

A. The CAT

The CAT is intended to furnish both the Commission and the SROs with timely access to a comprehensive, uniform, accurate, and linked set of trading data that allows them to efficiently retrieve relevant information about the full lifecycle of all orders in NMS and OTC Equity Securities ] across the markets and trading centers that comprise the national market system. ] The CAT collects data from both SROs and Industry Members ] about the original receipt or origination of an order, the routing of an order and the receipt of an order that has been routed, executions, modifications, and cancellations. ] The Plan Processor, ] FINRA CAT, LLC (“FINRA CAT”), uses this data to “link and create the order lifecycle” using a “daisy chain approach,” in which “a series of unique order identifiers, assigned to all order events handled by CAT Reporters[,] are linked together by the Central Repository ] ] and assigned a single CAT-generated CAT-Order-ID that is associated with each individual order event and used to create the complete lifecycle of an order.” ] In addition to this linked data, the CAT is required to provide regulators with SIP Data. ]

Although the CAT is no longer required to collect customer and account-level information pursuant to an amendment to the CAT NMS Plan approved by the Commission on January 13, 2026, ] the CAT's architecture of identifiers and lifecycle linkage enables regulators with a specific regulatory purpose to analyze a particular customer's trading activity for Eligible Securities ] across markets, brokers, and/or accounts through generation of a CAT Customer ID (“CCID”). ] This transactional data may only be associated with customer and account-level information if such information is obtained separately from Industry Members through a manual request. ]

B. EBS System

Requests for data outside of the CAT system are predominantly made through the EBS system. In 2001, the Commission adopted Rule 17a-25 under the Exchange Act to codify and enhance the EBS system. ] Rule 17a-25 requires firms to report to the Commission standard data elements for proprietary securities transactions such as security symbol, date executed, amount traded, type of transaction, transaction price, account number, execution venue, and identification information for the parties on either side of the transaction. ] For customer securities transactions, Rule 17a-25 further requires firms to include the customer name, address, branch office number, registered representative number, type of order, date account opened, taxpayer identification number, employer name, and the role of the intermediary (agent or principal) if any. ] This kind of customer information is no longer required to be collected or stored by the CAT and is therefore only accessible through the EBS system or manual requests. ]

The EBS system is also used to process requests made by the Commission for account-level ( printed page 20950) information and transactional data pursuant to Rule 13h-1, ] which sets forth broker-dealer record-keeping, reporting, and monitoring requirements for large traders. ] This rule is designed to enable the Commission to promptly and efficiently identify significant market participants and to collect data on their trading activity so that Commission staff can reconstruct market events and conduct investigations. ] Under Rule 13h-1, large traders are required to identify themselves to the Commission and to make certain disclosures on Form 13H. ] Upon receipt of Form 13H, the Commission issues a unique identification number to the large trader (“LTID”), which the large trader is then required to provide to those broker-dealers through which it trades. ] Rule 13h-1 enables the Commission to request account-level information and transactional data from broker-dealers for large traders (as well as Unidentified Large Traders ]) via the EBS system and using the EBS reporting template.

Information retrievable through the EBS system is limited to executed trades and does not contain information on orders or quotes, and thus does not contain information on routes, modifications, and cancellations. ] Such information is available through the CAT and is used to investigate various forms of potential market manipulation like layering and spoofing.

C. Other Audit Trails and Related Data Sources

Regulators may make manual requests for books and records information—for example, by sending emails to broker-dealers requesting the relevant data. ] In addition, the Commission and the SROs also rely on other data sources to fulfill their regulatory obligations.

One such data source is the National Securities Clearing Corporation's (“NSCC”) equity cleared report, ] which is generated on a daily basis by the SROs and provided to the NSCC in a database accessible by the Commission. It shows the number of trades and daily volume of all equity securities transacted, sorted by clearing member and searchable by security name and CUSIP number. ] The Options Clearing Corporation (“OCC”) ] provides several other reports to regulators, including: (1) the OCC Trades report, which provides similar data as the NSCC's equity cleared report for options securities; (2) the OCC End-of-Day Positions File, which provides the current aggregate position for customer, firm, and market-maker clearing ranges; and (3) the Large Options Position Report (“LOPR”), which provides start-of-day and end-of-day positions per option security on a customer and account-level basis, along with several other reports. OCC generates these reports on a daily basis and provides them to the SROs; the Commission then accesses OCC reports through the FINRA regulatory portal. ]

Regulators may also obtain data from privately- and publicly-available market data feeds. Specifically, SROs may leverage data feeds from their own, market-specific matching engines and/or order book feeds, data from their own audit trails ] or other trade reporting or display facilities, ] data from proprietary feeds made available by other SROs and/or off-exchange execution venues, and/or publicly-available consolidated data feeds provided by various securities information processors that provide top-of-the-book information like quotes, National Best Bid and Offer (“NBBO”), and trade- or last sale-data. ] The Commission maintains a tool called the Market Information Data Analytics System (“MIDAS”) that similarly collects and processes equity data from the consolidated data feeds as well as from separate proprietary feeds. ] Even when combined in a tool like MIDAS, though, these data feeds do not provide a comprehensive, cross-market audit trail that would enable regulators to track an order through its entire lifecycle, from order origination through routing and on to execution, modification, or cancellation, because each of the above-described audit trails and/or related data sources has its own limitations.

III. Request for Comment

The Commission encourages comment from all interested parties, including, but not limited to, SROs, broker-dealers, retail and institutional investors and those who represent their interests, academics, economists, technology experts and service providers, trade associations, and civil liberties groups. While the release poses a number of general and specific questions, the Commission also welcomes comments on any other aspects of the audit trails and related data sources currently in use (or comments on any potential audit trails and related data sources that should be created), particularly on any costs, burdens, or benefits that may result from the possible regulatory responses identified in this release or otherwise proposed by commenters.

A. Regulatory Purpose of the CAT

1. What are the regulatory use cases that must be enabled for the Commission and the SROs to fulfill their statutory obligations? Is the CAT necessary to enable those use cases? For example, is the CAT necessary to inform any regulatory decision-making and/or policy-making? Are other audit trails and/or related data sources sufficient to ( printed page 20951) enable necessary regulatory use cases? Why or why not?

2. Are there features of the CAT that could be eliminated because they are unnecessary or because they could be replaced by other currently-existing audit trails and/or related data sources in an efficient and/or cost-effective manner? If so, please identify such features, explain why they could be eliminated, and, if relevant, identify the alternative data sources that could replace such features.

3. Should the Commission eliminate the CAT in favor of developing a different audit trail and/or data source to enable necessary regulatory use cases? Why or why not? How should a new audit trail and/or data source differ from the CAT? What improvements could be gained by developing a new audit trail and/or data source that could not be achieved through incremental improvement to the CAT?

B. Structure and Governance of the CAT

Historically, the structure and governance of audit trails and/or related data sources has varied. OATS and COATS, for example, were owned, implemented, and operated by the SROs. Commission staff could obtain access to the data supplied by these systems through ad hoc requests. With respect to the EBS system, the Commission promulgated a rule to require broker-dealers to electronically submit specified data to the Commission upon request, in a format set by the SROs, ] but did not otherwise specify how systems that collect EBS data from broker-dealers should be structured. Currently, Commission staff access EBS data through a system owned, implemented, and operated by FINRA, which licenses use of the system to the Commission. Rule 613 of Regulation NMS, ] on the other hand, is more specific about the structure of the CAT. It requires the SROs to act jointly to develop a national market system plan to implement the CAT to collect specified data from the SROs and their members ] and to provide access to such data to each SRO and the Commission “for the purpose of performing . . . regulatory and oversight responsibilities pursuant to the federal securities laws, rules, and regulations.” ] The rule further requires that each SRO be a sponsor of the CAT NMS Plan ] and that the CAT NMS Plan “include a governance structure to ensure fair representation of the plan sponsors, and administration of the central repository, including the selection of the plan processor.” ]

CAT NMS Plan

Under the CAT NMS Plan developed by the SROs and approved by the Commission, the CAT collects data that can be accessed by authorized regulatory users from the SROs and the Commission in a system that is jointly owned by the SROs, ] but implemented and operated by the Plan Processor. FINRA CAT—a subsidiary of FINRA—is the current Plan Processor and, as such, acts as a vendor to the SROs.

1. What are the advantages and disadvantages of structuring the CAT as a national market system plan (an “NMS plan”)? Should the CAT continue to be structured as an NMS plan? Does the fact that both the SROs and the Commission rely on the CAT to fulfill their regulatory functions counsel for or against structuring the CAT as an NMS Plan?

2. If the CAT should not continue to be structured as an NMS plan, how should the Commission and/or the SROs direct and oversee the operation of the CAT? ] What specific benefits, actions, and costs would be associated with transitioning to an alternative structure? Would transitioning to an alternative structure for the CAT provide offsetting benefits to the costs of transitioning? For example, would replacing the CAT NMS Plan with an SEC rule requiring the reporting of certain information to the Commission and/or the SROs strengthen the Commission's ability to control the scope and associated costs of the CAT?

Operating Committee

The CAT is governed by the Operating Committee, which is composed of one voting member for each SRO. ] The CAT NMS Plan, however, does not specify or provide any constraints on who each SRO may choose as its voting member. The Operating Committee generally meets on a bi-weekly basis; except as otherwise provided in the CAT NMS Plan, the Operating Committee makes all decisions and authorizes all actions taken by the Company. ] Because the CAT NMS Plan allocates votes on the Operating Committee by SRO, affiliated SRO groups may exert a level of control over the operations of the CAT that is not required to be correlated with their market share or their share of operating expenses. ]

1. Should the Commission amend the CAT NMS Plan to implement a different voting structure? If so, what should this voting structure be and why? What are the advantages and disadvantages, for example, of allocating one vote to each affiliated SRO group and each non-affiliated SRO, ] as opposed to the current structure of allocating one vote to each SRO regardless of

affiliation? ] ( printed page 20952) If votes should be allocated to each affiliated SRO group and each non-affiliated SRO, are there any circumstances in which an affiliated SRO group or non-affiliated SRO should be given extra votes? ] If so, please explain what these circumstances are and why they should affect the voting structure of the CAT NMS Plan.

1. Action of the Operating Committee is authorized either by a Majority Vote ] or a Supermajority Vote ] of these voting members, as specified by the CAT NMS Plan. ] Should the Commission amend the CAT NMS Plan to require a different vote threshold—for example, a Majority Vote, Supermajority Vote, or a unanimous vote—for any specific action? ] If so, what should that vote threshold be, for which actions, and why?

2. Are there measures that could increase transparency and accountability around CAT NMS Plan voting while protecting sensitive information? For example, should more information be made public about the Operating Committee's deliberations? Are there any privacy or security concerns regarding disclosure of such information?

Advisory Committee

Rule 613 requires that the CAT NMS Plan “include an Advisory Committee,” whose purpose “shall be to advise the plan sponsors on the implementation, operation, and administration of the central repository.” ] The rule states that “[m]embers of the Advisory Committee shall have the right to attend any meetings of the plan sponsors, to receive information concerning the operation of the central repository, and to provide their views to the plan sponsors; provided, however, that the plan sponsors may meet without the Advisory Committee members in executive session if, by affirmative vote of a majority of the plan sponsors, the plan sponsors determine that such an executive session is required.” ] Members of the Advisory Committee do not have the right to vote, ] which market participants have stated limits their ability to influence CAT operations. ] However, in addressing the questions below, commenters are requested to take notice of a decision of the United States Court of Appeals for the District of Columbia Circuit, ] which held that Section 11A of the Exchange Act ] does not allow non-SRO representatives to serve as voting representatives on the operating committee of an NMS plan.

1. What powers, responsibilities, or rights should be given to the CAT Advisory Committee? How would such powers, responsibilities, or rights affect the SROs' ability to govern the CAT? Would such powers, responsibilities, or rights raise concerns about conflicts of interest, given that the members of the CAT Advisory Committee are parties regulated by the SROs?

2. Should the membership of the CAT Advisory Committee be reserved for representatives of certain interests or individuals with specific experience? Should the membership of the CAT Advisory Committee be expanded to include any other market participants not currently represented, such as operators of alternative trading systems (“ATSs”), technology experts, or those with technical and operational expertise related to the management of trading, trade processing, and/or trade data management systems? If so, in what way should representation be apportioned?

3. While the CAT Advisory Committee is entitled to “receive the same information concerning the operation of the Central Repository as the Operating Committee,” the Operating Committee “may withhold information it reasonably determines requires confidential treatment.” ] What non-public information should the CAT Advisory Committee have access to and how should confidentiality of this information be maintained? What is the correct balance between providing the public with transparency into the recommendations of the CAT Advisory Committee (and the Operating Committee's responses to these recommendations) and maintaining the confidentiality of potentially sensitive information about CAT operations?

4. Should additional information about the operation of the CAT, including security measures taken by the SROs to protect CAT Data, ] be provided to Industry Members beyond those representatives that sit on the Advisory Committee? If so, what information should be provided? How would disclosure of such information affect the security of the CAT?

5. Should the Commission form a separate advisory committee to provide advice and recommendations to it on topics related to the CAT? If so, what are appropriate topics for the advisory committee to consider? For example, should the advisory committee counsel the Commission on matters relating to the CAT's scope, functionality, design, security, cost management, and/or civil liberties and privacy protections? Who should participate as members of this advisory committee? Should it include market participants and others with technical and operational expertise related to the management of trading, trade processing, and/or trade data management systems? Should it include civil liberty and privacy advocates? Should it include representatives of other relevant constituencies? What non-public information should such an advisory committee have access to and ( printed page 20953) how should the confidentiality of this information be maintained?

C. CAT Funding and Cost Management

The CAT is funded by both SROs and Industry Members, in accordance with the funding model recently approved by the Commission (the “2026 Funding Model Order”). ] There have been legal challenges to the CAT and its funding model, ] but the Commission has taken the position that it has the requisite authority under Section 17 and Section 11A of the Exchange Act to direct the creation of the CAT. ] It also maintains that the CAT funding model approved by the 2026 Funding Model Order is a reasonable approach that satisfies the relevant standards set forth in federal statutes, rules, and regulations.

The funding model approved by the 2026 Funding Model Order is based on executed equivalent share volumes of transactions in Eligible Securities. Fees would be paid evenly by the SROs, executing brokers representing buyers, and executing brokers representing sellers. ] Pursuant to this funding model, no Participant may file with the Commission a proposed rule change under Section 19(b) of the Exchange Act ] and Rule 19b-4 ] thereunder that would establish a new fee for directly passing through to its members the CAT fee charged to such Participant. ] This funding model also includes a sunset provision, stating that the Plan Processor and the Participants will not be permitted to bill or otherwise request CAT fees from Industry Members after March 31, 2028. ] In approving this sunset provision, the Commission explained that it would be premature to adopt a permanent funding model while engaged in a comprehensive review of the CAT and that ensuring the continued existence and funding of the CAT during this interim period would avoid potential destabilization. ]

Cost Management

1. Is there sufficient transparency with respect to CAT costs and expenses? If not, what additional information should be made public? What is the correct balance between providing public transparency into CAT costs and expenses and protecting potentially sensitive information about CAT operations?

2. The Commission has recently approved amendments to the CAT NMS Plan that would implement a spending cap. ] Are there any additional cost management controls that should be required for the CAT? If so, please describe such controls and explain why they would be appropriate. ] Does the answer depend on how the CAT is structured and/or funded? For example, are there any aspects of CAT operations that could be performed more cost-effectively by SRO staff instead of by the Plan Processor or other third-party service providers? If so, please identify those tasks, explain why it would be more cost effective for such tasks to be performed by SRO staff, and describe reasonable costs for those tasks.

Funding Model and Allocation of Fees

1. Should the Commission set fees for the SROs and Industry Members? Would a different funding model help the Commission to weigh more carefully the costs and benefits associated with the CAT? What features should a new funding model have? Does the answer depend on whether or not the CAT should continue to be structured as an NMS plan?

2. The 2026 Funding Model Order approves a CAT funding model which provides that no SRO will file with the Commission a proposed rule change pursuant to Section 19(b) of the Exchange Act ] and Rule 19b-4 ] thereunder that would establish a new fee for directly passing through to its members the CAT fee charged to each SRO. ] Should a new funding model explicitly allow the SROs to directly pass through the fees allocated to the SROs that are related to the build or operation of the CAT to their members, subject to Commission review of Rule 19b-4 fee filings? ] Why or why not?

3. How should fees be allocated to and among SROs and/or Industry Members? Is there a specific percentage of cost that the SROs should bear? Does the answer depend on whether the SRO is a non-profit or for-profit entity? Does the answer depend on whether the SRO is a national securities exchange for equities or options? If so, please explain how these factors and any other such factors should be taken into account. Is there a specific percentage of cost that Industry Members should bear? Does the answer depend on whether the Industry Member is facilitating or engaging in trading with respect to equities or options? Does the answer depend on the business model of the Industry Member—for example, whether the Industry Member is acting as a market maker? If so, please explain how these and any other such factors should be taken into account. Should ATSs be treated like execution venues or Industry Members for purposes of establishing CAT fees? Why?

4. Should fees be based on the burden that each party places on the CAT system? If so, what is the appropriate way to calculate the burden that each party places on the CAT system? Market share? Message traffic? Regulatory use? Are there other appropriate measures of burden? If so, please identify such measures and explain why they would provide an appropriate metric to calculate the burden that each party places on the CAT. For example, should CAT Reporters be charged for late reporting, given the costs associated with re-processing late-received data? If fees should not be based on the burden that each party places on the CAT system, what are other guiding principles that should be used to create an appropriate funding model for the CAT? Should fees continue to be based on executed equivalent share volumes of transactions in Eligible Securities, for example? Would executed notional value be a better measure? Why? Please identify any appropriate guiding principles and explain why those principles should inform the structure of a CAT funding model.

Reserve Funds

On September 6, 2023, the Commission approved a proposal that amended the method by which CAT fees would be calculated and implemented a funding model to allocate costs between SROs and Industry Members (the “2023 Funding Model Order”). ] On July 25, 2025, however, the United States Court of Appeals for the Eleventh Circuit issued ( printed page 20954) an opinion vacating the 2023 Funding Model Order and remanding the matter to the Commission for further proceedings consistent with its opinion. ] After the 2023 Funding Model Order was vacated, the SROs determined to use liquidity reserve funds previously collected pursuant to that Order to fund the continued operations of the CAT. ]

On January 15, 2026, Citadel submitted a rule-making petition to the Commission raising concerns about and requesting amendments to the CAT NMS Plan to address CAT LLC's accumulation and use of these reserve funds. ] On February 18, 2026, the Commission responded to the petition, stating that it raised important questions as to whether additional limits on the accumulation and use of any operational reserve may be appropriate and that the Commission would specifically consider those issues in its ongoing review of the CAT. ] But the Commission stated that it would not engage in an immediate rulemaking focused on the use of the current reserve. ] The Commission subsequently stated, in the 2026 Funding Model Order, that it does not agree that the SROs were prohibited from using the reserve funds to fund the continued operations of the CAT either by the Eleventh Circuit's decision vacating the 2023 Funding Model Order or by the terms of the CAT NMS Plan. ] While the reserve provisions approved in the 2026 Funding Model Order are reasonable and satisfy the relevant standards set forth in federal statutes, rules, and regulations, to the extent that the Commission should establish a new funding model for the CAT, the Commission seeks additional feedback regarding the accumulation and use of reserve funds.

1. Should the SROs be allowed to collect a reserve to fund CAT operations? For what purposes should the SROs be able to use CAT reserves?

2. What are appropriate controls to place around the amount of reserve funds that the SROs may collect? Should the Commission require that the SROs seek and obtain Commission approval before using the CAT reserves?

3. Under what circumstances should CAT reserves be returned to Industry Members and SROs? Explain what processes should be used to return funds to Industry Members and SROs.

Section 31 Fees and Alternative Methods of Funding the CAT

Several market participants have suggested that the Commission should include the CAT in its budget, because the CAT “is a regulatory system used by the SEC.” ] These market participants believe that the CAT “should be subject to the checks and balances of the Congressional appropriations process used to fund the SEC's budget,” which would “serve to better align incentives to control CAT costs and address longstanding concerns about ineffective CAT governance.” ]

The Commission is interested in exploring further the advantages or disadvantages of the Commission using appropriated funds to cover costs with respect to the CAT. Section 31(a) of the Exchange Act states that the Commission shall “collect transaction fees and assessments that are designed to recover the costs to the Government of the annual appropriation to the Commission by Congress.” ] These Section 31 fees are imposed on SROs, ] and Section 31 does not address the manner or extent to which covered SROs may seek to recover the costs of their Section 31 obligations from their members or to which members of the SROs may seek to pass on these costs to their customers. “In practice,” the Commission has previously observed, “the covered SROs obtain the funds for these fees and assessments by assessing charges on their members, and the members in turn pass these charges to their customers.” ]

1. What are the advantages and disadvantages, relative to the funding model approved by the 2026 Funding Model Order, of the Commission being appropriated additional funds to cover costs with respect to the CAT?

2. Should the Commission own and operate the CAT itself? If the Commission were to own the CAT, what changes would the Commission need to make to the CAT's structure, governance, and operations? Please discuss ownership structures the Commission should consider for the CAT. If the Commission were to own the CAT, how would the roles, rights, and responsibilities of the Operating Committee and/or the Advisory Committee need to evolve? Are there any alternative methods by which the Commission and/or the SROs could direct and oversee the operation of the CAT if the Commission were to request additional appropriated funds to cover costs with respect to the CAT? Please identify such alternative methods and explain, in detail, how the CAT would be owned, operated, and funded pursuant to such alternative methods. For example, could an SRO assume sole ownership of the CAT and contract with regulators to provide regulatory services and/or access to the CAT?

3. If the Commission were appropriated funds to cover costs with respect to the CAT, what constraints could be used to protect against cost overruns and budget inflation?

4. If the Commission owned and operated the CAT, how would that affect the contractual relationship between FINRA CAT and the SROs?

5. If the Commission owned and operated the CAT, would that affect the SROs' ability to access the system? Would it be appropriate for the SROs, most of which are for-profit entities with their own regulatory obligations, to have cost-free access to a system that is owned and operated by the Commission and funded in full through appropriated funds? Should the Commission instead license use of the CAT to the SROs if the CAT is owned and operated by the Commission? Would such a structure raise any conflicts of interest concerns, ( printed page 20955) given that the SROs are parties that the Commission regulates?

D. CAT Design and Scope

Both the Commission and the SROs have taken steps to manage and contain CAT costs. For instance, on December 12, 2024, the Commission approved an amendment to the CAT NMS Plan proposed by the SROs that was designed to cut costs by relaxing certain CAT functionality and storage requirements (the “2024 Cost Savings Order”). ] Specifically, the 2024 CAT Cost Savings Order approved: (1) provisions that changed processing, query, and storage requirements for Options Market Maker quotes in Listed Options (“OMM Quotes”); ] (2) provisions that permitted the Plan Processor to move raw unprocessed data and interim operational copies of CAT Data older than 15 days to more cost-effective storage tiers; and (3) provisions that codified and expanded exemptive relief previously provided by the Commission related to certain recordkeeping and data retention requirements for industry testing data. ]

Additional cost savings measures were enabled by certain conditional exemptive relief issued by the Commission sua sponte on September 30, 2025 (the “2025 Cost Savings Exemptive Relief Order”). ] The 2025 Cost Savings Exemptive Relief Order was designed to further reduce CAT costs by enabling the SROs to relax requirements related to: (1) deadlines for the creation of lifecycle linkages; (2) re-processing of late records; (3) the online targeted query tool (“OTQT”); and (4) data storage and retention. ]

These steps have reduced CAT costs significantly. The CAT budget initially approved by the SROs for 2025 exceeded $248 million. ] This budget was reduced to approximately $228 million in May 2025 ] and then again to approximately $188 million in November 2025 ] due to the implementation of cost savings measures approved by the Commission and other optimizations made by the SROs and the Plan Processor. The CAT budget approved for 2026 is approximately $156 million ] —a decrease of approximately $92 million from the budget originally approved for 2025.

Furthermore, in early 2026, the Commission approved certain proposed amendments to the CAT NMS Plan submitted by the SROs to codify and expand exemptive relief previously granted by the Commission, including amendments that would implement a spending cap provision. ] These cost savings measures have not been fully implemented yet, but the SROs have estimated that such measures will generate additional savings on top of the reduced costs already enabled by the 2024 Cost Savings Order and the 2025 Cost Savings Exemptive Relief Order. ] The recent cost savings achieved are important first steps to creating a more efficient and cost-effective CAT, but the costs of operating the CAT remain significantly higher than originally estimated by the Commission. The Commission therefore seeks feedback regarding additional changes that could be made to the design and scope of the CAT to make it more efficient and cost-effective.

Scope

1. From which market participants should the CAT collect information? Should information be provided by parties who originate, route, and/or send orders, as well as parties that receive and/or execute orders? Please explain whether the CAT should maintain two-sided reporting requirements, whether the application of two-sided reporting requirements should depend on the underlying product and/or asset class, and from which parties the CAT should require reporting if two-sided reporting is eliminated. ] What are the costs and benefits associated with one-sided reporting versus two-sided reporting? Is there a material difference in accuracy between one-sided reporting and two-sided reporting? Are there regulatory use cases enabled by two-sided reporting that would not be possible with one-sided reporting?

2. What quote, order origination, routing, request, modification, cancellation, reject, trade, and/or allocation events should be captured by the CAT? What features or data elements of a quote, order origination, routing, request, modification, cancellation, reject, trade, and/or allocation event should be captured by the CAT? What level of detail should be reported for each kind of event? Are certain kinds of events costly, burdensome, or otherwise difficult to collect? What are material terms for quote, order origination, routing, request, modification, cancellation, reject, trade, and/or allocation events?

3. Should the Commission optimize and/or simplify CAT reporting requirements? ] Please specifically identify any proposed optimizations, describe the costs and benefits associated with such optimizations (including any potential impact on data accuracy and/or regulatory use), explain whether such optimizations would require changes to existing trading workflows and/or reporting processes, and explain how such optimizations should be developed and/or implemented. What are the current costs for Industry Members to report to the CAT? What are the current costs for SROs to report to the CAT?

4. Should any changes be made to the CAT Reporting Technical Specifications for Industry

Members? ] ( printed page 20956) Should any changes be made to the CAT Industry Member Reporting Scenarios? ] Should any changes be made to the CAT Reporting Technical Specifications for Plan Participants? ] If so, please specifically identify changes to the technical specifications and/or reporting scenarios that should be made, describe the costs and benefits associated with those changes (including any potential impact on data accuracy and/or regulatory use), explain how those changes could affect existing reporting processes and/or trading workflows, and explain how those changes should be developed and/or implemented. If the recommended changes involve eliminating transaction, error, and/or data fields or elements, please explain whether such fields and/or elements can be obtained from an alternative source, identify that alternative source, and describe any costs or burdens associated with obtaining such fields and/or elements from that alternative source.

General Functionality

1. Would structural and/or architectural changes to the CAT enhance its efficiency and/or reduce costs? What information would be helpful to help commenters analyze measures that could enhance efficiency and/or reduce costs?

2. How frequently should market participants be required to report data to the CAT? Does the answer depend on the product and/or asset class? What are the costs and benefits associated with altering the CAT's current reporting requirements? What are the potential regulatory impacts of collecting data on a less-than-daily basis? Would reporting data less often reduce costs?

3. FINRA CAT currently accepts data from CAT Reporters in a range of formats, meaning that FINRA CAT must expend computing power to normalize the data for regulatory use. In the experience of Commission staff, this can create downstream issues for processing and interpreting data, which makes regulatory use less efficient. Should a common and/or unified industry data standard with a common data taxonomy be used for submission of data to the CAT and/or pre-submission data quality validations? For example, should the CAT leverage the Financial Information eXchange (“FIX”) protocol or another industry data standard? If so, how?

4. Are there transaction, error, or data fields and/or elements that are currently reported to the CAT that are not captured by the FIX protocol or other industry data standards? If so, please identify these fields and/or elements and explain how such fields and/or elements would be captured if the FIX protocol or another industry data standard was used for CAT reporting. Should the FIX protocol or another industry data standard only be leveraged with respect to some events? If so, which events? Should the FIX protocol or another industry data standard only be leveraged with respect to some underlying products and/or asset classes? If so, which products and/or asset classes? What are the costs and benefits associated with leveraging the FIX protocol or another industry data standard for CAT reporting? ] Would the CAT Reporter Portal need to be altered in any way to enable a different reporting regime? What changes would be required to FINRA CAT's processes to accommodate a different reporting regime? What changes to the existing trading workflows and/or reporting processes of CAT Reporters would be required to accommodate a different reporting regime? Would leveraging the FIX protocol or another industry data standard reduce or increase the costs to operate the Central Repository? By how much? How would such an approach affect data accuracy and/or regulatory use?

5. Should the CAT be required to comply with a specified error rate? If so, what is an appropriate error rate and how should that error rate be calculated? Do the answers depend on the kind of data collected and/or from whom the data is collected?

6. What kind of validations, linkages, corrections, or other processing should be performed on data reported to the CAT? Should data be validated, linked, and/or processed centrally by the Plan Processor for the CAT or should that task be left to individual regulatory users? Does the answer depend on the completeness of the data contained in the CAT? Should data that is received after the deadline for corrections be validated, linked, and/or processed in the same manner as data that is timely received? If not, what manner of validation, linkage, and/or processing should be performed, and what are the costs and benefits associated with that choice?

Lifecycle Linkage and Processing Timelines

The CAT NMS Plan requires the Plan Processor to “link and create the order lifecycle” using a “daisy chain approach,” in which “a series of unique order identifiers, assigned to all order events handled by CAT Reporters[,] are linked together by the Central Repository and assigned a single CAT-generated CAT-Order-ID that is associated with each individual order event and used to create the complete lifecycle of an order.” ] The CAT NMS Plan further sets forth a linkage and processing timeline. Data for each CAT Trading Day ] is required to be reported to the CAT by T+1 (transaction date + one day) at 8 a.m. Eastern Time (“ET”). ] The Plan Processor must perform initial validations and provide error feedback to CAT Reporters by T+1 at 12 p.m. ET. ] Prior to 8:00 a.m. ET on T+2 (transaction date + two days), raw unprocessed data must be made available to regulators. ] CAT Reporters must resubmit corrected data to the CAT by 8 a.m. ET on T+3 (transaction date + three days). ] Corrected and linked data is then required to be made available to regulators by 8 a.m. ET on T+6 (transaction day + six days). ]

1. How quickly should regulators be able to access raw, unlinked data? How ( printed page 20957) quickly should regulators be able to access data that has been validated, processed, and linked, but not corrected? How quickly should regulators be able to access validated, processed, linked, and corrected data? How much time should market participants have to correct data that has been reported to the CAT? What are the costs and benefits of altering these requirements?

2. In the 2025 Cost Savings Amendment, the SROs sought public comment on, but did not formally propose, changes that would reduce the amount of linkage processing performed by the Plan Processor. Under this approach, error feedback would only be provided twice to Industry Members—once on T+2 at 8:00 a.m. ET for linkage errors discovered for on-time submissions and again on T+3 at 8:00 a.m. ET for later-discovered errors. ] The SROs stated that “Industry Members would be permitted to submit corrections outside of this 24-hour window and would receive reconciliation credit. However, these submissions would be marked late and would not receive any feedback indicating whether the correction was successful.” ] In seeking public comment, the SROs stated that “members of the CAT Advisory Committee and other Industry Member groups had previously raised issues with the shortened amount of time that would be available to Industry Members to review and provide corrected data under the reduced linkage timeline,” which they were concerned may increase regulatory compliance risks and costs for Industry Members and reduce the accuracy of CAT Data. ] These concerns were duly reflected in a comment letter that the Commission subsequently received in connection with the 2025 Cost Savings Amendment. ] However, the Commission is interested in gathering feedback from market participants as to whether there may be other ways to alter the CAT's existing processing and/or linkage timelines that would both preserve core regulatory functionality and achieve cost savings. Should the Commission extend or otherwise alter the processing and/or linkage timelines set forth in the CAT NMS Plan? If so, how? Are there other ways to reduce or optimize the amount of linkage processing performed by the Plan Processor? ]

3. SIFMA has requested that the SROs work with Industry Members with the “goal of reducing `late to the lifecycle' linkage errors . . . while still allowing for firms to confirm successful repairs within a reasonable window.” ] Are there changes that could be made to the CAT Reporting Technical Specifications and/or the CAT NMS Plan to reduce “late to the lifecycle” linkage errors? Alternatively, or in addition, should the CAT NMS Plan and/or other compliance rules, regulations, standards, and/or guidance regarding error thresholds, error corrections, and/or reconciliation credits be amended to relax requirements relating to correction and/or accuracy of late-submitted historical data? Would such amendments require increased reliance on other audit trails and/or data sources for corrected historical data? If so, what are the costs associated with that increased reliance?

Data Storage and Retention

1. How should the Plan Processor store historical data? How quickly should data be moved to medium- and long-term storage? For how long should data be stored? Does the answer depend on how and/or what kind of data is stored?

2. The 2026 Cost Savings Order approved amendments to the CAT NMS Plan that would reduce data storage and retention requirements. Specifically, the amendments permit the SROs to: (1) delete all CAT Data older than three years; (2) delete OMM Quotes older than six months; (3) delete Interim Operational Data ] older than 15 days; and (4) delete Options SIP Data ] older than six months. ] Are there further optimizations that should be made to the CAT NMS Plan data storage and retention requirements to reduce costs? If so, please identify those optimizations, explain why such optimizations are appropriate, describe the costs and/or benefits associated with such optimizations (including any impact on data accuracy and/or regulatory use), and, if such optimizations involve eliminating requirements to collect and/or store certain kinds of data, explain whether such optimizations would require increased reliance on other audit trails and/or data sources for those kinds of data and describe any costs associated with that increased reliance.

CCID Generation

Currently, a CCID is generated for each customer using a two-phase transformation process that was developed by the SROs in consultation with Commission staff and security experts from SIFMA members to avoid the collection by and storage in CAT of social security numbers (“SSNs”) and/or individual tax payer identification numbers (“ITINs”) that was originally required by the CAT NMS Plan. ] In the first phase, a CAT Reporter transforms an SSN and/or ITIN into an interim value known as a Transformed Identifier or “TID.” The TID, and not the SSN and/or ITIN, is reported to and stored in an isolated, secure database called the CCID Subsystem, separate from any other information reported to the CAT. ] In the second phase, the CCID Subsystem again transforms the TID to create a unique CCID for each customer. ]

In the 2025 Cost Savings Amendment, the SROs sought public comment on, ( printed page 20958) but did not formally propose, changes that would fully eliminate requirements related to the generation of CCIDs. ] In seeking public comment, the SROs stated that “members of the Advisory Committee and members of other Industry Member groups had previously raised concerns regarding this alternative, including the potential for increased Electronic Blue Sheet and other inquiries from the Participants and the SEC that may occur without the ability to track Customer activity across market, brokers, accounts using the CCID, and the increased costs related to such requests.” ] These concerns were duly reflected in a comment letter that the Commission subsequently received in connection with the 2025 Cost Savings Amendment. ] However, the Commission is interested in gathering feedback from market participants as to whether there may be ways to enhance or improve the current process of generating CCIDs and/or alternative methods of generating unique customer identifiers that could be used to track a particular customer's trading activity across markets, brokers, and/or accounts that would be more cost-effective.

1. Are there enhancements or improvements that could be made to the current process of generating CCIDs? Please identify such enhancements or improvements with specificity, describe the costs and benefits associated with the implementation of such enhancements or improvements, and describe any privacy, confidentiality, and security measures or controls that should be implemented in connection with enhancements and improvements.

2. Are there any alternative methods of generating unique customer identifiers that could be used to analyze a particular customer's trading activity across markets, brokers, and/or accounts, when regulatory users have a specific regulatory purpose? Please identify such alternative methods, describe the costs and benefits associated with the implementation of such alternative methods, explain what information would need to be gathered from market participants to enable the generation of the alternative unique customer identifier, and describe any privacy, confidentiality, and security measures or controls that should be implemented to protect that information and the alternative unique customer identifiers generated.

3. Are there different considerations the Commission should take into account with respect to the generation of unique customer identifiers for non-US persons and/or legal entities?

E. Previous Changes to CAT Requirements

The Commission has previously acted to change certain requirements of the CAT NMS Plan, both by approving proposed amendments to the CAT NMS Plan and by issuing orders providing exemptive relief to the SROs. The Commission seeks comment as to whether and how such previous amendments and/or exemptive relief orders should be expanded and/or codified in the CAT NMS Plan. ]

Verbal Activity on Exchange Floors

On June 16, 2025, the Commission approved amendments to the CAT NMS Plan that provided that “floor broker verbal announcements of firm orders on an exchange that are otherwise reported as systematized orders” and “market maker verbal announcements of firm quotes on an exchange trading floor”—collectively referred to herein as “verbal activity on exchange floors”—were not reportable to the CAT under Section 6.3(d) and Section 6.4(d) of the CAT NMS Plan until July 31, 2030. ] Although the SROs had proposed to permanently exclude verbal activity on exchange floors from CAT reporting requirements, the Commission modified the amendments after determining that the SROs had not met their burden to “establish that providing a permanent exception to reporting obligations for verbal activity on exchange floors is necessary or appropriate.” ]

The Commission explained, in the Verbal Quotes Order, that the cost estimates provided by commenters in connection with the amendments proposed by the SROs had been based not only on verbal activity on exchange floors, but also on upstairs verbal and manual activity. ] The Commission stated that costs for upstairs verbal and manual activity were distinct, because “much of the relevant information that would be reported to CAT” for verbal activity on exchange floors “is already systematized, floor brokers and floor market makers have handheld and other electronic devices to facilitate the open outcry process, and floor verbal activity is governed by exchange rules.” ] The Commission also stated its view that the SROs and Industry Members “could establish methods for capturing verbal order and quote information communicated on exchange floors that are more cost-effective and efficient than the proposal that each floor participant be required to hire a full-time employee solely for CAT reporting.” ]

1. Should the Commission permanently exclude information about verbal activity on exchange floors from CAT reporting requirements? Should the Commission extend the deadline set forth in the CAT NMS Plan for reporting such activity past July 31, 2030?

2. What are the benefits and/or regulatory value provided by collecting information about verbal activity on exchange floors? What is the additive value of collecting information about verbal activity on exchange floors when certain order information is already required to be systematized pursuant to SRO rules? Would it be duplicative to require market participants to report information about verbal activity on exchange floors to the CAT?

3. What are the costs associated with reporting information about verbal activity on exchange floors to the CAT? Please provide specific data. Should the Commission conduct an industry survey to obtain this information?

4. Other than requiring each floor participant to hire a full-time employee solely for CAT reporting, are there alternative data sources and/or ( printed page 20959) alternative methods of surveilling verbal activity on exchange floors, including, if applicable, any artificial intelligence or algorithmic technology solutions? ] Are those data sources and/or methods more cost-effective or efficient than requiring that such data be reported to the CAT? Is it possible to develop and implement such methods before July 31, 2030? If not, please explain how long it would take to develop and implement such methods. Would these methods necessarily collect information beyond reportable verbal activity on exchange floors and, if so, what measures could be introduced to prevent the storage, reporting, and/or use of such information?

Not Immediately Actionable Electronic Requests for Quotes

On January 23, 2026, the Commission provided exemptive relief from certain reporting requirements in Section 6.4(d) of the CAT NMS Plan relating to the reporting of bids and/or offers made in response to a request for quote (“RFQ”) or other form of solicitation response provided in standard electronic format (e.g., FIX) that is not “immediately actionable” (i.e., further action is required by the responder providing the quote to execute or cause a trade to be executed) (the “NIA Electronic RFQ Exemptive Relief Order”). ] This relief was granted without conditions and without an expiration date. ] In granting such relief, the Commission stated that “the regulatory value of this information does not justify the difficulty and costs associated with collecting and reporting such information.” ]

In addition, the Commission stated that “regulators will still have insight into the RFQ process, because any follow-up order activity subsequent to the transmission of NIA Electronic RFQ Responses that results in an execution[ ] will be reported to the CAT.” ] The Commission stated that the NIA Electronic RFQ Responses that are subject to this exemptive relief are: (1) “those that satisfy the definition of an `order' as defined in Rule 613(j)(8) and the CAT NMS Plan”; (2) those that “do not include RFQ responses that were required to be reported commencing in Phase 2c and Phase 2d” of CAT implementation; ] and (3) those that “do not include activity that is subject to section 6.3(g) of the CAT NMS Plan.” ]

1. Do market participants agree that the regulatory value of NIA Electronic RFQ Responses does not justify the difficulty and costs associated with collecting and reporting such information? Are there any alternative data sources for such information, or, if not, is it sufficient that regulators will still have insight into the RFQ process through any follow-up order activity? Are there any technology solutions in use and/or in development that would make it easier for Industry Members to capture and report NIA Electronic RFQ Responses?

2. Should the Commission codify the NIA Electronic RFQ Exemptive Relief Order? If so, should any changes be made to its scope?

Port-Level Settings

Port-level settings are used by Industry Members and the SROs as one method of communicating various Material Terms of the Order, including, in some cases, special handling instructions. ] When port-level settings are used to communicate Material Terms of the Order, Rule 613 and the CAT NMS Plan require those port-level settings to be reported for that order by both senders and receivers. ]

On November 2, 2023, the Commission issued an order that granted conditional exemptive relief from several requirements of the CAT NMS Plan (the “November 2023 Order”), ] including, among other things, the requirements as applied to port-level settings that are set forth in Rule 613(c)(7) and the CAT NMS Plan for six specific handling instructions (the “Exempted Port-Level Settings”). ] The November 2023 Order stated that the SROs would “not be required to obligate Industry Members to report these six special handling instructions when an Industry Member routes an order to a national securities exchange over an exchange port that is configured for one of these special handling instructions,” ] on the condition that the SROs report the Exempted Port-Level Settings in the order receipt record, regardless of whether such Exempted Port-Level Settings are “triggered” or “applied.” ]

The conditional exemptive relief granted by the November 2023 Order was limited to the Exempted Port-Level Settings and did not extend exemptive relief to port-level settings on ATSs or broker-dealer port-level settings—or to any other special handling instructions that may be set at the port-level at a national securities exchange and that may constitute Material Terms of the Order. ] Accordingly, to supplement the November 2023 Order, the Commission granted additional exemptive relief on January 23, 2026 from the requirements as applied to port-level settings that are set forth in Rule 613 and the CAT NMS Plan (the “Port-Level Settings Exemptive Relief Order”). ] Pursuant to the Port-Level Settings Exemptive Relief Order, the SROs are no longer required to obligate Industry Members to report port-level settings that are used to communicate Material Terms when an Industry Member routes an order through a port that is configured to apply port-level settings, regardless of whether the port is an exchange or a port maintained by an ATS or a broker-dealer. ] The ( printed page 20960) Commission stated, however, that such relief did not “alter the obligation of the recipient of the order that utilizes a port-level setting to communicate a Material Term of the Order to report the port-level setting as part of the same order receipt record.” ]

1. Does the regulatory value of two-sided reporting for port-level settings that communicate Material Terms of the Order justify the difficulty and costs associated with collecting and reporting such information? What are the costs and benefits of collecting such information on a two-sided basis? Is it sufficient that regulators will still have insight into port-level settings that communicate Material Terms of the Order from order receipt records? Why or why not?

2. Are there any technology solutions in use and/or in development that would make it easier for Industry Members and/or SROs to capture and report port-level settings? If so, please identify such technology solutions, describe the costs associated with implementation of such solutions, and explain when they would be expected to become available to market participants.

3. Should the Commission align the conditions attached to the exemptive relief granted in the November 2023 Order with the conditions attached to the exemptive relief granted in the Port-Level Settings Exemptive Relief Order? If so, please explain which features of each order should be retained, why those features are appropriate, and what costs and benefits would be associated with retaining those features and discarding others. For example, should all port-level settings that communicate Material Terms of the Order be reported by recipients of an order, regardless of whether such port-level settings are “triggered” or “applied”?

4. Should the Commission amend the CAT NMS Plan to make permanent and codify all or part of the November 2023 Order and/or the Port-Level Settings Exemptive Relief Order? If so, please explain which features of each order should be codified, why those features are appropriate, and what costs and benefits would be associated with retaining those features and discarding others.

5. The Commission understands that some SROs and Industry Members may disagree with the Commission's position that port-level settings are required to be reported to the CAT NMS Plan. ] Should the CAT NMS Plan be amended to eliminate the requirement that SROs and Industry Members report Material Terms of the Order that are set at the port-level? What are the costs and benefits associated with reporting such information? Can regulators sufficiently and accurately understand trading activity if certain (and potentially unknown) Material Terms of the Order have been excluded from the data set? Are there any alternative data sources that would provide regulators with insight into Material Terms of the Order that are set at the port level?

Representative Order Linkage

On January 23, 2026, the Commission granted temporary conditional exemptive relief until January 1, 2028 from certain reporting requirements set forth in Appendix D, Section 3 of the CAT NMS Plan regarding lifecycle linkages between customer orders and representative orders for scenarios in which Industry Members do not have a systematic or direct link between their order management systems and execution management systems (the “Representative Order Exemptive Relief Order”). ] In granting such relief, the Commission acknowledged that some market participants believed there were “unresolved issued related to reporting these orders, including, but not limited to, the absence of a method to report linkage for some specific types of representative orders.” ] The Commission therefore determined that “additional time is needed to identify and evaluate appropriate long-term solutions for certain trading scenarios.” ]

1. Should the Commission extend the exemptive relief already granted and, if so, for how much longer should exemptive relief be provided? Should the Commission instead amend the CAT NMS Plan to make permanent and codify the Representative Order Exemptive Relief Order?

2. If the Commission should either codify or extend the Representative Order Exemptive Relief Order, should any changes be made to its scope? For example, are there specific trading workflows and/or linkage scenarios involving representative orders, beyond those workflows and/or scenarios in which Industry Members do not have a systematic or direct link between their order management systems and execution management systems, that should be exempted or excluded from the reporting and linkage requirements of the CAT NMS Plan?

F. Potential Changes to Other Data Sources and Related Rules

The Commission stated in the CAT NMS Plan Approval Order that duplicative reporting through systems like EBS would “impose significant burdens and costs on broker-dealers, that certain SEC rules require the reporting of some information that will also be collected through CAT, and that certain SEC rules may need to be modified or eliminated in light of CAT” when it approved the CAT NMS Plan in 2016. ] However, consideration of retiring EBS, as a practical matter, was not timely until the CAT's Customer and Account Information System (the “CAIS”) was fully implemented to provide an alternative source for the customer and account-level data that regulators can otherwise request through the EBS system. The Commission, the SROs, and market participants also required time to develop familiarity with the full scope of the CAT's functionality, including the CAIS, before EBS could be retired. Because the SROs did not represent to the Commission that the CAIS was fully implemented until July 15, 2024, ] the Commission, the SROs, and market participants were not previously able to review whether the data provided by the CAT meets minimum standards of accuracy and reliability. ]

( printed page 20961) The EBS system provides regulators at the Commission and the SROs with access to certain data that is not captured by the CAT. Retiring EBS requires consideration of how transactional and customer and account-level information accessible through EBS, but not collected by or stored in the CAT, could be obtained by regulators. With respect to transactional information, the EBS system provides access to transactional information for Eligible Securities that is either not reported to CAT in the first place ] or that is older than the data stored in the CAT. ] This data is otherwise accessible only through manual requests for books and records. While there is some transactional information in the CAT that overlaps with transactional information that can also be requested through the EBS system, the way that EBS data and CAT Data are used by regulators differs. This is, in large part, the case because the EBS system provides access not only to transactional information, but also to customer and account-level information that is no longer required to be reported to the CAT. The EBS system also provides access to customer and account-level information about transactions in fixed income securities that are otherwise reported to FINRA's Trade Reporting and Compliance Engine (“TRACE”) ] or the MSRB's Real-Time Transaction Reporting System. ]

Additionally, pursuant to recent Commission action, the CAT is no longer required to collect certain customer and account-level information, including, among other things, SSNs/ITINS, names, addresses, dates and years of birth, and LTIDs. ] The loss of the above-described data from the CAT means that regulators will need to rely on other methods of obtaining customer and account-level information from broker dealers—namely, the EBS system and/or manual requests for books and records data. As this information is still necessary to conduct market oversight, examinations, and enforcement, continued and/or increased regulatory reliance on the EBS system and/or manual requests for books-and-records data could, in turn, impose certain reporting costs on broker-dealers beyond those anticipated by the Commission when it evaluated and approved the CAT NMS Plan in 2016, ] although the Commission did consider such costs in approving the CAIS Order, the 2026 Cost Savings Order, and other related exemptive relief, as well as measures that could potentially mitigate such costs, like the development of a more efficient request-and-response system. ]

Retirement of Partially Duplicative Systems

1. Are there audit trails and/or related data sources that contain partially duplicative information to the CAT, such that overlapping requirements should be eliminated, modified, or replaced? If so, please explain why or under what circumstances those requirements should be eliminated, modified, or replaced and identify any potential costs and benefits associated with such elimination, modification, or replacement. ]

Modification and/or Replacement of the EBS System

CCIDs, once generated, are associated with transactional data through the use of FDIDs ] —persistent identifiers that are reported by each individual broker-dealer for its transactional records. ] Regulators can thus use CCIDs to identify all of the FDIDs associated with a particular customer and then make manual requests to broker-dealers for information associated with a particular set of FDIDs to obtain customer and account-level data. ]

Some market participants have explicitly recognized that the “removal of PII from CAIS raises the question of how regulators can link transactional data to the associated customer information going forward . . . because EBS does not contain FDIDs or CCIDs. . . .” ] FIF proposed that EBS therefore be “replaced by a process and system that is specifically focused on enabling regulators to link FDIDs and CCIDs to customer information.” ] The Commission agrees that a request-and-response system (an “R&R System”) “could decrease regulators' reliance on ( printed page 20962) EBS, which could facilitate the eventual elimination of EBS and could reduce the cost and burdens to Industry Members and increase efficiencies.” ]

Market participants have suggested different methods of implementing an R&R System. FIF, for example, suggested that “the Commission and the SROs, in consultation with Industry Members, should implement a request and response system operated by FINRA that the Commission and the SROs would use to request from Industry Members customer data associated to specified FDIDs. FINRA would direct the Industry Member responses to the requesting party, and the responses would be stored by the requesting party. This system should use the data format of the CAIS system (prior to the removal of PII).” ] SIFMA, on the other hand, suggested that an R&R System could be part of the CAT System ] and facilitated by the Plan Processor. Specifically, SIFMA proposed that “a regulatory user that wanted to know the identity of a customer to a trade” could “submit a FDID and trade date(s) request through the CAT Processor into a secure file transfer protocol (FTP) that would in turn direct the PII request to an Industry Member acting as a CAT Reporter. . . . The Industry Member would then direct the encrypted data through the FTP back into the CAT control environment for the requesting regulatory user to analyze and use the data.” ]

Previously, the Commission has urged the SROs to “work with industry members to establish such a request-response system by taking advantage of the systems industry members have already established to format and submit customer information consistent with CAT specifications,” ] and the Commission understands that such efforts are currently underway. ]

1. Will CAT data be sufficiently accurate and reliable to prove an adequate substitute data source for transactional data otherwise obtainable through the EBS system? What criteria should the Commission use to evaluate this question?

2. Should an R&R System be implemented? If so, what functionality should an R&R System have? Does the answer depend on which regulators have access to the system? Does the answer depend on how the system is funded? Does the answer depend on the extent to which an R&R System is intended to replace the EBS system? Does the answer depend on whether an R&R System should be part of the CAT System or separate from it?

3. Should the Commission direct the creation of an R&R System? If it should be separate from the CAT System, should the creation and implementation of an R&R System be structured as a national market system plan and, if so, how should it be funded and governed?

4. If an R&R System should not be structured as a national market system plan or included as part of the CAT System, is there another method by which the Commission should direct the creation of such a system? Should the Commission, for example, promulgate a data collection rule that leaves the SROs with discretion as to how to structure and fund an R&R System? If so, please explain what requirements should be included in such a rule and why those requirements are appropriate. Does the answer depend on the parties that would own and/or operate the system? Does the answer depend on the parties that would use the system? Does the answer depend on which parties would fund the system?

5. If an R&R System should be implemented separate from the CAT System, who should own and/or operate the system? What kind of staff and/or expertise is needed to own, operate, or maintain such a system? What kinds of technological capabilities are needed to own, operate, or maintain such a system? Should the Commission license use of a Commission-owned R&R System to the SROs? If so, how should the Commission determine the rates at which an R&R System is licensed out to the SROs? How would such a licensing arrangement work? Would the SROs seek to recoup any of those licensing costs from their members? Would this approach raise any conflicts of interest concerns, given that the SROs are parties that the Commission regulates?

6. If an R&R System should be implemented separate from the CAT System, should the Commission and/or one or more SROs contract with a third-party service provider to create and develop an R&R System? If so, how should decisions on an R&R System's functionality, funding, and other items be made?

7. What are the advantages and disadvantages if the Commission were appropriated funds to cover costs with respect to an R&R System? Does the answer depend on which parties would have access to the system?

8. If an R&R System should be implemented separate from the CAT System, should the SROs and/or their members fund part or all of the costs associated with an R&R System? Should the Commission establish a funding model that allocates fees amongst the SROs and their members? Does the answer depend on how the R&R System is structured and/or governed? If the Commission should establish a funding model that allocates fees amongst the SROs and their members, what features should that model have? How should fees be allocated to and amongst SROs and/or their members?

9. Is it feasible to link CAT Data with customer and account information obtained from an R&R System in the manner that market participants have suggested— i.e., using the CAT to identify relevant CCIDs and related FDIDs, populating an R&R System's request form with those FDIDs, sending that request through an R&R System to the appropriate broker-dealers, and then associating any customer and account-level information received from those broker-dealers with CAT transactional data? Would it be beneficial to automate the process for receiving and responding to regulatory requests for customer and account information? For instance, is it possible to automate regulator queries to an R&R System and in what fashion? Is it possible for broker-dealers to automate their responses to an R&R System? What technology build would be required at the broker-dealer level? What technology build would be required for regulators at the Commission and/or the SROs? What issues does an automated response process create or solve? ( printed page 20963)

10. What data should be accessible through an R&R System? Should an R&R System only cover the securities currently required to be reported to the CAT ] or should it also cover other types of securities currently accessible through EBS (e.g., fixed income)? Are there customer and account fields from the existing EBS template that should be accessible through an R&R System? Are there any fields from the existing CAIS template (or from a previous CAIS template) that should be accessible through an R&R System? Should SSNs, ITINs, and/or legal entity identifiers be accessible through an R&R System? Should names, addresses, dates of birth, and employer names be accessible through an R&R System? Should information about authorized traders be accessible through an R&R System? Should FDIDs be accessible through an R&R System? Should the large trader identification numbers assigned by the Commission pursuant to Rule 13h-1 ] be accessible through an R&R System? Do the answers depend on the security measures put in place for an R&R System? Are there any data elements that are not currently included in an existing audit trail and/or data source that should be accessible through an R&R System? What data elements would be required to properly enable customer and account information accessible through an R&R System to be linked to transactional CAT Data?

11. How should data be requested and provided through an R&R System? Does the answer depend on whether an R&R System is part of the CAT System?

12. How should regulators at the Commission and the SROs be able to submit requests for data through an R&R System? For example, should an R&R System provide regulators with a web interface or an application programming interface? What are the advantages and disadvantages associated with either approach? What kinds of queries should regulators be able to submit through an R&R System?

13. How should requests for data be communicated to responding broker-dealers? How should broker-dealers be able to respond to requests received through an R&R System? For example, should an R&R System provide broker-dealers with a web interface or an application programming interface? What are the advantages and disadvantages associated with either approach? Should broker-dealers receive email alerts or other reminders regarding the existence of requests made via an R&R System? What format should data accessible through an R&R System be provided in? Is there a specific template that should be used by broker-dealers? How long should broker-dealers be given to respond to a request received through an R&R System? ]

14. What are the costs and benefits associated with implementing an R&R System? Please provide specific estimates of any cost savings or burdens that would flow from the implementation of an R&R System, explain whether those estimates are premised on full or partial retirement of the EBS system, and the extent to which the EBS system would have to be retired and/or modified to align with those estimates. To what extent would broker-dealers have to re-program their systems to report through an R&R System? How long would it take broker-dealers to re-program their systems? To what extent would regulators have to adjust their regulatory programs to use an R&R System instead of the EBS system? Are there use cases made possible by the EBS system that would not be possible through linking CAT Data with customer data retrieved from an R&R System? Please identify these use cases and explain why they would not be possible utilizing the R&R system approach suggested by market participants. What costs are associated with the development of new workflows to properly link CAT Data with customer data that may be reported to an R&R System? How long would it take regulators to make any necessary adjustments?

LTID

Rule 13h-1 currently sets forth certain record-keeping and reporting requirements for large traders. When it approved the CAT NMS Plan in 2016, the Commission stated that it believed the CAT would provide “the additional transaction data captured in connection with Rule 13h-1 concerning large traders,” which data can otherwise be requested by regulators via the EBS system. ] The transaction reporting aspects of Rule 13h-1 are not independent of EBS, as they were implemented through the addition of new fields in the EBS reporting template to capture the LTID number and the time of execution. Relatedly, Rule 13h-1 involves periodic monitoring of customer activity by broker-dealers to alert customers when trading in their accounts may indicate large trader status.

1. Should the Commission amend Rule 13h-1 to eliminate and/or modify any of its transaction reporting and/or record-keeping requirements or the customer monitoring safe harbor? If so, please specifically identify the reporting, record-keeping, and/or monitoring requirements that should be eliminated and/or modified, explain why it is appropriate to eliminate and/or modify those requirements, explain whether the data provided by those requirements is otherwise contained in or ascertainable from the CAT, and describe any costs and/or benefits associated with the recommended amendments. ]

2. Will CAT data be sufficiently accurate and reliable to prove an adequate substitute data source for Rule 13h-1 transaction data otherwise obtainable via EBS? What criteria should the Commission use to evaluate this question?

3. In the CAT NMS Plan Approval Order, the Commission stated that “Form 13H collects information to identify a large trader, its securities affiliates, and its operations, and does not collect audit trail data on effected transactions.” ] The Commission therefore stated that the “self-identification and other Form 13H filing requirements of Rule 13h-1” would not be “duplicated by or redundant of CAT.” ] Nevertheless, to achieve cost savings in connection with Form 13H, should the identifying activity levels of Rule 13h-1 be increased to classify fewer persons as large traders? For example, should the current thresholds be increased from 2 million shares or $20 million per day to 10 million shares or $100 million per day; and from 20 million shares or $200 million per month to 100 million shares or $1 billion per month? If so, please explain by how much the current thresholds should be increased, explain how those higher thresholds would be more appropriate given recent market developments, and explain whether those higher thresholds would continue to appropriately identify persons whose trading activity in NMS securities merits classification as a large trader. Should ( printed page 20964) additional exceptions be considered from large trader status, such as one-time or infrequent transactions? Are there other elements of Form 13H that could be eliminated and/or modified to achieve cost savings? If so, please specifically identify the elements that should be eliminated and/or modified, explain why it is appropriate to eliminate and/or modify those elements, explain whether the data provided by those elements is otherwise contained in the CAT or available via an alternative data source, and describe any costs and/or benefits associated with the recommended modifications to Form 13H. Is the information provided by the CAT or the alternative data source sufficiently accurate and reliable to prove an adequate substitute data source for the information provided on Form 13H? What criteria should the Commission use to evaluate this question?

4. Rule 13h-1 sets forth record-keeping and reporting requirements not only for large traders, but also for “Unidentified Large Traders”— i.e. a person who has not complied with the identification requirements for large traders, but who “a registered broker-dealer knows or has reason to know is a large trader.” ] Rule 13h-1 further specifies that a “registered broker-dealer shall be deemed not to know or have reason to know that a person is a large trader if it does not have actual knowledge that a person is a large trader and it establishes policies and procedures reasonably designed to: (1) [i]dentify persons who have not complied with the identification requirements [for large traders] but whose transactions effected through an account or a group of accounts carried by such broker-dealer or through which such broker-dealer executes transactions, as applicable (and considering account name, tax identification number, or other identifying information available on the books and records of such broker-dealer) equal or exceed the identifying activity level; (2) [t]reat any persons identified in [item 1] as an Unidentified Large Trader for purposes of this section; and (3) [i]nform any person identified in [item 1] of its potential obligation under this section.” ] For the purposes of Rule 13h-1, “a registered broker-dealer need take into account only transactions in NMS securities effected by or through such broker-dealer.” ] One commenter has stated that the “approach for monitoring large trader reporting adopted by the Commission is ineffective because a broker-dealer would not know about a customer's trading activity at other broker-dealers.” ] This commenter believed that the Commission, using information already reported to the CAT, could “readily determine if any CCID has exceeded the applicable trading thresholds for large trader reporting and an LTID has not been reported for the FDIDs to which the CCID is associated.” ] The commenter stated that the availability of such data through the CAT “obviates the need for broker-dealers to create identifiers for unidentified large traders and to report them to CAT.” ] Should the Commission eliminate record-keeping, reporting, and/or monitoring requirements from Rule 13h-1 for Unidentified Large Traders? What costs do broker-dealers incur to monitor for and comply with Rule 13h-1 requirements for Unidentified Large Traders? Please provide specific data. Could the Commission surveil for Unidentified Large Traders by determining whether any CCID has exceeded the applicable trading thresholds for large trader reporting and whether an LTID has been reported for the FDIDs to which that CCID is associated now that LTIDs have been removed from the CAT by the amendments approved in the 2026 Cost Savings Order? ] Is there an alternative method of finding Unidentified Large Traders using CAT Data?

G. Civil Liberties and Privacy Considerations

Market participants have questioned whether the scope of the CAT's collection of market data raises privacy and civil liberties concerns. ] For example, one commenter asserts that the CAT's previous collection of PII violates Americans' Fourth Amendment right to privacy. ] The Commission is committed to ensuring that the CAT and other audit trails and related data sources used by regulators comply with all relevant constitutional and statutory limits and takes seriously concerns related to the appropriateness of government surveillance.

1. Does the CAT's collection and/or transmission of transactional information without associated customer and account-level information raise confidentiality, privacy, and/or civil liberties concerns? If so, what are they, and how should those concerns be addressed?

2. Does enabling the transmission of customer and account-level information to regulators through the EBS System or an R&R System raise confidentiality, privacy, and/or civil liberties concerns? If so, what are those concerns, and how should they be addressed? Does the answer depend on the type of interface that enables the transmission of this data—for instance, whether a request for specific information from a regulator is required before such data is requested, transmitted, and/or collected? Does the answer depend on the scope of the data requested, transmitted, and/or collected? Does the answer depend on the purpose for which the data is requested, transmitted, and/or collected? Does the answer depend on the extent of automation involved in requesting, transmitting and/or collecting the data?

3. To the extent that imposing additional limits on the collection and/or transmission of market data to address potential confidentiality, privacy, and/or civil liberties concerns creates trade-offs with costs, efficiency, and data security, such as any additional burdens that would be imposed if data was provided by broker-dealers upon request rather than through the CAT or another audit trail or data source, how should the Commission weigh those trade-offs?

4. What other confidentiality, privacy, and/or civil liberties considerations should be taken into account?

H. Cybersecurity

The CAT NMS Plan sets forth robust requirements designed to protect the data reported to and retained in the Central Repository. ] In light of the ( printed page 20965) constantly shifting cybersecurity and threat management landscape, the Commission seeks comment on the security requirements governing the CAT.

The CAT

1. Are there enhancements that should be made to the security requirements set forth in the CAT NMS Plan? Are there technological changes that could be made to the Central Repository to enhance its protection? If so, please identify these enhancements, explain how such enhancements would improve the security of the CAT and/or CAT Data, and identify the costs associated with implementing such enhancements.

2. Are there enhancements that could be made to the measures that protect the CCID Subsystem and/or to the process for generating CCIDs ] that would further strengthen the protection of the information used by the Plan Processor to generate CCIDs? If so, please identify these enhancements, explain how such enhancements would improve the privacy, confidentiality, and security of the CAT and/or CAT Data, and identify the costs associated with implementing such enhancements.

3. The CAT NMS Plan already sets forth a non-exclusive list of industry standards for information security with which the CAT is required to comply, including standards promulgated by the U.S. National Institute of Standards and Technology (“NIST”) regarding security and privacy controls for information systems and organizations ] and providing a cybersecurity framework. ] Are there additional security, privacy, or confidentiality controls that should be implemented to secure the CAT? Are there additional industry standards for information security with which the CAT should be required to comply—for example, NIST standards for zero trust architecture? ] What are the benefits and costs associated with the implementation of or compliance with such additional security, privacy, or confidentiality controls and/or industry standards for information security?

4. The CAT NMS Plan already requires the Chief Information Security Officer ] to “review the information security policies and procedures of the Participants that are related to the CAT to ensure that such policies and procedures are comparable to the information security policies and procedures applicable to the Central Repository.” ] Instead of “comparable” policies and procedures, should uniform security policies and/or procedures be imposed on all parties that may access and/or use the CAT? Does some measure of variance in security policies and/or procedures provide more protection to the underlying data? What are the costs and/or benefits associated with providing flexibility with respect to the application of specified security requirements? Should the CAT NMS Plan impose any additional requirements to control how CAT Data is retained, stored, and/or tracked once it is downloaded from the CAT? For how long should data be stored? Does the answer depend on how and/or what kind of data is stored? Does the answer depend on the potential use of artificial intelligence to analyze CAT Data? Should the SROs be required to implement zero trust architecture for CAT Data? Does the answer depend on how this approach would impact regulatory use? Does the answer depend on the costs associated with this approach?

5. The CAT NMS Plan currently sets forth robust access control requirements for the CAT and for CAT Data. It requires both the SROs and the Plan Processor to implement various safeguards to secure access and use of the CAT, including: (1) role-based access controls; (2) authentication of individual users; (3) multi-factor authentication and password controls; (4) implementation of information barriers to prevent unauthorized staff from accessing CAT Data; (5) data encryption and use of secure connectivity methods; (6) security-driven monitoring and logging; (7) escalation procedures for non-compliance and/or security events; and (8) remote access controls. ]

a. Should additional access control measures be implemented for the CAT? What kinds of controls should be put in place to manage and review access entitlements and regulatory use? Please identify any additional access control measures that should be implemented, explain how such measures would enhance the security of the CAT and/or CAT Data, and identify any costs associated with implementing such measures.

b. Should the existing logging requirements of the CAT NMS Plan be enhanced? For example, are there artificial intelligence or algorithmic technology solutions that could assist either the Plan Processor and/or regulators to detect misuse of CAT Data? If so, please identify such technology solutions, explain how they would help the Plan Processor and/or regulators to detect misuse of CAT Data, and describe any costs or challenges associated with their implementation.

c. What types of audit procedures should be put in place to assess whether CAT Data has been used appropriately by regulatory users?

d. What types of access control measures are necessary to prevent a bad actor at the Commission or the SROs from using the CAT to target an individual(s) for monitoring based on personal, competitive, or political animus?

1. Rule 613 and the CAT NMS Plan prohibit the use of CAT Data for commercial purposes, as well as the use of CAT Data by parties that are not regulators and in non-regulatory contexts—for example, by private ( printed page 20966) litigants. ] Should the Commission further reinforce or enhance these restrictions on how CAT Data can be used?

2. In addition to the existing requirement that CAT Data only be used for regulatory purposes, ] what security measures or controls would further strengthen protections that prevent regulatory users at the Commission and/or the SROs from using the CAT for inappropriate or illegal purposes, such as targeting an individual for monitoring based on personal, competitive, or political animus? For example, should the Commission further restrict the way that regulatory users can use the CAT to support regulatory activities? If so, how? What standards should be satisfied before a regulatory user can access and/or use CAT Data? Does the answer depend on whether the regulatory user is Commission staff or SRO staff? Does the growing use of artificial intelligence affect this analysis? If so, how?

3. Should information about the policies, procedures, and/or controls that govern the regulatory use of the CAT be made public? For example, should the Commission and/or the SROs publish information regarding the internal controls and/or safeguards that govern access to or use of CAT Data, information about how the Commission, the SROs and/or FINRA CAT monitor the storage and/or usage of CAT Data, information about the number of regulatory users at the Commission and/or the SROs and/or the regulatory purposes for which they are using CAT Data? Would disclosure of such information pose security or confidentiality concerns?

4. Under what circumstances, if any, should the Commission make CAT Data available to interested market participants in the rulemaking context? What conditions and/or controls should apply? At what level of data aggregation should the data be made available? What are the costs and benefits associated with releasing such data? Does the answer depend on the type of data relied upon? Does the answer depend on the costs of making such data available?

EBS

The Commission and/or FINRA typically make EBS requests via a regulatory portal maintained by FINRA. Firms then submit requested information to the Commission and/or FINRA via one of the file sharing options provided by FINRA ] within 10 business days of the request. ] NYSE maintains its own separate system that provides it with similar functionality. Some market participants have expressed concern about the security of PII made available through the EBS system. One commenter stated, for example, that the “response to a single EBS request could contain tens or hundreds of thousands of plaintext SSNs,” that “the transmission of SSNs and account numbers in plaintext risks the unauthorized disclosure of personal data,” and that they “are not aware of any EBS controls to require the encrypted storage of SSNs and other PII.” ] This commenter also stated that “the EBS system provides for the reporting of SSNs and other PII in association to specific transactions,” unlike the CAT. ]

1. Should information about the policies, procedures, and/or controls that govern the regulatory use of the EBS system be made public? For example, should the Commission and/or the SROs publish information regarding the internal controls and/or safeguards that govern access to or use of the EBS system, information about how the Commission and/or the SROs monitor the storage and/or usage of data accessed through the EBS system, information about the number of regulatory users at the Commission and/or the SROs and/or the regulatory purposes for which they are using data accessed through the EBS system? Would disclosure of such information pose security, privacy, or confidentiality concerns?

2. What confidentiality, privacy, and security measures or controls would further strengthen protections that prevent regulatory users at the Commission and/or the SROs from using the EBS system for inappropriate or illegal purposes, such as targeting an individual for monitoring based on personal, competitive, or political animus? For example, should the Commission further restrict the way that regulatory users can use the EBS system to support regulatory activities? If so, how? What standards should be satisfied before a regulatory user can access and/or use data using the EBS system? Does the answer depend on whether the regulatory user is Commission staff or SRO staff? Does the answer depend on whether the regulatory user is accessing transactional data or customer and account-level information?

3. What security, privacy, and confidentiality controls protect data transmitted and/or stored through the EBS system? What encryption protections secure EBS data that is transmitted and/or stored? Are there additional security measures that should be implemented to protect data transmitted and/or stored by FINRA's and/or NYSE's EBS systems? For example, are there more secure methods of transmitting and/or storing data than those currently employed by regulators to request and receive EBS data? If so, please identify any such methods, ( printed page 20967) explain why they would be more appropriate, and describe any costs associated with implementing and/or maintaining such methods of transmission, including any costs associated with burdens on regulatory use.

4. Should the Commission require the creation and/or implementation of specific data retention policies that would shorten the amount of time that EBS data may be retained and/or control the way that such data may be stored by the SROs? What are the costs and benefits associated with such an approach? How would shortened data retention policies interact with federal rules and regulations governing record retention? Would shortening data retention policies potentially lead to duplicative requests? Are there policies and procedures regarding the storage and/or retention of data that could potentially decrease the number of duplicative requests made via the EBS system?

R&R System

1. If an R&R System is implemented, what security standards or controls should govern it? For instance, should an R&R System be required to comply with any particular industry standards or controls for information security, like standards promulgated by NIST regarding security and privacy controls for information systems and organizations, providing a cybersecurity framework, or implementing zero trust architecture? ] Does the answer depend on the parties that have access to the system? Does the answer depend on the functionality provided by the system—for example, the extent to which requests and responses are automated?

2. FIF has suggested that FINRA could “provide a secure method” for broker-dealers to respond to requests made by regulators through an R&R System. ] What would constitute a secure method for broker-dealers to respond to requests? What would constitute a secure method for regulators to make requests? Please specifically identify secure methods that could be used to request and provide data, explain why those methods are appropriate, and identify any costs or benefits associated with those methods.

3. Should requests and/or responses made via an R&R System be encrypted? Does the answer depend on the data that is required to be reported via an R&R System? If data should be encrypted, please identify appropriate encryption protocols and explain why they should be applied to data provided through an R&R System. What are the costs and benefits that would be associated with such a measure? To what extent would broker-dealers have to re-program their systems to encrypt this data? To what extent would regulators have to adjust their regulatory programs if the information sent through an R&R System was encrypted?

4. What access and use controls or measures should be implemented for an R&R System? ] Do the answers depend on how particular security measures or controls would impact regulatory use? Do the answers depend on the costs associated with particular security measures or controls? Do the answers depend on the type of data or the volume of data being accessed or used? For example, should customer and account information be protected with different security measures or controls than those applied to transactional data? Should security policies and/or procedures be uniform across all SROs that access and/or use an R&R System? Does some measure of variance in security policies and/or procedures provide more protection to the underlying data?

5. What security measures or controls would prevent regulatory users at the Commission and/or the SROs from using an R&R System for inappropriate or illegal purposes, such as targeting an individual for monitoring based on personal, competitive, or political animus? For example, should the Commission restrict the way that regulatory users can use an R&R System to support regulatory activities? If so, how? What policies, procedures, or controls should govern the regulatory use of an R&R System and should information about those policies, procedures, or controls be made public? What standards should be satisfied before a regulatory user can access and/or use data using an R&R System? Does the answer depend on whether the regulatory user is Commission staff or SRO staff?

6. How long should the SROs be able to retain data obtained from an R&R System? ] Does the answer depend on the type or volume of data obtained? Does the answer depend on how the data is downloaded, accessed, analyzed, tracked, logged, and/or stored? Does the answer depend on data privacy or confidentiality considerations? For example, should customer and account information be stored separately from and for different periods of time than transactional data? Does the answer depend on the particular regulatory use case for the data? Does the answer depend on federal rules and regulations governing record retention and statute of limitations periods applicable to enforcement actions? Should data retention policies and/or procedures be uniform across all SROs that may access and/or use an R&R System? Does some measure of variance in security policies and/or procedures provide more protection to the underlying data? Could shorter data retention periods and/or more restrictive use policies increase the likelihood of duplicative and/or repetitive requests being made to broker-dealers?

7. What breach management procedures should be required for an R&R System? Which parties, if any, should the owners and/or operators of an R&R System be required to notify in the event of a breach? What kinds of events should constitute a breach?

LOPR

FINRA Rule 2360 requires FINRA member firms to report large options positions to the LOPR, which FINRA uses to surveil for potentially manipulative behavior, including attempts to corner the market in the underlying equity, leverage an option position to affect the price, or move the underlying equity to change the value of a large option position. ]

1. FIF has expressed concern about the “plaintext reporting of SSNs and other PII” in OCC's LOPR data, urging the Commission to direct the removal of PII from this data set. ] What are the costs and benefits associated with such an approach? Would removal of customer and account level data from LOPR make its regulatory use less efficient? For example, would regulators have to obtain the required information through an alternative (and potentially manual) method that could involve requesting information from a larger number of broker-dealers? Would this raise costs for broker-dealers? If so, please identify and quantify the burdens associated with this alternative approach. Are there alternative methods for enhancing the security of LOPR ( printed page 20968) data? If so, please identify any such measures and explain why it would be appropriate to implement such measures.

Other Audit Trails and/or Related Data Sources

1. If not eliminated, modified, and/or replaced, do any other audit trails and/or related data sources raise cybersecurity, privacy, and/or civil liberties concerns? If so, how should the Commission address these concerns?

I. Transparency and Process of Comprehensive Review

The Commission seeks input from commenters as to whether, in addition to seeking comment through this release, there are other meaningful ways for it to gather information and/or for market participants to provide feedback regarding the CAT and other existing audit trails and/or related data sources.

1. Are there any other methods of gathering information from market participants regarding any potential changes that should be made to the functionality of existing audit trails and/or related data sources? For example, should the Commission issue industry surveys to broker-dealers and SROs? If so, please describe what the content of these surveys should be and to which parties such surveys should be distributed. Should the Commission hold a roundtable conference and/or establish a working group? Please identify any measures the Commission should take to gather information and explain why such measures are appropriate.

2. Several market participants have suggested that the Commission should “require the CAT Operating Committee to engage an independent technology firm to review the operations and technological design of CAT to identify further opportunities to optimize CAT and reduce costs.” ] Should the Commission require an independent audit of the CAT's technological design? If so, please describe what the scope of such an audit should be, ] explain why that scope would be appropriate, and describe any criteria that should be used to select the party conducting the independent audit. Does the answer depend on the costs of such an independent audit? Does an independent audit pose any security risks? Should an independent audit be conducted for any other existing audit trail and/or data source? Should the results of the independent audit be made public? Would making such information public compromise the security of the CAT?

IV. General Request for Comment

We request and encourage any interested person to submit comments on any aspect of this concept release, other matters that might have an impact on the topics discussed in this concept release, and any suggestions for additional changes or improvements to existing audit trails and related data sources. Please be as specific as possible in your discussion and analysis of any additional issues. We particularly welcome comments on any costs, burdens, or benefits that may result from possible regulatory responses related to the items identified in this release or otherwise proposed by commenters.

V. Other Matters

This concept release and request for comment is a significant regulatory action under section 3(f)(1) of Executive Order 12866, as amended, and has been reviewed by the Office of Management and Budget.

VI. Conclusion

The Commission is interested in the public's views regarding the matters discussed in this concept release. The existing audit trails and/or data sources discussed above serve a critical role in protecting our markets, but it is important to assess whether these audit trails and data sources respond to and reflect current market conditions, demonstrated regulatory needs, civil liberty, privacy, and confidentiality concerns, cost-efficient technology solutions, and cybersecurity considerations. The Commission therefore encourages all interested parties to submit comments on the topics being considered in this concept release. If possible, please reference the specific question numbers or sections of this release when submitting comments.

By the Commission.

Dated: April 16, 2026.

Sherry R. Haywood,

Assistant Secretary.

Footnotes

1. 15 U.S.C. 78a et seq.

   1. See, e.g., 15 U.S.C. 78b, 78f, 78i, 78j, 78k, 78k-1, 78o, 78o-3, and 78s.
   2. 15 U.S.C. 78c(a)(26). The national securities exchange and registered securities association SROs, also referred to herein as “the Participants,” include 24X National Exchange, BOX Exchange LLC, Cboe BYX Exchange, Inc., Cboe BZX Exchange, Inc., Cboe C2 Exchange, Inc., Cboe EDGA Exchange, Inc., Cboe EDGX Exchange, Inc., Cboe Exchange, Inc. (“Cboe”), Financial Industry Regulatory Authority, Inc. (“FINRA”), Investors Exchange LLC, Long-Term Stock Exchange, Inc., MEMX LLC, Miami International Securities Exchange LLC, MIAX Emerald, LLC, MIAX PEARL, LLC, MIAX Sapphire, LLC, Nasdaq GEMX, LLC, Nasdaq ISE, LLC, Nasdaq MRX, LLC, Nasdaq PHLX LLC, The Nasdaq Stock Market LLC (“Nasdaq”), Nasdaq Texas, LLC, New York Stock Exchange LLC (“NYSE”), NYSE American LLC, NYSE Arca, Inc., NYSE National, Inc., and NYSE Texas, Inc.
   3. 15 U.S.C. 78f(b)(1); 15 U.S.C. 78o-3(b)(2); 15 U.S.C. 78s(g)(1). FINRA currently is the only national securities association. As a national securities association, FINRA is also responsible for enforcing compliance by its members and associated persons with the rules of the Municipal Securities Rulemaking Board (“MSRB”).

5.

 
See
Securities Exchange Act Release No. 44494 (June 29, 2001), 66 FR 35836 (July 9, 2001) (“EBS Adopting Release”).

6.

 
See 15 U.S.C. 78c(a)(22)(A) (“The term `securities information processor' means any person engaged in the business of (i) collecting, processing, or preparing for distribution or publication, or assisting, participating in, or coordinating the distribution or publication of, information with respect to transactions in or quotations for any security (other than an exempted security) or (ii) distributing or publishing (whether by means of a ticker tape, a communications network, a terminal display device, or otherwise) on a current and continuing basis, information with respect to such transactions or quotations.”).

7.

 In the Matter of National Association of Securities Dealers, Inc., Administrative Proceeding File No. 3-9056, Securities Exchange Act Release No. 37358 (Aug. 8, 1996), available at https://www.sec.gov/​files/​litigation/​admin/​3437538.txt.

8.

 
See
Securities Exchange Act Release No. 67457 (July 18, 2012), 77 FR 45722, 45728 (Aug. 1, 2012) (“Rule 613 Adopting Release”); see also Securities Exchange Act Release No. 62174 (May 26, 2010), 75 FR 32556, 32558-59 (June 8, 2010) (“Rule 613 Proposing Release”).

9.

 To avoid duplicative reporting requirements after OATS expansion to all NMS stocks, NYSE-affiliated exchanges replaced their market-specific audit trail requirements for members that were also members of either FINRA or Nasdaq—and therefore already reporting to OATS—with rules that allowed these members to satisfy their reporting obligations by meeting the new OATS reporting requirements in 2011. See, e.g., Rule 613 Adopting Release, supra note 8, at 45728; 17 CFR 242.600(65) (defining “NMS stock” as “any NMS security other than an option”).

1. See, e.g., Rule 613 Adopting Release, supra note 8, at 45729.

11.

 
See
In the Matter of Certain Activities of Options Exchanges, Administrative Proceeding File No. 3-10282, Securities Exchange Act Release No. 43268 (Sept. 11, 2000), available at https://www.sec.gov/​enforcement-litigation/​administrative-proceedings/​34-43268.

12.

 
See
Staff Paper on Cross-Market Regulatory Coordination, available at https://www.sec.gov/​about/​divisions-offices/​division-trading-markets/​staff-paper-cross-market-regulatory-coordination.

1. See, e.g., Rule 613 Adopting Release, supra note 8, at 45728 (“Although these developments with respect to the scope of FINRA's OATS rules reduce the number of audit trails with disparate requirements, they still do not result in a comprehensive audit trail that provides regulators with accurate, complete, accessible, and timely data on the overall markets for which regulators have oversight responsibilities.”); see also, e.g., Securities Exchange Act Release No. 77724 (Apr. 27, 2016), 81 FR 30614, 30670 (May 17, 2016) (“Regardless of whether order lifecycle reports are reflected in the same or different data sources, the process of linking lifecycle events is complex and can create inaccuracies. Merging different data sources often involves translating the data sources into the same format, which can be a complex process that is prone to error. Linking records within or across data sources also requires the sources to share `key fields' that facilitate linkage, along with a successful linking algorithm. Regulators may be unable to link some data source combinations accurately because the data sources do not have key fields in common or the key fields are not sufficiently granular. . . . The inability to link all records affects the accuracy of the resulting data and can force an inefficient manual linkage process that would delay the completion of the data collection and analysis portion of the examination, investigation, or reconstruction.” (citations omitted)).

14.

 
See
Rule 613 Adopting Release, supra note 8; 17 CFR 242.613.

1. See, e.g., Rule 613 Adopting Release, supra note 8, at 25722-23.

16.

 
See
Securities Exchange Act Release No. 79318 (Nov. 15, 2016), 81 FR 84696 (Nov. 23, 2016) (“CAT NMS Plan Approval Order”). The CAT NMS Plan is Exhibit A to the CAT NMS Plan Approval Order.
See
CAT NMS Plan Approval Order, at 84943-85034.

17.

 
See
CAT Q2 & Q3 2024 Quarterly Progress Report (July 29, 2024), available at https://catnmsplan.com/​sites/​default/​files/​2024-07/​CAT_​Q2-and-Q3-2024-QPR.pdf. On April 20, 2020, the Commission granted conditional exemptive relief to allow for the implementation of phased Industry Member reporting to the CAT across five phases.
See
Securities Exchange Act Release No. 88702, 85 FR 23075 (Apr. 24, 2020) (“Phased Reporting Exemptive Relief Order”).

1. See, e.g., FINRA Regulatory Notice 21-21, “FINRA Eliminates the Order Audit Trail System (OATS) Rules” (June 17, 2021), available at https://www.finra.org/​rules-guidance/​notices/​21-21. The CAT is currently the only audit trail and/or data source that provides cross-market order-level information to regulators.

2. See, e.g., Securities Exchange Act Release No. 88393 (Mar. 17, 2020), 85 FR 16152 (Mar. 20, 2020) (the “2020 PII Exemptive Relief Order”) (providing conditional exemptive relief from CAT NMS Plan requirements obligating the SROs to collect social security numbers (“SSNs”) and/or individual tax payer identification numbers (“ITINs”), dates of birth, and account numbers associated with natural

persons); Securities Exchange Act Release No. 102386 (Feb. 10, 2025), 90 FR 9642, 9643 (Feb. 14, 2025) (the “2025 PII Exemptive Relief Order”) (providing conditional exemptive relief from CAT NMS Plan requirements obligating the SROs to collect names, addresses, and years of birth for U.S. natural persons); Securities Exchange Act Release No. 104586 (Jan. 13, 2026), 91 FR 2164 (Jan. 16, 2026) (the “CAIS Order”) (codifying the 2020 PII Exemptive Relief Order and the 2025 PII Exemptive Relief Order and, among other things, enabling the SROs to eliminate: (1) historical customer and account-level data, including, among other things, names, addresses, and years of birth, (2) names, addresses, and years of birth (where applicable) for foreign natural persons, for legal entities, and for authorized traders, and (3) employer identification numbers).

1. See, e.g., CAT NMS Plan Approval Order, supra note 16, at 84918-20.

2. See https://catnmsplan.com/​sites/​default/​files/​2024-11/​11.20.24-CAT-LLC-2025-Financial​and​Operating-Budget.pdf.

22.

 For example, the CAT NMS Plan approved in 2016 anticipates that the CAT will process and load more than 58 billion records a day, or approximately 14.6 trillion records a year. (58,000,000,000 × 252 trading days = 14,616,000,000,000).
See
CAT NMS Plan, supra note 16, at Appendix D, Section 1.3 n.262. However, current CAT data volumes are and have been significantly higher than this initial estimate. See e.g., Securities Exchange Act No. 103960 (Sept. 12, 2025), 90 FR 44910 (Sept. 17, 2025) (“2025 Funding Model Amendment”) (stating that CAT data volumes have grown 41% over a three-year period—109 trillion events in 2022, 116 trillion events in 2023, and 154 trillion events in 2024); Cboe, “Growth of U.S. Equities Volumes and Rise of Retail” (Nov. 14, 2024), available at: https://www.cboe.com/​insights/​posts/​growth-of-u-s-equities-volumes-and-rise-of-retail (stating that U.S. equities average daily volume has grown steadily since 2018, and that the average daily volume is at a new norm of over 10 billion shares post-COVID-19 pandemic). There have also been dramatic increases in quoting activity on Listed Options.
See 17 CFR 242.600(b)(52) of Regulation NMS (defining “Listed Option” as “any option traded on a registered national securities exchange or automated facility of a national securities association”); see also CAT NMS Plan, supra note 16, at Section 1.1. (defining a “Listed Option” as having “the meaning set forth in Rule 600(b)(35) of Regulation NMS,” which provision has been redesignated as Rule 600(b)(52) without any changes to its terms). According to SEC staff calculations, the median daily Options Price Reporting Authority (“OPRA”) quote count in January 2017 was approximately 8.8 billion, whereas the median daily OPRA quote count by March 2025 was approximately 243.8 billion—an increase of approximately 2,670 percent.

1. See, e.g., Securities Exchange Act Release No. 101777 (Nov. 27, 2024), 89 FR 97092, 97104-06 (Dec. 6, 2024) (order approving 24X National Exchange's Form 1 application, but stating that a proposed rule change must be filed with the Commission pursuant to Section 19(b) of the Exchange Act and approved before 24X National Exchange can provide the 24X Market Session); Securities Exchange Act Release No. 102400 (Feb. 11, 2025), 90 FR 9794 (Feb. 18, 2025) (order approving proposal by NYSE Arca, Inc. to lengthen the hours of its extended trading sessions, but stating that a proposed rule change must be filed with the Commission pursuant to Section 19(b) of the Exchange Act and approved before such changes can be made); DTCC, “DTCC's NSCC to Increase Clearing Hours to Support Extended Trading” (Mar. 18, 2025), available at https://www.dtcc.com/​news/​2025/​march/​18/​dtccs-nscc-to-increase-clearing-hours-to-support-extended-trading (stating that NSCC will increase clearing hours to support overnight trading activity from alternative trading systems and exchanges, with implementation targeted for Q2 2026).

2. See, e.g., Letter from Stephen John Berger, Managing Director, Global Head of Government & Regulatory Policy, Citadel Securities LLC (“Citadel”), to Vanessa A. Countryman, Secretary, Commission (Oct. 17, 2025), at 5, available at https://www.sec.gov/​comments/​4-698/​4698-669947-2018874.pdf (“Citadel Letter I”).

25.

 
See
Part III.D infra for further discussion of these steps.

1. See https://catnmsplan.com/​sites/​default/​files/​2025-12/​12.08.25-CAT-LLC-2026-Financial​and​Operating_​Budget.pdf.

27.

 
See
Securities Exchange Act Release No. 105003 (Mar. 16, 2026), 91 FR 13410 (Mar. 19, 2026) (the “2026 Funding Model Order”), at Part IV. A.1, for a full discussion of realized costs to build and operate the CAT.

1. See, e.g., Letter from Joanna Mallers, Secretary, FIA Principal Traders Group (“PTG”), to Hon. Paul S. Atkins, Chairman, Commission (June 26, 2025), available at https://www.sec.gov/​comments/​4-853/​4853-618547-1815754.pdf (“PTG Letter I”); Letter from James Toes, President and CEO, Security Traders Association, to Hon. Paul S. Atkins, Chairman, Commission (June 25, 2025), available at https://www.sec.gov/​comments/​4-853/​4853-616887-1809874.pdf (“STA Letter”); Letter from Joseph Corcoran, Managing Director and Associate General Counsel, and Gerald O'Hara, Vice President and Assistant General Counsel, Securities Industry and Financial Markets Association (“SIFMA”), to Hon. Paul S. Atkins, Chairman, Commission (June 6, 2025), available at https://www.sec.gov/​comments/​4-698/​4698-610487-1785814.pdf (“SIFMA Letter I”); Letter from Howard Meyerson, Managing Director, Financial Information Forum (“FIF”), to Commission (July 14, 2025), available at https://www.sec.gov/​comments/​4-698/​4698-625367-1847814.pdf (“FIF Letter I”); Letter from Jaime Klima, General Counsel, New York Stock Exchange, to Hon. Paul S. Atkins, Chairman, Commissioner (Apr. 24, 2025), available at https://www.sec.gov/​comments/​4-698/​4698-598195-1737842.pdf. See also, e.g., Securities Exchange Act Release No. 104504 (Dec. 23, 2025), 90 FR 61506, 61553-36 (Dec. 31, 2025) (identifying, without formally proposing, two potential cost-savings measures for the Commission's consideration). Although some suggestions were beyond the scope of the Commission's consideration in other contexts, nothing precludes the Commission from evaluating such suggestions in the context of this review.

2. See, e.g., Letter from Stephen John Berger, Managing Director, Global Head of Government & Regulatory Policy, Citadel, to Vanessa A. Countryman, Secretary, Commission (Jan. 15, 2026), available at https://www.sec.gov/​files/​rules/​petitions/​2026/​petn4-878.pdf (“Citadel Petition”); Letter from J. Matthew DeLesDernier, Deputy Secretary, Commission, to Stephen John Berger, Global Head of Government and Regulatory Policy, Citadel (Feb. 18, 2026), available at https://www.sec.gov/​files/​rules/​petitions/​2026/​4-878_​rulemaking-petition-letter.pdf (“Response to Citadel Petition”). See also, e.g., Letter from Tyler Gellasch, President and CEO, Healthy Markets Association, to Hon. Gary Gensler, Chair, Commission (Sept. 19, 2024), available at https://www.sec.gov/​files/​rules/​petitions/​2024/​petn4-843.pdf (“Healthy Markets Petition”); Letter from John A. Zecca, Executive Vice President, Global Chief Legal, Risk & Regulatory Officer, Nasdaq, and J. Patrick Sexton, Executive Vice President, General Counsel & Corporate Secretary, Cboe, to Hon. Paul S. Atkins, Chairman, Commission (Apr. 24, 2025), available at https://www.sec.gov/​comments/​4-698/​4698-598775-1738922.pdf. There have also been legal challenges to the CAT, including to the Commission's authority to require the SROs to implement and operate the CAT. See, e.g., Amended Class-Action Compliant for Declaratory, Injunctive, and Mandamus Relief, Davidson et al. v. Atkins, No. 6:24-cv-00197 (W.D. Tex. Jan. 13, 2025). On February 4, 2026, the Court granted the Commission's motion to continue to hold the case in abeyance until July 15, 2026. Text Order, Davidson et al. v. Atkins, No. 6:24-cv-00197 (W.D. Tex. Feb. 4, 2026). In addition, market participants have challenged the CAT's funding model. See Am. Sec. Ass'n et al. v. SEC, No. 26-10936 (11th Cir. Mar. 24, 2026); see also Am. Sec. Ass'n v. SEC, 147 F.4th 1264 (11th Cir. 2025) (11th Cir. 2025) (vacating an order that implemented a modified funding model for the CAT and remanding the matter to the Commission for further proceedings consistent with its opinion).

3. 15 U.S.C. 78q(a)(1) (requiring every national securities exchange, member thereof, broker or dealer who transacts a business in securities through the medium of any such member, registered securities association, and registered broker or dealer, among other parties, to make and keep for prescribed periods such records, furnish such copies thereof, and make and disseminate such reports as the Commission, by rule, prescribes as necessary or appropriate in the public interest, for the protection of investors, or otherwise in furtherance of the purposes of this chapter). Specific books and records requirements, including storage and retention requirements, are set forth for the SROs and broker-dealers in rules promulgated by the Commission. See, e.g., 17 CFR 240.17a-1; 17 CFR 240.17a-3; 17 CFR 240.17a-4; 17 CFR 240.17a-6; 17 CFR 240.17a-7.

4. See, e.g., Nasdaq Options 6E, Section 1; Cboe Rule 7.1; NYSE Rule 440. Under Section 19(b) of the Exchange Act, SROs generally must file proposed rule changes with the Commission for notice, public comment, and Commission review, prior to implementation.
   See 15 U.S.C. 78s; 17 CFR 240.19b-4.

32.

 An “NMS Security” means “any security or class of securities for which transaction reports are collected, processed, and made available pursuant to an effective transaction reporting plan, or an effective national market system plan for reporting transactions in Listed Options.” An “OTC Equity Security” means “any equity security, other than an NMS Security, subject to prompt last sale reporting rules of a registered national securities association and reported to one of such association's equity trade reporting facilities.”
See
CAT NMS Plan, supra note 16, at Section 1.1.

1. See, e.g., Rule 613 Adopting Release, supra note 8, at 45723, 45726.

2. See also CAT NMS Plan, supra note 16, at Section 1.1 (defining “Industry Member” as “a member of a national securities exchange or a member of a national securities association”).

35.

 Rule 613 and the CAT NMS Plan identify the information that must be reported by the SROs and the information that the SROs must obligate their members to report through compliance rules. See, e.g., 17 CFR 242.613(c)(7); CAT NMS Plan, supra note 16, at Sections 6.3-6.4. Further guidance about how to report to the CAT is provided by detailed technical specifications available on the CAT NMS Plan website. See https://catnmsplan.com/​specifications/​participants; https://catnmsplan.com/​specifications/​im.

36.

 “Plan Processor” means “the Initial Plan Processor or any other Person selected by the Operating Committee pursuant to SEC Rule 613 and Sections 4.3(b)(i) and 6.1, and with regard to the Initial Plan Processor, the Selection Plan, to perform the CAT processing functions required by SEC Rule 613 and set forth in this Agreement.”
See
CAT NMS Plan, supra note 16, at Section 1.1; see also id. (defining “Operating Committee” as “the governing body of the Company designated as such and described in Article IV”).

37.

 “Central Repository” means “the repository responsible for the receipt, consolidation, and retention of all information reported to the CAT pursuant to SEC Rule 613 and this Agreement.” Id. at Section 1.1.

1. Id. at Appendix D, Section 3. The “CAT-Order-ID” is “a unique order identifier or series of unique order identifiers that allows the central repository to efficiently and accurately link all reportable events for an order, and all orders that result from the aggregation or disaggregation of such order.” See also 17 CFR 242.613(j)(1).

39.

 “SIP Data” means: “(A) information, including the size and quote condition, on quotes including the National Best Bid and National Best offer for each NMS Security; (B) Last Sale Reports and transaction reports reported pursuant to an effective transaction reporting plan filed with the SEC pursuant to, and meeting the requirements of, SEC Rules 601 and 608; (C) trading halts, Limit Up/Limit Down price bands, and Limit Up/Limit Down indicators; and (D) summary data or reports described in the specifications for each of the SIPs and disseminated by the respective SIP.” Id. at Section 6.5(a)(ii); see also 17 CFR 242.613(e)(7). Although the CAT was originally required to link SIP Data with other transactional data reported to the CAT, the Commission has granted exemptive relief from that requirement. See, e.g., 2025 Cost Savings Exemptive Relief Order, supra note 25, at 47856-57.

40.

 
See
CAIS Order, supra note 19.

41.

 “Eligible Security” includes “(a) all NMS Securities and (b) all OTC Equity Securities.”
See
CAT NMS Plan, supra note 16, at Section 1.1.

42.

 
See
2020 PII Exemptive Relief Order, supra note 19, for further explanation of how CCIDs are generated.

43.

 
See
Part III.F, Modification and/or Replacement of the EBS System infra for further discussion of this process.

44.

 
See
EBS Adopting Release, supra note 5, at 35837; 17 CFR 240.17a-25.

1. 17 CFR 240.17a-25(a)(1).

2. Id. at (a)(2). Rule 17a-25 also requires certain prime brokerage identifiers, average price account identifiers, and identifiers used by depository institutions to be reported upon request. Id. at (b).

47.

 
See
CAIS Order, supra note 19.

48.

 
See 17 CFR 240.13h-1.

1. Id. at (a)(1) (defining “large trader” as “any person that: (i) [d]irectly or indirectly, including through other persons controlled by such person, exercises investment discretion over one or more accounts and effects transactions for the purchase or sale of any NMS security for or on behalf of such accounts, by or through one or more registered broker-dealers, in an aggregate amount equal to or greater than the identifying activity level; or (ii) [v]oluntarily registers as a large trader by filing electronically with the Commission Form 13H”); id. at (a)(7) (defining “identifying activity level” as “aggregate transactions in NMS securities that are equal to or greater than: (i) [d]uring a calendar day, either two million shares or shares with a fair market value of $20 million; or (ii) [d]uring a calendar month, either twenty million shares or shares with a fair market value of $200 million”).

2. See, e.g., Rule 613 Adopting Release, supra note 8, at 45733.

3. 17 CFR 240.13h-1(b).

4. Id. at (b)(2).

5. Id. at (a)(9) (“Unidentified Large Trader” means “each person who has not complied with the identification requirements” of Rule 13h-1(b)(1) and (b)(2) “that a registered broker-dealer knows or has a reason to know is a large trader”).

6. See also notes 182-191 and associated text infra for additional discussion of the data accessible through the EBS system.

55.

 
See
notes 30-31 and associated text supra.

56.

 NSCC is a subsidiary of the Depository Trust and Clearing Corporation and provides centralized clearing information and settlement services to broker-dealers for trades involving equities, corporate and municipal debt, American depository receipts, exchange traded funds, and unit investment trusts.

57.

 A CUSIP number is a unique alphanumeric identifier assigned to a security.

58.

 OCC provides clearing and settlement services for equity derivatives, options, futures, and securities lending transactions.

59.

 The high-level, end-of-day, and often netted nature of these NSCC and OCC reports, and the limited information they provide, means that they typically serve only as a starting point for certain types of investigations—a tool that regulators use to narrow down the parties to contact for additional information on certain transactions.

60.

 In addition to market-specific audit trails, the SROs have maintained COATS. OATS, however, was retired as of September 1, 2021.
See
note 18 and associated text supra.

61.

 FINRA maintains trade reporting facilities that provide a mechanism for the reporting of transactions in listed equity securities effected otherwise than on a national securities exchange, as well as an over-the-counter reporting facility and an alternative display facility (collectively, “FINRA Facilities”). See, e.g., FINRA Rules 6200, 6300, 6600, 7100, 7200, and 7300.

62.

 These consolidated data feeds include: (1) the Consolidated Tape System (“CTS”) and the Consolidated Quote System (“CQS”) (Tape A and Tape B); the UTP Quotation Data Feed (“UQDF”) and the UTP Trade Data Feed (“UTDF”) (Tape C); and OPRA.

1. See https://www.sec.gov/​securities-topics/​market-structure-analytics/​midas-market-information-data-analytics-system.

2. See, e.g., 17 CFR 240.17a-25. As discussed above, the SROs have similar rules that enable them to obtain data from their members. See, e.g., note 31 supra.

65.

 
See 17 CFR 242.613.

1. Id. at (a)(1), (c).

2. Id. at (e)(1).

3. Id. at (a)(4).

4. Id. at (b)(1).

70.

 The CAT NMS Plan functions as the limited liability company agreement of Consolidated Audit Trail, LLC, the jointly owned limited liability company formed under Delaware state law through which the SROs conduct the activities of the CAT (“CAT LLC” or the “Company”). Each SRO is a member of the Company and jointly owns the Company on an equal basis.
See
CAT NMS Plan, supra note 16.

1. See, e.g., Healthy Markets Petition, supra note 29, at 2 n.2 (suggesting that the Commission “end the CAT NMS Plan” and instead “contract with a third party, including FINRA CAT, LLC, to continue to develop, maintain, and operate the CAT”); Letter from Katie Kolchin, CFA, Managing Director, Head of Equity & Options Market Structure, and Joseph Corcoran, Managing Director & Associate General Counsel, SIFMA, to Vanessa A. Countryman, Secretary, Commission (Mar. 12, 2026), at 7-8, available at https://www.sec.gov/​comments/​4-698/​4698-722187-2261374.pdf (“SIFMA Letter II”) (“SIFMA continues to believe that the CAT structure as an NMS plan is a very inefficient way to manage the equity and listed options audit trail that CAT represents. . . . We continue to believe that the audit trail the CAT represents can be run more efficiently by the Commission.”).

72.

 
See
CAT NMS Plan, supra note 16, at Section 4.1; see also id. at Section 4.2(a) (stating that one voting member may have the right to vote on behalf of multiple affiliated SROs and that an alternate voting member representing each SRO shall have a right to vote in the absence of that SRO's voting member).

1. Id.

74.

 For instance, FINRA “has repeatedly questioned the voting structure that governs the CAT NMS Plan,” which it states allows “large voting blocks for affiliated exchanges to impose costs on other SROs.” According to FINRA, “four blocks of affiliated exchanges together represent 21 out of 27 votes, resulting in voting dynamics that are susceptible to outcomes that favor some Participants at the expense of the broader securities industry.”
See
Letter from Steffen N. Johnson, Wilson Sonsini Goodrich & Rosati P.C., to Vanessa Countryman, Secretary, Commission (Oct. 17, 2025), at 16, available at https://www.sec.gov/​comments/​4-698/​4698-670027-2019234.pdf.

75.

 The national market system plan regarding the consolidated equity market data (the “CT Plan”) takes a similar approach, stating that the CT Plan operating committee “shall include one Voting Representative designed by each SRO Group and each Non-Affiliated SRO to vote on behalf of such SRO Group or such Non-Affiliated SRO” and that “[e]ach Voting Representative shall be authorized to cast one vote on behalf of the SRO Group or Non-Affiliated SRO that he or she represents . . . .”
See
Securities Exchange Act Release No. 101672 (Nov. 20, 2024), 89 FR 94924 (Nov. 29, 2024), at Sections 4.2(a) and 4.3(a).

1. See, e.g., Letter from Stephen John Berger, Managing Director, Global Head of Government & Regulatory Policy, Citadel, to Vanessa A. Countryman, Secretary, Commission (July 14, 2023), at 3, available at https://www.sec.gov/ comments/4-698/4698-224499-470142.pdf (“Citadel Letter II”) (recommending that the Commission “[a]llocate voting rights similar to the NMS Plan for consolidated equity market data”).

2. See, e.g., CT Plan, supra note 74, at Section 4.3(a) (“[E]ach Voting Representative representing an SRO Group or Non-Affiliated SRO whose combined market center(s) have consolidated equity market share of more than fifteen (15) percent during four of the six calendar months preceding an Operating Committee vote shall be authorized to cast two votes.”).

78.

 “Majority Vote” is defined as “the affirmative vote of at least a majority of all of the members of the Operating Committee or any Subcommittee, as applicable, authorized to cast a vote with respect to a matter presented for a vote (whether or not such a member is present at any meeting at which a vote is taken) by the Operating Committee or any Subcommittee, as applicable (excluding, for the avoidance of doubt, any member of the Operating Committee or any Subcommittee, as applicable, that is recused or subject to a vote to recuse from such matter pursuant to Section 4.3(d)).”
See
CAT NMS Plan, supra note 16, at Section 1.1.

79.

 “Supermajority Vote” is defined as “the affirmative vote of at least two-thirds of all of the members of the Operating Committee or any Subcommittee, as applicable, authorized to cast a vote with respect to a matter presented for a vote (whether or not such a member is present at any meeting at which a vote is taken) by the Operating Committee or any Subcommittee, as applicable (excluding, for the avoidance of doubt, any member of the Operating Committee or any Subcommittee, as applicable, that is recused or subject to a vote to recuse from such matter pursuant to Section 4.3(d)); provided that if two-thirds of all of such members authorized to cast a vote is not a whole number then that number shall be rounded up to the nearest whole number.” Id.

1. Id. at Section 4.3.

2. See, e.g., Citadel Letter II, supra note 75, at 3 (“All actions relating to funding should require authorization by a Supermajority vote.”).

82.

 
See 17 CFR 242.613(b)(7).

1. Id. at (b)(7)(ii).

2. Id. at Section 4.13(d).

3. See, e.g., PTG Letter I, supra note 28, at 2 (“[M]arket participants have no meaningful representation on the Operating Committee charged with designing and operating the CAT and, thus, have been excluded from key decisions regarding design, scope, and budget.”); Citadel Letter II, supra note 75, at 6. (“Industry Members lack even a single representative on the CAT Operating Committee and, therefore, cannot vote on the design, implementation, or funding of CAT. While there is a separate Advisory Committee that contains industry representation, its recommendations are non-binding and thus can be (and have been) completely ignored by the CAT Operating Committee.”).

4. See Nasdaq Stock Mkt. LLC v. SEC, 38 F.4th 1126 (D.C. Cir. 2022).

5. 15 U.S.C. 78k-1.

6. Id. at Section 4.13(e).

89.

 “CAT Data” means “data derived from Participant Data, Industry Member Data, SIP Data, and such other data as the Operating Committee may designate as “CAT Data” from time to time.”
See
CAT NMS Plan, supra note 16, at Section 1.1.

90.

 
See
2026 Funding Model Order, supra note 27.

1. See, e.g., note 29 supra.

2. 15 U.S.C. 78k-1; 15 U.S.C. 78q.

3. See id.

4. 15 U.S.C. 78s(b).

5. 17 CFR 240.19b-4.

6. See, e.g., 2026 Funding Model Order, supra note 27, at 13412-13.

7. Id. at 13412-14.

8. Id. at 13412.

99.

 
See
Securities Exchange Act Release No. 105107 (Mar. 27, 2026), 91 FR 16284, 16307 (Apr. 1, 2026) (“2026 Cost Savings Order”).

1. See, e.g., Citadel Letter II, supra note 75, at 3 (setting forth proposed independent cost review mechanisms).

101.

 
See 15 U.S.C. 78s(b).

102.

 
See 17 CFR 240.19b-4.

1. See, e.g., 2026 Funding Model Order, supra note 27, at 13412-13.

104.

 As discussed in the 2026 Funding Model Order, the Exchange Act already expressly contemplates the ability of the SROs to recoup the costs of fulfilling their statutory obligations by indirectly passing costs associated with regulatory activities through to their members. This process is cabined by the Rule 19b-4 fee filing process and the necessity for a SRO to establish that an increase in any existing fee is, among other things, reasonable, equitable, and not unfairly discriminatory. See, e.g., id. at 13422; 17 CFR 240.19b-4.

105.

 
See
Securities Exchange Act Release No. 98290 (Sept. 6, 2023), 88 FR 62628 (Sept. 12, 2023).

106.

 
See
Opinion, ASA v. Commission, No. 23-113396 (11th Cir. July 25, 2025).

1. See https://catnmsplan.com/​sites/​default/​files/​2025-12/​12.08.25-CAT-LLC-2026-Financial​and​Operating_​Budget.pdf.

108.

 
See
Citadel Petition, supra note 29.

109.

 
See
Response to Citadel Petition, supra note 29.

1. Id.

111.

 
See
2026 Funding Model Order, supra note 27, at 13444.

112.

 
See
SIFMA Letter I, supra note 28, at 6. See also, e.g., Letter from Joanna Mallers, Secretary, PTG, to Vanessa A. Countryman, Secretary, Commission (Nov. 24, 2025), at 3, available at https://www.sec.gov/​comments/​4-698/​4698-678568-2084374.pdf (“PTG Letter II”); Citadel Letter I, supra note 24, at 3; Healthy Market Petition, supra note 29, at 2-3.

113.

 
See
SIFMA Letter I, supra note 28, at 6. See also, e.g., PTG Letter II, supra note 111, at 3 (“Re-architecting CAT's budget in this way would be significant improvement from the status quo, addressing many of the governance failures and conflicts of interest that persist under the current structure.”); Citadel Letter I, supra note 24, at 13 (stating that the Commission “must include the CAT in its appropriated budget” to provide “meaningful checks and balances as part of the governance process—the Commission will be incentivized to carefully oversee the size of the CAT budget and carefully weigh the costs and benefits of required functionality, while Congress will have a clear role in order to protect against waste and regulatory overreach”); Healthy Markets Petition, supra note 29, at 2 (“[E]nsure that the funding for this essential governmental tool would be subject to Congressional appropriations[.]”).

114.

 
See 15 U.S.C. 78ee(a) (“The Commission shall, in accordance with this section, collect transaction fees and assessments that are designed to recover the costs to the Government of the annual appropriation to the Commission by Congress.”).

1. 17 CFR 240.31.

116.

 
See
Securities Exchange Act Release No. 49928 (June 28, 2004), 69 FR 41060, 41072 (July 7, 2004) (further stating that “Section 31 places no obligation on members of covered SROs or their customers, and it is misleading to suggest that a customer or an SRO member incurs an obligation to the Commission under Section 31”).

117.

 
See
Securities Exchange Act Release No. 101901 (Dec. 12, 2024), 89 FR 103033 (Dec. 18, 2024).

118.

 An “Options Market Maker” is a “broker-dealer registered with an exchange for the purpose of making markets in options contracts on the exchange.”
See
CAT NMS Plan, supra note 16, at Section 1.1. Each Participant has also promulgated rules for its members that generally govern what constitutes a “market maker quote” and/or “market maker quotation” for that Participant. See, e.g., The Nasdaq Stock Market LLC Rules, Options 2, Section 5, “Market Maker Quotations”; Cboe Exchange, Inc. Rule 5.52, “Market Maker Quotes”; NYSE Arca, Inc. Rule 6.37AP-O, “Market Maker Quotations.” See also note 22 supra.

119.

 2024 CAT Cost Savings Amendment, supra note 116.

120.

 
See
Securities Exchange Act Release No. 104144 (Sept. 30, 2025), FR 90 47853, 47854-55 (Oct. 2, 2025).

1. Id.

2. See https://catnmsplan.com/​sites/​default/​files/​2024-11/​11.20.24-CAT-LLC-2025-Financial​and​Operating-Budget.pdf.

3. See https://catnmsplan.com/​sites/​default/​files/​2025-05/​05.19.25-CAT-LLC-2025-Financial​and​Operating-Budget.pdf.

4. See https://catnmsplan.com/​sites/​default/​files/​2025-11/​11.07.25-CAT-LLC-2025-Finacial​and​Operating-Budget.pdf.

5. See https://catnmsplan.com/​sites/​default/​files/​2025-12/​12.08.25-CAT-LLC-2026-Financial​and​Operating_​Budget.pdf.

126.

 
See
2026 Cost Savings Order, supra note 98; see also CAIS Order, supra note 19.

127.

 
See
Securities Exchange Act Release No. 104504 (Dec. 23, 2025), 90 FR 61506, 61506-08 (Dec. 31, 2025) (“2025 Cost Savings Amendment”); see also, e.g., CAIS Order, supra note 19, at 2186-88.

1. See, e.g., PTG Letter I, supra note 28, at 3 (urging the Commission to “[e]liminate duplicative reporting of orders and cancellations sent to exchanges”); Citadel Letter I, supra note 24, at 13 (“Reduce, simplify, and streamline the data fields required to be reported, rely on TRF or exchange-reported data when possible, and eliminate unnecessary records.”).

2. See, e.g., PTG Letter I, supra note 28, at 3 (“Optimize overall reporting requirements.”); SIFMA Letter I, supra note 28, at 6 (“Optimize CAT Reporting.”).

130.

 
See
note 35 supra; see also, e.g., See
SIFMA Letter I, supra note 28, at 6 (“CAT transaction technical specifications and resulting database are unnecessarily large and complex. They could be scaled back to include only essential transactions, errors, and data elements.”); PTG Letter I, supra note 28, at 3 (“The CAT database (and associated technical specifications) can be optimized and should only include essential transaction, error, and data elements to reduce compute and storage costs.”); Citadel Letter I, supra note 24, at 13 (“Reduce, simplify, and streamline the data fields

required to be reported, rely on TRF or exchange-reported data when possible, and eliminate unnecessary records.”).

131.

 
See
Industry Member Reporting Scenarios, available at https://catnmsplan.com/​specifications/​imreportingscenarios.

132.

 
See
note 35 supra.

1. See, e.g., Letter from Joseph Corcoran, Managing Director, Associate General Counsel, SIFMA, Ellen Greene, Managing Director, Equities & Options Market Structure, SIFMA, and Howard Meyerson, Managing Director, FIF, to Commission (July 31, 2023), at 17, available at https://www.sec.gov/​comments/​4-698/​4698-238359-498762.pdf (“SIFMA and FIF Letter”) (indicating that the use of “common FIX standards as the data format, and deriving industry members' CAT reports from their FIX engines, rather than their downstream “ticket” systems” may have better enabled two-sided reporting).

134.

 
See
CAT NMS Plan, supra note 16, at Appendix D, Section 3; see also id. at Section 1.1 (defining “CAT Reporter” as “each national securities exchange, national securities association and Industry Member that is required to record and report information to the Central Repository pursuant to SEC Rule 613(c)”).

135.

 According to the CAT NMS Plan, “Trading Day” shall “have such meaning as is determined by the operating Committee. For the avoidance of doubt, the Operating Committee may establish different Trading Days for NMS Stocks . . . , Listed Options, OTC Equity Securities, and any other securities that are included as Eligible Securities from time to time.” See id. at Section 1.1. Currently, the Trading Day for Industry Members runs from 4:15 p.m. ET on one trade to 4:15 p.m. on the next trade date, and the Trading Day for Participants runs from midnight on one trade date to midnight on the next trade date. See https://catnmsplan.com/​specifications/​participants; https://catnmsplan.com/​specifications/​im.

136.

 
See
CAT NMS Plan, supra note 16, at Appendix D, Section 6.1.

1. Id. at Appendix D, Section 6.1.

2. Id. at Appendix D, Section 6.2; see also 2026 Cost Savings Order, supra note 98, at 16300-01.

139.

 
See
CAT NMS Plan, supra note 16, at Appendix D, Section 6.1.

1. Id.; see also 2026 Cost Savings Order, supra note 98, at 16300-01.

141.

 
See
2025 Cost Savings Amendment, supra note 126, at 61535-36.

1. Id. at 61535 n.139.

2. Id. at 61535.

3. See, e.g., Letter from Howard Meyerson, Managing Director, FIF, to Commission (Feb. 10, 2026), at 4, available at https://www.sec.gov/​comments/​4-698/​4698-702007-2205454.pdf (“FIF Letter III”).

4. See, e.g., PTG Letter I, supra note 28, at 3 (“The CAT linkage processes are overly complex and costly. We recommend optimizing the linkage process and extending associated timelines to reduce costs and increase efficiency.”); SIFMA Letter I, supra note 28, at 6 (“We recommend a set of detailed changes that would optimize linkage processing based on regulatory utility and need, resulting in significantly decreased processing times and costs.”); Citadel Letter I, supra note 24, at 14 (“Optimize the linkage process, including by eliminating the production of all interim linkage data by FINRA CAT.”).

146.

 
See
SIFMA Letter I, supra note 28, at 5 n.18.

147.

 “Interim Operational Data” means “all processed, validated and unlinked data made available to regulators by T+2 at 8:00 a.m. ET and all iterations of processed data made available to regulators between T+2 and T+6, but excludes the final version of corrected data that is made available at T+6 at 8:00 a.m. ET” as well as processed data relating to OMM Quotes that is made available to regulators by T+2 at 8:00 a.m. ET.
See
CAT NMS Plan, supra note 16, at Appendix D, Section 6.4.

148.

 “Options SIP Data” means “quote and NBBO data included in the SIP Data from the OPRA Plan or any successor SIP for Listed Options.” See id.

149.

 
See
2026 Cost Savings Order, supra note 98, at 16288-92.

1. See, e.g., Letter from Michael Simon, CAT NMS Plan Operating Committee Chair, to Vanessa Countryman, Secretary, Commission (Jan. 29, 2020), available at https://catnmsplan.com/​sites/​default/​files/​2020-02/​Amended-Exemptive-Request-CCID-and-Modified-PII-Approaches%28Final%29.pdf.

2. See, e.g., 2020 PII Exemptive Relief Order, supra note 19, at 16152; see also Letter from Brandon Becker, CAT NMS Plan Operating Committee Chair, to Vanessa Countryman, Secretary, Commission (July 25, 2025), at 8 n.30, available at https://www.sec.gov/​comments/​4-698/​4698-632107-1870294.pdf.

3. See, e.g., 2020 PII Exemptive Relief Order, supra note 19, at 16152-53. The Commission has recognized that “there is a risk that the CAT may not reliably generate unique CCIDs for foreign Customers, as a unique foreign Customer may have multiple government issued IDs used across multiple broker-dealers to generate . . . multiple CCIDs.”
   See
   CAIS Order, supra note 19, at 2174. The “potential existence of multiple CCIDs for one customer may make it more difficult for regulators to identify the full extent of such persons' trading activity. . . .” Id. at 2174-75.

153.

 
See
2025 Cost Savings Amendment, supra note 126, at 61534-35.

1. Id. at 61534.

2. See, e.g., FIF Letter III, supra note 143, at 2-3. See also, e.g., Letter from Jaime Klima, General Counsel, NYSE, to Vanessa Countryman, Secretary, Commission (July 22, 2025), available at https://www.sec.gov/​comments/​4-698/​4698-598195-1737842.pdf (“At this time, CCIDs are needed for the NYSE Exchanges to comply effectively with their SRO obligations, and we presume the same holds true for other exchange and association SROs. Transitioning to a CAT without CCIDs would bring further increased costs to both the SROs and the industry to allow for changes to the CAT system and to meet new reporting requirements.”).

156.

 Some market participants have already generally urged the Commission to “codify its orders granting temporary exemptive relief for certain CAT requirements that are unreasonable and burdensome,” but such comments were received before the most recent exemptive relief was granted by the Commission.
See
PTG Letter I, supra note 28, at 4; see also, e.g., SIFMA Letter I, supra note 28, at 5 (“The SEC should review all of its orders granting temporary exemptive relief from CAT reporting requirements with a view to making them permanent (e.g., representative order, verbal quotes).”).

157.

 
See
Securities Exchange Act Release No. 103275 (June 16, 2025), 90 FR 26337 (June 20, 2025) (the “Verbal Quotes Order”). In issuing the Verbal Quotes Order, the Commission recognized that CAT LLC disputes that verbal activity on exchange floors is required to be reported under Section 6.3(d) of the CAT NMS Plan. The Commission stated that it did not intend the Verbal Quotes Order to “establish any new Plan requirements or to resolve any dispute over whether [verbal activity on exchange floors] is required under the Plan.” Rather, the Commission stated its understanding that the Verbal Quotes Order excluded verbal activity on exchange floors until July 31, 2030, to the extent that such data is reportable under Section 6.3(d) of the CAT NMS Plan. See id. at 26341 n.63.

1. See id. at 26342.

2. Id.

3. Id.

4. Id. at 26342-43.

162.

 In the Verbal Quotes Order, the Commission observed that the “scenarios, examples, and discussion of the challenges of natural language processing” provided by commenters had all related to upstairs verbal and manual activity. Id. at 26342.

163.

 
See
Securities Exchange Act Release No. 104662 (Jan. 23, 2026), 91 FR 3572 (Jan. 27, 2026).

1. Id.

2. Id. at 3573.

3. Id. at 3573-74.

167.

 Pursuant to the Phased Reporting Exemptive Relief Order, any bid or offer in response to a request for quote or other form of solicitation response provided in standard electronic format (e.g., FIX) that required no further action by the responder providing the quote to execute or cause a trade to be executed was reportable in Phase 2c for equities and in Phase 2d for options. Phased Reporting Exemptive Relief Order, supra note 17, at 23079. The exemption did not specifically address NIA Electronic RFQ Responses.

168.

 
See
NIA Electronic RFQ Exemptive Relief Order, supra note 162, at 3574.

169.

 “Material Terms of the Order” includes “the NMS Security or OTC Equity Security symbol; security type; price (if applicable); size (displayed and non-displayed); side (buy/sell); order type; if a sell order, whether the order is long, short, short exempt; open/close indicator (except on transactions in equities); time in force (if applicable); if the order is for a Listed Option, option type (put/call), option symbol or root symbol, underlying symbol, strike price, expiration date, and open/close (except on market maker quotations); and any special handling instructions.”
See
CAT NMS Plan, supra note 16, at Section 1.1.

170.

 
See 17 CFR 242.613(c)(7); CAT NMS Plan, supra note 16, at Sections 6.3(d)(i)(F), 6.3(d)(ii)(G), 6.3(d)(iii)(F), 6.3(d)(iv)(E), and 6.4(d)(i).

171.

 
See
Securities Exchange Act Release No. 98848 (Nov. 2, 2023), 88 FR 77128, 77131-32 (Nov. 8, 2023).

172.

 These settings included: (1) ATT—Attributable; (2) DNI—Do Not Increase; (3) DNR—Do Not Reduce; (4) DNRT—Do Not Route; (5) RLO—Retail Liquidity Order; and (6) STP—Self Trade Prevention. Id.

1. Id. at 77131.

2. Id. at 77132. In addition, the exemptive relief was subject to a condition that the SROs maintain and communicate to Industry Members via a CAT Alert a mapping of each exchange-specific port-level setting related to the Exempted Port-Level Settings, substantially in the form of the draft mapping that the SROs had previously provided to the Commission. Id.

3. Id. at 77131.

176.

 
See
Securities Exchange Act Release No. 104664 (Jan. 23, 2026), 91 FR 3557 (Jan. 27, 2026).

1. Id. at 3559.

2. Id. In issuing the Port-level Settings Exemptive Relief Order, the Commission stated that “the regulatory benefits” of two-sided reporting of port-level settings that communicate Material Terms of the Order “are not sufficient to justify the implementation costs and technical difficulty of accurate reporting of port-level settings by both the sender and receiver of an Order.” Id. The Commission observed that port-level settings are not generally part of standard order messages (e.g., FIX messages) sent by firms, that firms do not have the relevant data in their books and records, and that implementing reporting of port-level settings would likely require a costly industry-wide effort. Id.

3. See, e.g., November 2023 Order, supra note 170, at 77131 n.26; PTG Letter I, supra note 28, at 3 (“The Commission should confirm that port-level settings are not required CAT records.”); SIFMA Letter I, supra note 28, at 5 (“The SEC should issue immediate permanent exemptive relief related to the reporting of so-called “Port Settings,” which, despite the SEC staff's historical insistence, the industry does not believe is required to be reported under the CAT NMS Plan.”).

180.

 
See
Securities Exchange Act Release No. 104663 (Jan. 23, 2026), 91 FR 3601 (Jan. 27, 2026). The Commission clarified that such relief was not limited to any specific type of CAT-reportable security. Id. at 3602 n.23.

1. Id. at 3602. See also SIFMA and FIF Letter, supra note 132, at 20-23.

182.

 
See
Representative Order Exemptive Relief Order, supra note 179, at 3602.

183.

 
See
CAT NMS Plan Approval Order, supra note 16, at 84777.

1. See, e.g., note 17 supra.

185.

 The Commission directed staff to develop a proposal for Commission consideration, within six months of the effective date of the CAT NMS Plan Approval Order, to amend Rule 17a-25 and Rule 13h-1 to eliminate the components of EBS that are redundant of CAT, among other things, at such time as CAT Data meets minimum standards of accuracy and reliability.
See
CAT NMS Plan Approval Order, supra note 16, at 84777. The SROs' Plan to Eliminate Existing Rules and Systems, set forth in

Appendix C of the CAT NMS Plan, stated that, to the extent the Commission modified or eliminated Commission rules that require information that is duplicative of information available through the Central Repository, such as Rule 17a-25 and Rule 13h-1, each SRO would analyze its own rules and systems to determine whether any modifications are necessary.
See
CAT NMS Plan, supra note 16, at Appendix C, Section 9. This Plan further provided that each SRO should complete its analysis within three months and that the SROs would coordinate with the Commission regarding modification of the CAT NMS Plan to include information sufficient to eliminate or modify Commission rules or systems that the Commission deemed appropriate. Id.

186.

 As one example, Rule 13h-1(d) sets forth record-keeping and reporting requirements with respect to certain information regarding primary offerings.
See 17 CFR 240.13h-1(a)(6)(ii). Such information is not currently reported to the CAT.

187.

 
See
2025 Cost Savings Exemptive Relief Order, supra note 119, at 47857-58 (permitting the SROs to delete all CAT Data older than five years and other changes to data retention requirements); see also, e.g., 17 CFR 240.17a-4 (requiring broker-dealers to preserve certain records that could be requested via EBS for six years).

188.

 TRACE facilitates the mandatory reporting of over-the-counter transactions in eligible fixed income securities.
See
FINRA Rule 6700.

189.

 Municipal securities dealers submit data about all transactions to the MSRB. Transaction information collected by the MSRB is made public on its website and is available on a subscription basis.
See
MSRB Rule G-14; see also https://www.msrb.org/​Trade-Data.

190.

 
See
note 19 supra; see also 2026 Cost Savings Order, supra note 98, at 16301-07. The SROs are still in the process of implementing the changes to the CAT made possible by the CAIS Order and the 2026 Cost Savings Order.

1. See, e.g., CAT NMS Plan Notice, supra note 13, at 30728 (estimating that a period of duplicative reporting would last for up to 2.5 years); CAT NMS Plan Approval Order, supra note 16, at 84865-66 (estimating that a period of duplicative reporting would last less than 2.5 years). The Commission did not anticipate that CAT implementation would take 8 years. Nor did the Commission anticipate that the CAT would not contain customer and account-level information. However, while costs associated with reporting this information through the EBS system may increase due to the implementation of the CAIS Order, costs associated with maintaining and operating the CAIS will decrease. See, e.g., CAIS Order, supra note 19, at 2186-88.

2. See, e.g., CAIS Order, supra note 19, at 2169, 2179-93; 2026 Cost Savings Order, supra note 98, at 16308; 2025 PII Exemptive Relief Order, supra note 19, at 9645.

3. See, e.g., PTG Letter I, supra note 28, at 3 (suggesting that the Commission “[e]liminate overlapping requirements such as . . . reporting regulatory information to the FINRA Trade Reporting Facilities”).

194.

 “FDID” or “Firm Designated ID” means “(1) a unique and persistent identifier for each trading account designated by Industry Members for purposes of providing data to the Central Repository provided, however, such identifier may not be the account number for such trading account if the trading account is not a proprietary account; (2) a unique and persistent relationship identifier when an Industry Member does not have an account number available to its order handling and/or execution system at the time of order receipt, provided, however, such identifier must be masked; or (3) a unique and persistent entity identifier when an employee of an Industry Member is exercising discretion over multiple client accounts and creates an aggregated order for which a trading account number of the Industry Member is not available at the time of order origination, where each such identifier is unique among all identifiers from any given Industry Member.”
See
CAT NMS Plan, supra note 16, at Section 1.1. Unlike CCIDs, FDIDs are not designed or intended to be consistent values across broker-dealers.

195.

 
See
2025 PII Exemptive Relief Order, supra note 19, at 9643.

196.

 Broker-dealers do not have access to CCIDs; moreover, the EBS system does not require broker-dealers to report FDIDs. See, e.g., FINRA Rule 8211 (“Automated Submission of Trading Data Requested by FINRA”); FINRA Regulatory Notice 20-19, FINRA and ISG Announce the Update of Blue Sheet Data Elements and Repositioning of Exchange Code Field (June 23, 2020), available at https://www.finra.org/​rules-guidance/​notices/​20-19.

197.

 
See
FIF Letter I, supra note 28, at 2. According to FIF, its participants include broker-dealers, exchanges, back office service bureaus, and market data, regulatory reporting and other technology vendors in the securities industry. Id. at 1 n.1.

1. Id. at 2, 4. See also, e.g., PTG Letter II, supra note 111, at 3 (“The Commission should also retire duplicative and costly legacy reporting systems, including the electronic blue sheets system (`EBS').”); Citadel Letter I, supra note 24, at 14 (“Retire the Electronic Blue Sheets system.”).

199.

 
See
CAIS Order, supra note 19, at 2169.

1. Id. at 3. See also, e.g., FINRA Blog, supra note 220 (“[O]ver the years there have been concerns about the efficiency and design of Blue Sheets, and consideration could be given to creating a new request and response utility operated in conjunction with CAT to facilitate and streamline the information collection process for both regulators and the impacted broker-dealers.”).

201.

 “CAT System” means “all data processing equipment, communications facilities, and other facilities, including equipment, utilized by the Company or any third parties acting on the Company's behalf in connection with operation of the CAT and any related information or relevant systems pursuant to this Agreement.”
See
CAT NMS Plan, supra note 16, at Section 1.1.

202.

 
See
Letter from Joseph Corcoran, Managing Director & Associate General Counsel, and Gerald O'Hara, Vice President and Assistant General Counsel, to Vanessa Countryman, Secretary, Commission (May 30, 2025), at 3 n.11, available at https://www.sec.gov/​comments/​4-698/​4698-608327-1776534.pdf (“SIFMA Letter III”); see also, e.g., SIFMA Letter II, supra note 70, at 5 (suggesting that an R&R System “rely on the systems and processes used by Industry Members to previously report PII to the CAIS database in CAT”).

203.

 
See
CAIS Order, supra note 19, at n.83.

1. See, e.g., Letter from Robert Walley, CAT NMS Plan Operating Committee Chair, to Vanessa Countryman, Secretary, Commission (Mar. 10, 2026), at 8, available at https://www.sec.gov/​comments/​4-698/​4698-721247-2258814.pdf (“FINRA is currently considering how such a request-response system might be developed and has stated during recent meetings with industry that their input would be welcomed.”).

205.

 
See
note 32 supra.

206.

 
See 17 CFR 240.13h-1.

207.

 With respect to EBS requests, firms submit requested information to the Commission and/or FINRA within 10 business days of the request. See, infra, note 231 and accompanying text.

208.

 
See 17 CFR 240.13h-1.

209.

 
See
FIF Letter II, supra note 143, at 6 (recommending that the Commission “engage in a cost-benefit analysis as to whether to retain, modify or retire large trader reporting in light of CAT and CAIS data now being available,” including a consideration of “any current reliance on EBS and whether and how the replacement of EBS would impact the Commission's current use of large trader reporting data”).

210.

 
See
CAT NMS Plan Approval Order, supra note 16, at 84778.

1. Id.

212.

 
See
17 240.13h-1(a)(9); see also id. at (d)-(e) for the record-keeping and reporting requirements of Rule 13h-1.

1. Id. at (f).

2. Id. at (a)(9).

215.

 
See
FIF Letter II, supra note 143, at 3.

1. Id. at 5.

2. Id.

3. See, e.g., 2026 Cost Savings Order, supra note 98, at 16302; see also, e.g., FIF Letter II, supra note 143, at 4-5.

4. See, e.g., Letter from Christopher A. Iacovella, President & Chief Executive Officer, American Securities Association, to Vanessa Countryman, Secretary, Commission (Oct. 31, 2025), at 2, available at https://www.sec.gov/​comments/​4-698/​4698-672447-2037474.pdf.

5. Id. at 2; see also note 29 supra. The CAIS Order removed requirements that the CAT collect PII from the CAT NMS Plan.
   See
   note 19 supra,

6. See, e.g., Securities Exchange Act Release No. 89632 (Aug. 21, 2020), 85 FR 65990, 65991 (Oct. 16, 2020) (“CAT Data reported to and retained in the Central Repository is thus subject to what the Commission believes are stringent security policies, procedures, standards, and controls.”); see also Robert Cook, President and CEO, FINRA, “CAT Should Be Modified to Cease Collecting Personal Information on Retail Investors” (Jan. 17, 2025), available at https://www.finra.org/​media-center/​blog/​cat-should-be-modified-to-cease-collecting-personal-information-on-retail-investors (“FINRA Blog”) (“CAT has extensive controls in place to

address data security concerns that are continually being evaluated and enhanced.”).

1. See, e.g., FIF Letter I, supra note 28, at 9-10 (raising potential security and privacy concerns regarding the retention of certain information used to generate CCIDs); see also CAIS Order, supra note 19, at 2167-69 (approving proposed amendments that codify the current approach to generating CCIDs, but stating that the Commission is engaged in a comprehensive review of the CAT and expected to engage with the CCID creation process as part of that review).

223.

 U.S. NIST, Special Publication 800-53, Rev. 5, Security and Privacy Controls for Information Systems and Organizations (Sept. 2020), available at https://nvlpubs.nist.gov/​nistpubs/​SpecialPublications/​NIST.SP.800-53r5.pdf (“NIST SP 800-53”).

224.

 U.S. NIST, The NIST Cybersecurity Framework (CSF) 2.0 (Feb. 26, 2024), available at https://nvlpubs.nist.gov/​nistpubs/​CSWP/​NIST.CSWP.29.pdf.

225.

 U.S. NIST, Special Publication 800-207, Zero Trust Architecture (Aug. 2020), available at https://nvlpubs.nist.gov/​nistpubs/​specialpublications/​NIST.SP.800-207.pdf. According to NIST, “[z]ero trust security models assume that an attacker is present in the environment and that an enterprise-owned environment is no different—or no more trustworthy—than any nonenterprise-owned environment. In this new paradigm, an enterprise must assume no implicit trust and continually analyze and evaluate the risks to its assets and business functions and then enact provisions to mitigate these risks. In zero trust, these protections usually involve minimizing access to resources (such as data and compute resources and applications/services) to only those subjects and assets identified as needing access as well as continually authenticating and authorizing the identity and security posture of each access request.”). Id. at 1.

226.

 “Chief Information Security Officer” means “the individual then serving (even on a temporary basis) as the Chief Information Security Officer pursuant to Section 4.6, Section 6.1(b), and Section 6.2(b).”
See
CAT NMS Plan, supra note 16, at Section 1.1.

1. Id. at Section 6.2(b)(vii) (“If the Chief Information Security Officer, in consultation with the Chief Compliance Officer, finds that any such policies and procedures are not comparable to the policies and procedures applicable to the CAT System, and the issue is not promptly addressed by the applicable Participant, the Chief Information Security Officer, in consultation with the Chief Compliance Officer, will be required to notify the Operating Committee of such deficiencies.”).

2. See, e.g., id. at Section 6.5(c)(i), Section 6.5(f), and Appendix D, Sections 4.1, 8.1, 8.2.2

3. See, e.g., 17 CFR 242.613(e)(4)(i)(A) (requiring the CAT NMS Plan to include policies and procedures that require the SROs and the Plan Processor to “agree not to use such data for any purpose other than surveillance and regulatory purposes, provided that nothing in this paragraph (e)(4)(i)(A) shall be construed to prevent a plan sponsor from using the data that it reports to the central repository for regulatory, surveillance, commercial, or other purposes as otherwise permitted by applicable law, rule, or regulation”). See also, e.g., CAT NMS Plan, supra note 16, Section 6.5(c)(i) (“[T]he Plan Processor shall provide Participants and the SEC access to the Central Repository (including all systems operated by the Central Repository), and access to and use of CAT Data stored in the Central Repository, solely for the purpose of performing their respective regulatory and oversight responsibilities pursuant to the federal securities laws, rules and regulations or any contractual obligations.”); id. at Section 6.5(f) (“[T]he Plan Processor shall . . . require all individuals who have access to the Central Repository . . . to agree . . . not to use CAT Data stored in the Central Repository for purposes other than surveillance and regulation in accordance with such individual's employment duties; provided that a Participant will be permitted to use the Raw Data it reports to the Central Repository for regulatory, surveillance, commercial or other purposes as permitted by applicable law, rules, or regulation . . . .”); id. at Appendix D, Section 8.1 (“The Plan Processor must provide Participants' regulatory staff and the SEC with access to all CAT Data for regulatory purposes only. Participants' regulatory staff and the SEC will access CAT Data to perform functions, including economic analyses, market structure analyses, market surveillance, investigations, and examinations.”).

4. See, e.g., id.

231.

 Firms may transmit the requested information to the Securities Industry Automation Corporation (“SIAC”), which will then route the information to the Commission or to an SRO as applicable; alternatively, firms may transmit the requested information using Request Manager, an information exchange application made available via a regulatory portal maintained by FINRA, or FINRA fileX, a secure file sharing solution maintained by FINRA. See, e.g., https://www.finra.org/​filing-reporting/​electronic-blue-sheets-ebs#overview.

232.

 
See
EBS Adopting Release, supra note 5, at 35836 (“Firms are requested to submit, within ten business days, information concerning transactions by all proprietary and customer accounts that bought or sold a security during a specified review period.”); FINRA Regulatory Notice 05-58, “Intermarket Surveillance Group Requires Validation of Electronic Blue Sheets Submissions” (Sept. 7, 2025), available at https://www.finra.org/​rules-guidance/​notices/​05-58 (“In general, blue sheet submissions are to be received by a requesting organization within ten (10) business days following the date of the request for such information.”).

233.

 
See
FIF Letter I, supra note 24, at 4; see also SIFMA Letter III, supra note 201, at 4 (stating that SIFMA members believe EBS “has long-standing security concerns, such as unmasked SSNs and other PII, that have not been addressed”).

234.

 
See
FIF Letter I, supra note 24, at 4

235.

 
See
notes 222-224 supra.

236.

 
See
FIF Letter I, supra note 24, at 7.

1. See, e.g., FIF Letter I, supra note 24, at 8 (suggesting that an R&R System should implement policies that address . . . [c]ategories of personnel that can access the data in the system and for what purpose[, a]ccess controls[, s]urveillance and audit”).

2. See, e.g., id. (suggesting that data requested through an R&R System should be deleted “upon the termination of the applicable investigation” and that there should be “oversight processes to monitor for compliance”).

239.

 
See
Securities Exchange Act Release No. 98738 (Oct. 13, 2023), 88 FR 75100, 75108 n.78 (Nov. 1, 2023).

1. See, e.g., FIF Letter I, supra note 24, at 8.

241.

 
See
PTG Letter I, supra note 28, at 4. See also SIFMA Letter I, supra note 28, at 6 (“[T]he SEC should require the SROs to engage an independent external technology firm at their expense (subject to appropriate security measures to protect CAT data and processes), with input from industry-member experts, to complete a holistic review of the current operations of CAT—including its regulatory uses by the SEC and SROs—to identify ways to further optimize and improve CAT and reduce its costs.”); Citadel Letter I, supra note 24, at 13 (“Engage a third-party technology firm to perform an independent review of the technological design of CAT to identify opportunities to optimize and reduce costs.”).

242.

 The CAT NMS Plan already requires the Plan Processor to create and implement an annual audit plan that includes a review of all Plan Processor policies, procedures, control structures, and tools that monitor and address data security. See, e.g., CAT NMS Plan, supra note 16, at Section 6.2(a)(v)(C) (“The Chief Compliance Officer shall . . . in collaboration with the Chief Information Security Officer, and consistent with Appendix D, Data Security, and any other applicable requirements related to data security and Reference Data, identify and assist the Company in retaining an appropriately qualified independent auditor (based on specialized technical expertise, which may be the Independent Auditor or subject to the approval of the Operating [Committee] by Supermajority Vote, another appropriately qualified independent auditor), and in collaboration with such independent auditor, create and implement an annual audit plan (subject to the approval of the Operating Committee), which shall at a minimum include a review of all Plan Processor policies, procedures and control structures, and real time tools that monitor and address data security issues for the Plan Processor and the Central Repository.”); see id. at Section 1.1 (defining “Chief Compliance Officer” as “the individual then serving (even on a temporary basis) as the Chief Compliance Officer pursuant to Section 4.6, Section 6.1(b), and Section 6.2(a)”). See also, e.g., id. at Appendix D, Section 4.1.3 (“The Plan Processor must include penetration testing and an application security code audit by a reputable (and named) third party prior to launch as well as periodically as defined in the SLA(s).”); id. at Appendix D, Section 5.3 (“The Plan Processor must conduct third party risk assessments at regular intervals to verify the security controls implemented are in accordance with NIST SP 800-53.”).

[FR Doc. 2026-07651 Filed 4-17-26; 8:45 am]

BILLING CODE P

Published Document: 2026-07651 (91 FR 20945)