The SEC Will Soon Have Access To Investors' Most Sensitive Info

  • Sam Mire
  • Oct 9, 2017 11:47AM

The Securities and Exchange Commission is the government agency whose stated mission is ‘to protect investors; maintain fair, orderly, and efficient markets; and facilitate capital formation.' Yet, the agency has confirmed that they are requiring the collection of personal information from investors on a scale that puts those investors’ finances and identities at risk.

Worse, the SEC’s reasoning for collecting such information makes no sense. It’s a proposed piece of legislation that has no apparent benefit – despite what the SEC says – while at the same time exposing investors, brokers, and the economy as a whole to potential catastrophe.

At the center of this development is the SEC and Financial Industry Regulatory Authority’s collection of personal information and investor-broker records as part of something called a Consolidated Audit Trail, or CAT. This CAT system would store, according to a Wall Street Journal report, ‘names, birth dates, social security numbers, and brokerage accounts of tens of millions of U.S. investors’. Basically, the most sensitive information one has to give.

This is not a request by the SEC, either. It is a mandate. As in mandatory. Compulsory. Obligatory. And, it is to be put in place by November of 2018. So, unless you plan on completely withdrawing from the investment markets within – considering how long it would take to collect this information from all U.S. investors – a matter of months, then your DOB, social, and record of all of your stock purchases and sales will be put in this database. Presumably, from Warren Buffett to Joe Schmo who buys one stock a year, all investors and their brokers would be subject to this massive data-collection system.

Which, as you will soon understand, is nothing but bad news.

It could potentially, and some would argue likely, constitute financially ruinous news.

The natural question you may be asking is this: how is all of this personal information on literally anybody invested in the stock market going to benefit the SEC? How will it help them ‘to protect investors; maintain fair, orderly, and efficient markets; and facilitate capital formation’? (their words, not mine).

As we hear so often, this data collection is for our own good. Except, the explanation given by the SEC for how CAT will benefit investors’ security is riddled with inaccuracies and falsehoods. According to these regulatory authorities, it was a 2010 ‘flash crash’, in which U.S. stocks cratered 10% in mere minutes, only to regain that 10% minutes later, that has prompted the need for this CAT database of investors and brokers’ personal information. According to the SEC, this database would allow them to catch whoever was to be responsible for future ‘flash crashes’ more quickly (it took them six months in the last case). Not only that, it has been said that the CAT database would allow market manipulators and inside traders to be identified more easily.

There are a few problems with this logic, problems substantial enough to label the entire premise of why the SEC ‘needs’ a CAT database as patently false.

According to Hal Scott and John Gulliver’s column in the Journal, the idea that the SEC needs a database of all investors to find the culprits behind such flash crashes is, well, a lie:

‘Regulators can identify the investor responsible for a market event without a centralized resource of personal information. It can identify the broker behind an order or trade, and then request personal information from the broker. That’s how it found the investor behind the 2010 “flash crash.”’

They add that, even if a malevolent investor were to provide information to be stored in a CAT database, it’s unlikely that information could be traced back to the true actor:

Bad actors don’t typically provide accurate Social Security numbers or names anyhow, so collecting the personal information of all investors is a highly ineffective method of identifying market manipulators.’

And, in the case of the SEC’s claims that this database would help to identify insider traders, Scott and Gulliver have yet another explanation for why this is not the case:

‘Insider traders also try to obscure their identities by using friends, family, or an alias to place trades.’

So, there goes the validity behind the SEC and FIRA’s claims as to why they ‘need’ to collect some – if not the – most sensitive information that Americans have. And, to make matters worse, this database has the potential to be a hacker’s wet dream, to the tune of countless identities stolen and investments lost forever. Lest you believe the SEC would repay you in such circumstances. Ha!

Consider this:

‘Like Equifax and the SEC’s database of corporate filings, the CAT will be a prime target for cyberthieves. And a breach of the CAT could be even more consequential. Cybersecurity experts have said hackers could use the personal information it will store to make direct withdrawals from investors’ retirement accounts.’

Even if social security numbers and highly sensitive personal financial information were not at risk, CAT, according to security experts, would still be a coveted target for hackers:

‘Even if the SEC does not require the collection of highly sensitive personal information, the CAT would still be a target for hackers. It would store all of the orders and trades of each broker-dealer. That’s information hackers could use to misappropriate broker-dealer trading strategies worth hundreds of millions of dollars. The CAT would still be a lucrative target.’

If this best-case hacking scenario, one without SSNs and potential investor portfolios involved, were to occur – and let’s be clear, there are no indications that the SEC plans on scaling back its mandate on collecting all personal information of brokers and investors – the economic result would still be disastrous:

‘a breach could still be catastrophic. Broker-dealers would surely pull back from trading in response to the news that their proprietary trading strategies were no longer secure. 

The resulting volatility could require an indefinite market-wide shut down. That would deal an irreparable reputational blow to our markets.’

Yet, we are on track to, by November 2018, have this CAT database as a legal requirement for everybody invested in the stock market. Those aware of the very real – and potentially catastrophic – risks that the hacking of such a database pose may withdraw their funds, creating an effect similar to that of the hacking itself. Either way you look at it, this SEC-mandated database is a terrible idea that can lead to no good – despite what the SEC says – and potentially market-collapsing consequences, not to mention retirement fortunes and personal identities stolen on an unprecedented scale.

So why then, is this idea being brought into law?

I’ll leave it to the conspiracy theorists as to why the Securities and Exchange Commission, in conjunction with the Financial Industry Regulatory Authority, want the birth dates, social security numbers, and transactional records of everybody who invests in the stock market, assuming their stated reasons are as invalid as they appear to be.

It must be considered why they are so apparently unconcerned with the very real dangers that such a database poses not just to investors, but even the global economy. Data collection, as we know, is a powerful thing, and speculating on motives can be tricky, if not dangerous. But motives unknown, we must look at the cost-benefit analysis, and therefore the consequences of the worst-case scenario.

What we do know is that such a database would put the personal information and financial investments of the nearly half of Americans who invest in the stock market at great risk, with no apparent upside in terms of catching inside traders, market manipulators, or ‘flash crashers’. And, we also know that, as of now, it will be in place by November 2018.

The whole money-under-the-mattress thing ain’t looking as crazy as it once did.