February 10, 2025/US SEC

By Commissioner Caroline A. Crenshaw

Data are the foundation of advancement. They sit at the heart of innovation, technology, learning, community building, and so many other values crucial to our progress. Data can also be a critical tool in preventing fraud and wrongdoing.

But our data can also be deeply personal or subject to exploitation. That is why, when the government collects data, such collection must be done with due care and assurances that those who access our data are doing so with adequate guardrails and proper purpose. There must be processes and procedures followed to ensure responsible and appropriate use.[1] The fact that data are a powerful tool is not a reason to stop their collection altogether; rather, it is a reason to make use of data for significant and laudable goals—like protecting American business, investors, and the economy. We must weigh the law enforcement and regulatory benefits of the data collection against the potential costs.

The Consolidated Audit Trail (“CAT”) is a seminal example of how data collection can be used for good purpose. The CAT helps make our markets safer, more efficient, and can act as a powerful tool in ferreting out wrongdoing. Yet today, by eliminating critical data collection, we undermine its use and our own effectiveness. We are wiping away the fingerprints from the scene of the crime.

The agency adopted the CAT after the 2010 “Flash Crash” when U.S. markets collapsed and then partially rebounded in less than an hour.[2] The whiplash in prices undermined market confidence and caused significant investor losses.[3] It was clear following the crash that regulators, including this agency, were unprepared to respond to a market event of that magnitude. A complete regulatory response would have required a full and robust analysis of data we did not have.[4] It ultimately took the SEC nearly five months to determine the root causes of the crash,[5] and to this day, the Commission does not have a sense of who was harmed.

We must be more responsive than that. For quick and effective oversight in a crisis, regulators need access to a timely and comprehensive set of data—whether we are trying to figure out a major market event like the Flash Crash, investigate fraud, or identify suspicious foreign activity that may indicate market manipulation or infiltration. The CAT was designed to address outdated regulatory infrastructure by improving the completeness, accuracy, accessibility, and timeliness of data needed to support robust regulatory oversight. [6] And, in fact, it has. [7]

Unfortunately, today we eliminate the CAT’s collection of the most basic customer identifying information,[8] thus impairing regulators’ ability to understand suspicious activity, unwind events, or stave off market disruptions. Today’s order itself acknowledges the negative impact this will have on regulatory efficiency but fails to grapple with the consequences of these diminished capabilities. It leaves unanswered the most basic questions. For example, will it be more difficult for regulators to spot fraud? How much harder will it be to identify certain types of market manipulation? Will it be more difficult to identify and address concerns relating to certain foreign ownership? Will it be more difficult to identify and compensate the victims of swindlers? In times of market disruption and ongoing fraud or manipulation, loss of time means loss of money and loss in market confidence. There is no question that this decision is a loss for markets and investor protection.