In a new report, SIFMA continued to object to a FINRA-proposed amendment that would hold industry members liable for a system breach of the National Market System Plan Governing the Consolidated Audit Trail ("CAT"). (See previous coverage.)

SIFMA followed up on its comment letter with a report that concludes that the proposed amendment would indirectly harm investors.

In the report, SIFMA states that should the proposed amendments be adopted:

  1. CAT LLC would not be properly incentivized to protect CAT data, thereby increasing the risk that investor's data would be compromised; and
  2. to protect themselves against liability for a data breach over which they had no control, industry members would make "inefficient" insurance purchases for litigation-related expenses - costs that the members would likely pass to investors.

SIFMA states that if CAT LLC were itself liable for data breaches, then CAT LLC would be "incentivized to invest in the socially optimal level of protection" and would be more "efficient" in purchasing insurance.

Commentary Steven Lofchie

Risks presented by the entire CAT enterprise are significant. Does it really make sense to gather this much financial information under one roof, given the likelihood that hackers from foreign governments and criminal groups will be targeting the system for that information?

The risks of moving forward are compounded if the entity that is holding the information (and responsible for its protection) is insulated from financial loss in the event of a cyber event.

Two obvious questions are:

  • Why should CAT invest in the best (most expensive) cyber protections if the cost of failure will be borne elsewhere?
  • Why does it make sense to impose cyber-liability on firms that have no independent ability to protect the CAT data?

Unless there are good answers to those questions, the liability provisions should be reconsidered.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.