Skip to content

Our SEC comment letter on the Consolidated Audit Trail is now on the public file

Control Now's first comment letter to the SEC, on its review of the Consolidated Audit Trail, has been published on the Commission's public comment file. You can now read it in full. The letter makes two recommendations: create a voluntary framework so routing destinations publish their field mappings (Q34, Q35), and keep two-sided reporting rather than cutting it to save money (Q28). Both rest on one principle, that an audit trail is only worth its cost if the data in it is accurate, complete and trustworthy.

/ Article

Control Now's comment letter to the U.S. Securities and Exchange Commission, responding to the Concept Release on the Consolidated Audit Trail (Release No. 34-105251, File No. S7-2026-12), has now been published on the Commission's public comment file. We shared our thinking when we filed. Now the letter itself is public, so you can read the whole thing rather than our summary of it.

Here is the link to the SEC website - https://www.sec.gov/comments/S7-2026-12/s7202612-848339-2599616.pdf

A reminder of why we wrote it. The SEC has opened a broad review of the CAT and the other audit trails used to regulate US securities markets, covering its purpose, structure, scope, funding, governance, and its cybersecurity and data privacy safeguards. Most of the surrounding debate is a debate about cost. We understand that instinct, but we think it is the wrong place to start. The better question is where the effort is actually being wasted, and which of the expensive parts are earning their keep. Those two questions do not point in the same direction, and treating them as one is how good controls get cut in the name of efficiency.

That distinction runs through both of our recommendations.

First, stop making every firm solve the same problem (Q34, Q35). Every broker-dealer that reports to the CAT has to determine how its order-handling practices map onto each CAT field, and the determinations often involve real interpretive judgement. The handling-instructions field alone carries more than ninety options, and the work is multiplied by every routing destination, each with its own specifications, which keep changing. The result is an enormous, duplicated effort repeated firm by firm, and because discretion is involved, the same practice gets mapped differently across the industry. Our recommendation is that routing destinations publish a mapping of their business specifications to the CAT reporting specifications. They have largely built this already, so the marginal cost of publishing it is low. We have proposed that the CAT Operating Committee establish a voluntary framework, with FINRA CAT reviewing the publications and an SRO statement that reporting consistent with a reviewed mapping is given a presumption of compliance. It is a low-cost, high-impact reform, and we have said we will help build it.

Second, do not cut two-sided reporting to save money (Q28). Two-sided reporting, where both sides of an order report it, is one of the more expensive features of the CAT, and an obvious target if you optimise purely for cost. We argued for keeping it. The reasoning is the same one our own validation process relies on every day: the data clients receive from routing destinations is a critical control that surfaces missing reports, translations that do not line up, and confirmation that an order lifecycle actually completed. The same logic holds at the level of the CAT itself. Several processor validations already depend on two-sided reporting and continue to catch errors, and the Commission's own recent exemption for port-level settings relies on it, because certain material terms are only ever reported by the recipient. Remove it and you would save real money, but you would also remove a proven error-detection mechanism and weaken the data integrity that gives the audit trail its value. A cheaper audit trail that catches fewer errors is not a better audit trail.

Both recommendations are really about the same thing. An audit trail is only worth its cost if the data in it is accurate, complete and trustworthy. Efficiency that improves data quality is worth having. Efficiency that quietly erodes it is a false economy, and it tends to show up later, as the errors you stopped looking for. That principle also shapes how we build: our solutions are designed so that client data stays on client servers throughout the reporting process, which reflects the direction of travel in this review towards minimising unnecessary data concentration.

This is the first time we have put our name to a US market-structure consultation, and that was deliberate. Control Now has spent the better part of a decade on transaction reporting across EMIR, MiFIR/MiFID II, ASIC, MAS and the Canadian regimes. The CAT is a different proposition: it reports orders, not just transactions, at a scale and granularity most regimes do not approach. Working through it has confirmed something we already believed, that the principles of accurate, complete, well-controlled reporting carry across regimes even when the rules do not.

The letter was filed on the firm's behalf by Murray Abel, Managing Director and Co-Founder.

Control Now is a London-based regulatory technology firm. Our no-code solutions cover transaction reporting across EMIR, MiFIR/MiFID II, ASIC, MAS, CSA and the CAT, with the ability to retain client data on client servers throughout the reporting process if required.

Prepared with Thirty4 Advisory.