Frustrations over the development of a system to track stock trades in the US reached boiling point on Thursday, as the consortium of US stock exchanges responsible for its implementation fired the technology company tasked with building and operating it.

The Consolidated Audit Trail (CAT) is an ambitious program mandated by the US Securities and Exchange Commission (SEC) to store and analyze information on trading in equities and listed options in the US. Overseen by the CAT NMS Plan, which comprises all major self-regulatory organizations (SROs) operating in the US, it was being built and operated by Thesys CAT, a subsidiary of Thesys Technologies.

However, the CAT and Thesys have suddenly parted ways, WatersTechnology has confirmed, with other media reports claiming that control of the project will pass to the Financial Industry Regulatory Authority (Finra).

“Thesys CAT confirms the CAT NMS decision to end Thesys CAT’s CAT contract as plan processor,” says a spokesperson for Thesys. “Thesys CAT went live with Phase One of the CAT project, which went into production on November 15, 2018 and is currently operational ingesting, collecting and processing data. We are working with CAT NMS on a transition plan.”

Spokespeople for Finra referred queries to CAT NMS, which confirmed that it is “transitioning to a new plan processor,” and is “evaluating the impact the transition will have on current industry member implementation plans.” Thesys, it said, will provide appropriate support during this period. The news was first reported by the Wall Street Journal.

The body warned that while certain dates associated with the implementation may change—for example, the initial test period for data ingestion will move from August 2019 to an unconfirmed date later this year, information repeated in a regulatory note issued by the Miax Options Exchange—there are “no material changes planned” surrounding the CAT’s technical specifications for members. It added that it will soon announce a more detailed schedule and host an industry webcast to provide more information and answer questions from the industry.

But industry sources suggest that simply handing over control of the CAT to Finra may not be as clear-cut as it sounds. Sources suggest that one reason why Finra was not selected to run the CAT in the first place was due to conflicts between its responsibilities as a regulator and what it would be required to do as a service provider in terms of signing non-disclosure agreements (NDAs).

“If Finra was unable to do this before—and again, they’ll have to sign the NDA with the exchanges to only use the data they collect for the purposes of the CAT—how the hell are they going to be able to regulate them now?” says a source familiar with the inner workings of the CAT.

It is also unclear how partnerships with other third-party vendors will be affected by this latest announcement. For example, IBM is teaming with Thesys CAT to provide hosting on the IBM Cloud, cognitive computing and security services, technology infrastructure, program management, consulting and help desk services. Meanwhile, Thesys selected Exegy to provide timestamp information on trades. Both IBM and Exegy did not respond to requests for comment.

CAT-astrophic Kick-Off

The CAT has had a troubled history, even by the dubious standards of previous major market-structure projects. Thesys was a surprise selection during the competitive bid process to build the system, in which Finra had been the front runner, owing to its experience running the CAT’s predecessor, the Order Audit Trail System (Oats).

Thesys, originally part of New Jersey-based proprietary trading firm Tradeworx, was selected largely due to its experience building and running another system for the SEC, the Market Information Data and Analysis System (Midas), which analyzes stock trades based on information from proprietary exchange data feeds.

The CAT, which will take in reports from all market participants once complete and share that information among exchanges, was due to go live in November 2017, with exchanges set to begin sending reports of trades passing through their systems. Yet, there were problems. The NMS Plan submitted an 11th-hour proposal to the SEC requesting delays of up to a year for the first phase of reporting, which SEC chairman Jay Clayton rejected.

Implementation day came and went without a single report being transmitted.

What followed was one of the most bizarre periods in the history of US market structure. The CAT was out of compliance with its own rule, yet the SEC refused to comment publicly, mentioning it obliquely, if at all—indeed, an SEC spokesperson declined to comment for this article. Months later, it was acknowledged that the CAT would be working to the revised NMS Plan’s schedule, after all.

Part of the issue also stemmed from a series of incidents relating to cybersecurity that were disclosed by the SEC and others. The regulator, for instance, revealed that its company filings system, Edgar, had been compromised and that personally identifiable information had potentially been captured—the agency charged a number of people for this in January 2019. Another breach hit Equifax, exposing the personal and financial details of millions of Americans.

The CAT became a lightning rod for criticism during these events, and work could not progress until Thesys hired Vas Rajan from CLS Bank as chief information security officer in February 2018 to shore up the system’s defenses.

On the surface, work seemed to proceed smoothly from there. The NMS Plan organized itself more efficiently than before, establishing committees and working groups to tackle various aspects of the CAT’s construction and operation. In November 2018, it went live—albeit with limited functionality—and SROs (primarily exchanges) began reporting to the system. That day seemed to pass without incident, WatersTechnology reported at the time.

Yet all was not as harmonious as it seemed. In testimony to the US Senate, delivered on December 11, 2018, the SEC’s Clayton said he still regarded the SROs as being “out of compliance with the NMS Plan,” and highlighted that Thesys had informed the exchanges that it would not deliver full functionality of the CAT in line with revised milestones. Instead, Clayton said, the SROs had informed agency staff that the first phase would be delivered by March 31, 2019.

“We remain frustrated with the failure of the SROs to meet their obligations and the delays in the development of the CAT,” Clayton said.

In a move to increase its oversight of the CAT, on January 29, the SEC appointed Manisha Kimmel as a senior policy advisor to Clayton, specifically for regulatory reporting. Kimmel, previously head of regulatory compliance at Refinitiv, had also served on the advisory committee for CAT NMS, and had coordinated numerous data-related initiatives as managing director of industry group, the Financial Information Forum. The explicit responsibilities of her new role, the SEC said, would be to coordinate the implementation and development of the CAT, a position that industry experts had previously urged the SEC to establish.

Conspiracy Thesys

Some even suggest that the firing of Thesys is the latest in a series of stalling tactics by the SROs, employed since the passage of SEC Rule 613, which instructs the industry to build the CAT, and which came into force in 2012. Industry sources say that without firm action from the SEC, which should have been undertaken when the SROs missed the first deadline in November 2017, progress is unlikely to be improved, regardless of whether Finra or another service provider takes over the project. At the root of this, they suggest, is an unwillingness on the part of SROs to share key data on their order traffic between each other, as CAT data will be available to surveillance officers at exchanges as well as regulatory agencies.

“The SEC had a chance in November of 2017 to send a message by formally bringing an enforcement action, charging the SROs with being out of compliance with Rule 613,” says the source familiar with the CAT. “It’s now over a year later, and I see that Clayton is now upset, and [appointed an advisor], but it may be time for the SEC to finally bring an enforcement action. That may be the only way to do it.”

But even with Thesys ousted from the project, market participants warn against assuming that this will result in further delays of any practical substance for the next phase of implementation, when brokers are due to begin submitting their own trades to the CAT.

“Finra is an SRO and has been involved in this project—they’re deeply entrenched in it already,” says Jim Toes, president and CEO of the Security Traders Association. “I would caution the industry against thinking that this can is going to get kicked down the road for a year or so.”