It’s been almost exactly 10 years since one very bro-y bro sent U.S markets into a 36-minute long tailspin that, in light of the last couple of months, looks actually sort of quaint. Still, at the time, the flash crash seemed a very big deal indeed, one that required solutions. Some of these solutions have been put into place, and indeed proved quite useful when the COVID-19-stricken markets took significantly bigger plunges than they did on May 6, 2010. Others are still on the drawing board more than a decade later, including the very centerpiece of regulatory efforts to ensure something like the flash crash Never Happens Again, the Consolidated Audit Trail.

For one, it took the SEC a ridiculously long time to approve the necessary governance changes to make the CAT possible. Then, it took a ridiculously long time for the SEC to approve a final plan for the CAT, and a ridiculously long time for the exchanges and other organizations overseeing the CAT to pick someone to run. Then, those expected to pay for it realized how much it would cost, a predictably freaked out.

At last, however, ten long years later, the CAT is finally ready to start consolidating audit trails. There is one wee problem, however: While the SEC has been keeping itself busy lately, it also remains at its core fundamentally lazy. And also leaky as hell, cybersecurity-wise. This quite frankly makes the American Securities Association, whose members are expected to send the personal information on every man, woman, child and corporation trading stocks to the CAT, a little nervous. And also more than a little litigious.

The commission claims it needs the data to prosecute insider trading…. More data may make the job easier, but, in our view, invading the privacy of every small investor and exposing them to the risk of identity theft isn’t worth that marginal gain…. On Monday the American Securities Association will file a lawsuit against the SEC…. The industry can’t abide a privacy threat to every U.S. investor. Saving and investing for retirement is hard enough. Americans shouldn’t also have to worry about cybercriminals from China and Russia.

Why We’re Suing the SEC [WSJ]

Related