The Epic Battle over the SEC's Surveillance System
There is a renewed push to eliminate the SEC's Consolidated Audit Trail. How did we get here? And what makes the CAT so threatening?
In early April, Republican Congresswoman Marjorie Taylor Greene purchased between $21,000 and $315,000 worth of stock.1 This included shares in Apple, ASML, NVIDIA, and Tesla, companies whose value is highly sensitive to any changes in international trade policy. Greene’s timing was excellent. President Trump himself hinted as much on Truth Social the same day: “THIS IS A GREAT TIME TO BUY!!!”2 Four hours later, he announced a 90-day pause on global tariffs.3 Markets jumped for joy; all four stocks mentioned above registered 10%+ gains, led by Tesla at 22.8%.4 Move over Nancy Pelosi: there’s a new stock whisperer in Congress.5
But not everyone is convinced. Numerous observers have suggested that the timing of Greene’s trades was just a bit too convenient.6 And Greene hasn’t exactly earned the public’s benefit of the doubt. Some of her many hits include defending Putin; suggesting 9/11 was a hoax; and mocking a fellow congresswoman’s ‘fake eyelashes’ during a House Oversight Committee hearing.7 Adding a bit of insider trading to the mix, for many, doesn’t seem like much of a stretch.8
And that is precisely what many Democrats suggest has occurred. When asked about the trades, House Minority Leader Hakeem Jeffries pulled no punches: “…these people are crooks, liars, and frauds, and Marjorie Taylor Greene is, of course, Exhibit A. We are seeing corruption unfold before us in real-time.”9 Senator Adam Schiff, meanwhile, has called for a formal investigation into who else may have benefited from advanced knowledge of Trump’s tariff moves.10
Further investigation is indeed necessary. Because publicly-available information on Greene’s trades provides only circumstantial evidence. We know these transactions occurred because members of Congress are required to disclose their trades within 45 days under the STOCK Act.11 But those disclosures only list the date of the trade — not the exact time at which it was executed. And timing is everything. If Greene traded after Trump’s announcement, it looks a lot less suspicious. If she traded right before, there would be more reason to be concerned.12
But there is an agency which possesses this information: the Securities and Exchange Commission. For the past 15 years, the SEC has been building a centralized database of trading activity to, in part, identify this type of misconduct. ‘But wait,’ you might be thinking, ‘Are you saying the SEC — the world’s most powerful securities regulator — wasn’t already able to monitor its own markets?’ No, they were not! And I spent a substantial portion of my PhD investigating why.
The SEC’s name for this database is the Consolidated Audit Trail. The CAT, as it is more commonly referred to, has been one of the most contentious government initiatives in American history. There have been endless technical delays, turmoil over its oversight structure, and ever-shifting battles over funding. As one insider summarized to me via interview: “The CAT is a clusterfuck.”13 Nevertheless, it survived…bruised, battered, but never quite defeated. And the system is currently operational, allowing the SEC to monitor all U.S. equities and options trading.
But now the CAT is once again under threat. Like Jason Voorhees from Friday the 13th, its opponents just won’t die. This time, they come in the form of Project 2025, DOGE, and Republican members of Congress. Most of their objections to the CAT are not new. They repeat long-standing concerns about the regulatory fees levied on industry members to fund the system. And, most notably, we are seeing a re-emergence of concerns about the CAT’s privacy implications.
What has changed, however, is the political environment. DOGE has been granted access to the databases of the IRS, Social Security Administration, and Treasury’s payment system.14 It has also been reported that certain members were granted the ability not just to view, but also reverse, transactions.15 This is far more invasive than the SEC surveilling stock trading. Yet we see little objection from the right to DOGE’s panopticon-like powers. What explains these differences? And what is it about the CAT which makes it seem so threatening?
The SEC’s Surveillance Problem
On May 6th, 2010, U.S. markets lost and recovered almost $1 trillion of value in less than 20 minutes. You might think: well, hey, it recovered! But trillion-dollar swings in markets are generally considered problematic. Equally problematic was the SEC’s apparent inability to diagnose its cause. It took regulators four months to reconstruct what happened in those 20 minutes — what we now call the Flash Crash — and there is still healthy skepticism about their conclusions.16
The basic problem was data fragmentation. We often refer to ‘the’ stock market as if it’s a unified organism. But this is bunk. There isn’t just one stock market — there are dozens, each interconnected through networks of broker-dealers. Even this, however, substantially understates the complexity. Exchanges like NYSE and Nasdaq are not the only places you can trade. There are also so-called Alternative Trading Systems. By 2010, there were 85 ATSs registered with the SEC.17 Plus, brokers can facilitate trades themselves through a process known as ‘internalization.’
U.S. markets are not the only ones to have fragmented. But the level of fragmentation is extraordinary. To give a sense of comparison, I have plotted below the so-called FFI ‘scores’ for four major country indices. This score represents the average number of venues on which the stocks in a particular index trades. Lower scores (e.g., 1) indicate that trading is concentrated on a small number of venues. Higher scores, in contrast, indicate that trading is fragmented. And as the numbers demonstrate, trading of S&P 500 stocks was highly fragmented from 2010-2016:
The SEC had no way of piecing this all together. Sure, it could see that a stock price was rising. But it wasn’t able to determine how, for instance, a trader might seek to manipulate the price of that stock by placing orders in multiple different venues simultaneously. The SEC was like a kid trying to play Whac-A-Mole. It could see risks pop-up in individual venues, but had no way of understanding how their movements were interconnected beneath the surface.
Enter the CAT. The SEC’s plan for a centralized database would solve this problem by creating a “Hubble Telescope for the securities markets.”18 Interestingly, however, the SEC never mentioned why it didn’t already have this capability. It may be that staff did not know the answer. But another possibility is that it didn’t want to face an awkward truth. Namely, that it already had a prototype CAT in the 1980s. It was a success, one that would have empowered the SEC to monitor trading. But just when it was ready for implementation, they threw that power away…
Missed Opportunities
Near the Northern border of New Jersey, located about one hour’s drive from New York’s financial district, is a small town called Mahwah. It is, in many respects, a normal East Coast village. There’s a wooden white church, colonial-style homes, and plenty of options for Dunkin' Donuts. But Mahwah is special. Because just off Highway 17, not far from the Home Depot, is the true center of American capitalism: the computer servers of the New York Stock Exchange.
It is here, not Wall Street, where trading actually occurs. NYSE’s floor, the one where newspapers show stressed-out brokers? It’s effectively a television studio. The real action, where algorithms match buy and sell orders, now takes place in datacenters like the one located in Mahwah. Security is tight. So tight, in fact, that I was asked by NYSE to sign an agreement that I would not disclose the internal features of the datacenter itself. But what I can say is that, somewhere within that building, NYSE maintains an older set of data: its archives.
I was visiting NYSE’s archives to solve a puzzle. In 1980, the SEC initiated a new pilot program to monitor markets. It was referred to as the Market Oversight Surveillance System (MOSS). The SEC launched the MOSS program because it was struggling to identify new forms of manipulation unleashed by the creation of derivatives markets in the 1970s. And why was it struggling? The same reason it was unable to quickly diagnose the Flash Crash: data fragmentation. The SEC had long-relied on exchanges to monitor their own markets. As a result, “..the Commission was shown to be totally dependent on these other organizations to supply us with even the most basic information concerning the marketplace.”19
The MOSS was designed to solve this problem. It used an exciting new technology — computers — to create a centralized database of trading activity. And it worked. By combining data from various exchanges, MOSS was able to identify manipulative schemes that no one venue could see on its own.20 SEC staff also reported that the system enhanced their capacity to perform regulatory inspections. But when it was time to fully implement the program and empower the SEC to perform consolidated surveillance, the program was killed. What happened?
I found the answer in Mahwah. It turns out that NYSE and other exchanges weren’t too thrilled about the SEC monitoring their markets. They felt threatened. And this was also the 1980s: Friedman. Thatcher. Reagan. There was a groundswell of support for the idea that government regulation is the problem. And, indeed, that was precisely how NYSE’s then-Chairman viewed the MOSS:
The fact remains that self-imposed discipline is always more effective — and certainly more palatable — than discipline imposed from outside...it is in the best interests of each [exchange] to strive to provide the trading environment, the services to members — and the self-regulatory oversight — that help them maximize the efficiency of their service...21
NYSE and other U.S. exchanges prepared for battle. The pilot program’s funding was subject to Congressional review every six months, providing opportunities to protest the initiative. And protest they did. In the archives, I found that NYSE staff composed specific lines of critique, lines which were repeated — in some cases almost verbatim — by members of Congress:
This lobbying was successful. And the final blow would arrive when Reagan nominated John Shad as the SEC’s Commissioner in 1981. Shad was a deregulatory evangelist. He once argued that corporations shouldn’t be required to report bad news to investors, as this had the unfortunate tendency to hurt their image.22 Thus he was receptive to the idea that the MOSS constituted government overreach. The exchanges offered a deal. Kill the MOSS, they asked, and we promise to more closely cooperate amongst ourselves on surveillance. Shad accepted.23
Think about the significance of this moment. By 1981, the SEC had a working pilot of a national trade surveillance system. And it gave it up. The result was 30 more years of the SEC being unable to monitor markets. Three decades! And remember that trade surveillance is not just about identifying insider trading or manipulation. It also allows regulators to proactively identify asset bubbles which pose market-wide risk. How might the MOSS have helped the SEC handle Black Monday? The Dot-com bubble? The 2008 financial crisis? We will never know.
Privacy Problems
What we do know is that the SEC now has these capabilities. But the CAT — a modern version of the MOSS — can’t catch a break. Because despite being fully operational, it is facing renewed death threats. The Heritage Foundation’s Project 2025 explicitly calls for its elimination.24 So too has Hester Peirce. As one of the SEC’s five commissioners, Peirce has criticized the CAT’s costs and painful implementation. But perhaps her most striking critique surrounds the program’s privacy implications:
I have grave concerns about the whole project…With respect to liberty, I plead with my fellow Americans to care about your financial privacy. Why should the government, without any indication of wrongdoing on your part, follow you around the securities markets to monitor every order you place and every trade you make?…my preference would be to see the project placed in the SEC’s catacombs—dead and buried forever…25
Privacy concerns have long surrounded the initiative. Originally, the CAT was intended to ingest personally identifiable information (PII) on every broker’s clients, including their social security numbers. This was…unpopular! So the SEC agreed to collect only names and addresses.26 But many remained unsatisfied. Shortly after Trump started his second term, the Republican-controlled SEC went farther: it eliminated entirely the requirement to collect PII.27 The CAT will now use fully anonymized identification numbers, allowing them to recognize suspicious patterns but requiring that they make requests to brokers for customer information.28
So, in truth, I slightly misled you earlier. The SEC doesn’t quite have access to Marjorie Taylor Greene’s trades. What is has instead is anonymized data from her broker about which trades it executed on behalf of clients around the time Trump announced his tariff pause. But it can request the details. What this amounts to is a compromise. It allows the SEC to perform consolidated surveillance without having automatic access to personal data. And perhaps that’s fair.
But what remains puzzling is why many of the CAT’s critics — particularly Republican members of congress — aren’t equally concerned about DOGE. OK, it’s not really that puzzling. But it is worth considering the bizarre inconsistencies. It has been reported that a 25-year old engineer, presumably loyal to Elon Musk, was granted access to the entire federal payments system.29 And DOGE is apparently planning to work with a private military contractor, Palantir, to create a “mega-API” to more easily query the various databases maintained by the IRS.30
And we’re worried about the CAT? The privacy implications of DOGE’s activities are incomparably greater. We can only assume that DOGE staff have downloaded much of this data to private servers. And as Nathan Tankus has been warning, messing with the federal payment system’s technical infrastructure could have disastrous real-world consequences.31 It all makes the political wrangling over the SEC’s capabilities seem like small potatoes.
The CAT Threat
So, to return to my original question, what exactly is it about the CAT that upsets so many people? Here’s my theory. The CAT feels particularly threatening to a specific constituency: the investor class. This group has traditionally been composed of older, wealthier, business-oriented Americans skeptical of government regulation. And that skepticism has been fueled by their heroes, many of whom — from Marc Cuban to Elon Musk — have had public run-ins with the evil SEC.
In recent decades, the size of that group has steadily risen. Much of this is attributable to the minimization of brokerage fees and introduction of e-trading. You might expect this would have a diluting effect on the political orientation of the investor class. And, indeed, many of these new market participants are not rich. They are nurses, teachers, college students…people more likely to vote Democratic and less likely to possess an inherent distrust of the federal government.
Yet it has had the opposite effect. Retail investors, as a whole, have grown increasingly suspicious of the SEC. And no event better captures this development than the saga surrounding Gamestop. In 2021, a large group of retail investors, loosely coordinated through Reddit and inspired by a Youtuber called Roaring Kitty, managed to push up the price of Gamestop stock.32 This wasn’t purely self-interest. It was a quasi-populist movement, one which sought to punish hedge funds — the personification of income inequality — who had taken short positions.33
But in the process, retail investors started learning more about how the stock market works. Suddenly, dental assistants were obsessing over obscure topics like payment-for-order-flow. What they learned upset them. It appeared to them that the market is rigged. And the SEC, rather than investigating powerful firms allegedly involved in that rigging, seemed more concerned with determining whether Roaring Kitty and his supporters had committed market manipulation.34
The SEC, in sum, lost the public. And that negative sentiment was only accelerated by the overlapping growth of a libertarian-oriented cryptocurrency community, one that grew furious with the SEC’s apparent hostility. And then there is the financial industry itself, which opposes the CAT’s regulatory burdens. What this all amount to is a ‘big tent’ of stakeholders — the investor class — united by their distaste for the SEC and the idea that it would monitor their transactions.
And this is all sort of understandable. The privacy concerns are valid. And the SEC hasn’t done itself many favors lately.35 What is less understandable — or at least less defensible — is the comparative inattention paid to the privacy risks posed by DOGE’s financial surveillance. But perhaps we should not be surprised. Because surveillance is power. And concerns about privacy — whose privacy matters, when it matters, and which type of data is sacred — is often in the eye of its beholder.
Marjorie Taylor Greene, Periodic Transasaction Report. Greene has stated that her portfolio manager independently makes investment decisions without her input.
It should be clear that this Substack post does not allege any wrongdoing by anyone whatsoever.
The rules. This suggests that other members of Congress may also have traded but have not yet reported. And this all raises another interesting question of why Greene reported so early. She may have avoided some headaches if she waited!
We know that some stocks were purchased the day before. But this is still far from enough evidence to make any conclusive determinations. Demonstrating insider trading generally requires establishing intent to trade on the basis of material nonpublic information. What constitutes evidence of intent is a fascinating, contested issue.
Benjamin Milk (1981) quoted in Market structure and disempowering regulatory intermediaries: Insights from U.S. trade surveillance.
Ibid. Cross-market manipulation refers to manipulative schemese which involve order and/or trades undertaken on two or more venues simultaneously.
John J. Phelan (1981), quoted in Market structure and disempowering regulatory intermediaries: Insights from U.S. trade surveillance.
Gerth, Jeff. 1981. Shad of SEC Favors Bright Corporate Image. New York. http://www.nytimes.com/1981/08/03/business/shad-of-sec-favors-brightcorporate-image.html.
Project 2025, p. 831.
When someone “shorts” a stock, they are betting that its price will fall. But they are exposed to unlimited downside if the stock rises. Thus by pushing Gamestop stock higher, the r/wallstreetbets community (potentially helped by professional traders riding the wave) was able to inflict real economic pain on hedge funds with significant short positions.