Joint Industry Plan; Notice of Filing of Amendment to the National Market System Plan Governing the Consolidated Audit Trail Regarding the Proposed Customer and Account Information System Amendment, 12845-12856 [2025-04516]

Agencies

• SECURITIES AND EXCHANGE COMMISSION

[Federal Register Volume 90, Number 52 (Wednesday, March 19, 2025)]
[Notices]
[Pages 12845-12856]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2025-04516]


-----------------------------------------------------------------------

SECURITIES AND EXCHANGE COMMISSION

[Release No. 34-102665; File No. 4-698]


Joint Industry Plan; Notice of Filing of Amendment to the 
National Market System Plan Governing the Consolidated Audit Trail 
Regarding the Proposed Customer and Account Information System 
Amendment

March 13, 2025.

I. Introduction

    On March 7, 2025, the Consolidated Audit Trail, LLC (``CAT LLC''), 
on behalf of the following parties to the National Market System Plan 
Governing the Consolidated Audit Trail (the ``CAT NMS Plan'' or 
``Plan''): \1\ BOX Exchange LLC; Cboe BYX Exchange, Inc., Cboe BZX 
Exchange, Inc., Cboe C2 Exchange, Inc., Cboe EDGA Exchange, Inc., Cboe 
EDGX Exchange, Inc., Cboe Exchange, Inc., Financial Industry Regulatory 
Authority, Inc., Investors Exchange LLC, Long-Term Stock Exchange, 
Inc., MEMX, LLC, Miami International Securities Exchange LLC, MIAX 
Emerald, LLC, MIAX PEARL, LLC, MIAX Sapphire, LLC, Nasdaq BX, Inc., 
Nasdaq GEMX, LLC, Nasdaq ISE, LLC, Nasdaq MRX, LLC, Nasdaq PHLX LLC, 
The NASDAQ Stock Market LLC, New York Stock Exchange LLC, NYSE American 
LLC, NYSE Arca, Inc., NYSE Chicago, Inc., and NYSE National, Inc. 
(collectively, the ``Participants,'' ``self-regulatory organizations,'' 
or ``SROs'') filed with the Securities and Exchange Commission (``SEC'' 
or ``Commission'') pursuant to Section 11A(a)(3) of the Securities 
Exchange Act of 1934 (``Exchange Act''),\2\ and Rule 608 thereunder,\3\ 
a proposed amendment to the CAT NMS Plan to reduce the amount of 
Customer \4\ information in the CAT Customer and Account Information 
System (the ``CAIS Amendment'').\5\ Exhibit A sets forth the cumulative 
changes proposed to be made to the CAT NMS Plan. The Commission is 
publishing this notice to solicit comments from interested persons on 
the proposed CAIS Amendment.
---------------------------------------------------------------------------

    \1\ In July 2012, the Commission adopted Rule 613 of Regulation 
NMS, which required the Participants to jointly develop and submit 
to the Commission a national market system plan to create, 
implement, and maintain a consolidated audit trail (the ``CAT''). 
See Securities Exchange Act Release No. 67457 (July 18, 2012), 77 FR 
45722 (Aug. 1, 2012 (``Rule 613 Adopting Release''); 17 CFR 242.613. 
On November 15, 2016, the Commission approved the CAT NMS Plan. See 
Securities Exchange Act Release No. 78318 (Nov. 15, 2016), 81 FR 
84696 (Nov. 23, 2016) (``CAT NMS Plan Approval Order''). The CAT NMS 
Plan is Exhibit A to the CAT NMS Plan Approval Order. See CAT NMS 
Plan Approval Order, at 84943-85034.
    \2\ 15 U.S.C 78k-1(a)(3).
    \3\ 17 CFR 242.608.
    \4\ A ``Customer'' means ``the account holder(s) of the account 
at a registered broker-dealer originating the order; and any person 
from whom the broker-dealer is authorized to accept trading 
instructions for such account, if different from the account 
holder(s). See CAT NMS Plan, supra note 1 at Section 1.1.
    \5\ See Letter from Brandon Becker, CAT NMS Plan Operating 
Committee Chair, to Vanessa Countryman, Secretary, Commission, dated 
March 7, 2025 (``Transmittal Letter'').
---------------------------------------------------------------------------

II. Description of the Plan

    Set forth in this Section II is the description of the proposed 
CAIS Amendment, along with information required by Rule 608(a) under 
the Exchange Act,\6\ as prepared and submitted by the Participants to 
the Commission.\7\
---------------------------------------------------------------------------

    \6\ See 17 CFR 242.608(a).
    \7\ See Transmittal Letter, supra note 5. Unless otherwise 
defined herein, capitalized terms used herein are defined as set 
forth in the CAT NMS Plan.
---------------------------------------------------------------------------

    On February 10, 2025, the SEC published an order (the ``CAIS 
Exemption Order'') granting sua sponte exemptive relief from certain 
requirements of the CAT NMS Plan related to the reporting of names, 
addresses and years of birth for natural persons reported with 
transformed social security numbers (``SSNs'')/individual tax payer 
identification numbers (``ITINs'') to the Customer and

[[Page 12846]]

Account Information System (``CAIS'').\8\ Under the CAIS Exemption 
Order, the Participants must continue to require Industry Members, 
through their CAT Compliance Rules, to report to the Central Repository 
other required Customer information, including a transformed value for 
the SSN/ITIN and the Firm Designated ID (``FDID'') for accounts of such 
natural persons.
---------------------------------------------------------------------------

    \8\ See Securities Exchange Act Release No. 102386 (Feb. 10, 
2025), 90 FR 9642 (Feb. 14, 2025), https://www.sec.gov/files/rules/sro/nms/2025/34-102386.pdf.
---------------------------------------------------------------------------

    CAT LLC believes that there are additional steps that would reduce 
the amount of Customer information in the CAT and achieve significant 
annual savings in CAT operating costs. Therefore, CAT LLC respectfully 
submits this CAIS Amendment to codify and build on the CAIS Exemption 
Order in the following ways:
     First, while the CAIS Exemption Order applies to the 
reporting of the exempted Customer information going forward, this CAIS 
Amendment would require the deletion of previously reported Customer 
information already in the CAT.
     Second, while the CAIS Exemption Order is permissive, 
allowing Industry Members to choose whether to continue reporting the 
exempted Customer information to the CAT (and therefore requiring the 
CAT to continue to be prepared to accept that information), this CAIS 
Amendment would prohibit the continued reporting of the exempted 
Customer information to the CAT.
     Third, while the CAIS Exemption Order applies to some 
natural persons, this CAIS Amendment would cover all natural persons 
(including, for example, foreign natural persons that are not reported 
with transformed SSNs or ITINs) and all legal entity Customers.
     Fourth, while the CAIS Exemption Order would not result in 
cost savings, the CAIS Amendment would allow CAT LLC to achieve an 
estimated $12 million in annual cost savings.\9\
---------------------------------------------------------------------------

    \9\ All cost savings projections provided in this CAIS Amendment 
are the Plan Processor's best estimates based on costs actually 
incurred in 2024 (``2024 Actuals'') and are subject to change based 
on ongoing improvements to AWS that may reduce current AWS costs.
---------------------------------------------------------------------------

    CAT LLC respectfully urges the Commission to approve this CAIS 
Amendment expeditiously in order to build on the CAIS Exemption Order 
to further address the considerations cited by the SEC in the CAIS 
Exemption Order \10\ while also facilitating significant annual cost 
savings.
---------------------------------------------------------------------------

    \10\ CAIS Exemption Order at 9643-44 (noting that the CAIS 
Exemption Order would ensure ``the protection of individual 
investors' PII'' in light of ``the increasing sophistication of 
cybercriminals and bad actors'').
---------------------------------------------------------------------------

    Specifically, CAT LLC proposes to amend the CAT NMS Plan to (i) 
formally incorporate and codify the existing CCID Exemption Order to 
the CAT NMS Plan,\11\ which was published by the SEC on March 17, 2020, 
and has since prohibited Industry Members from reporting SSNs/ITINs, 
dates of birth, and account numbers to the CAT, and (ii) newly 
eliminate requirements that Industry Members report Customer names, 
Customer addresses, account names, account addresses, years of birth, 
and authorized trader names (collectively, ``Name, Address, and YOB'') 
to the CAT ((i) and (ii), together, the ``Proposed Changes'').\12\ The 
Proposed Changes would apply to all Customers--including all natural 
person Customers and all legal entity Customers--at both the Customer 
and account level.
---------------------------------------------------------------------------

    \11\ See Securities Exchange Act Release No. 88393 (Mar. 17, 
2020), 85 FR 16152 (Mar. 20, 2020), https://www.govinfo.gov/content/pkg/FR-2020-03-20/pdf/2020-05935.pdf (``CCID Exemption Order'').
    \12\ The Plan Processor would make conforming changes to the CAT 
Reporting Customer & Account Technical Specifications for Industry 
Members to eliminate any fields related to the Proposed Changes.
---------------------------------------------------------------------------

    As discussed in more detail herein, the CAIS Amendment should be 
approved because:
     The Proposed Changes would allow CAT LLC to achieve 
significant cost savings of approximately $12 million per year as 
compared to 2024 Actuals, which would materially advance CAT LLC's 
ongoing efforts to reduce CAT operating costs.\13\
---------------------------------------------------------------------------

    \13\ Last year, CAT LLC proposed, and the Commission approved, 
separate cost savings amendments that are expected to result in 
approximately $21 million in new annual cost savings in the first 
year with limited impact on the regulatory function of the CAT, 
which cost savings were estimated based on then-estimated 2024 
costs. See Order Approving Amendments to the National Market System 
Plan Governing the Consolidated Audit Trail Designed to Implement 
Cost Savings Measures, Securities Exchange Act Release No. 101901 
(Dec. 12, 2024), 89 FR 103033 (Dec. 18, 2024).
---------------------------------------------------------------------------

     In addition to cost savings, the Proposed Changes would 
build on the CCID Exemption Order and the CAIS Exemption Order by 
affirmatively eliminating Name, Address, and YOB from the CAT while 
preserving regulators' ability to conduct cross-market, cross-broker, 
and cross-account surveillance of an individual Customer through a 
unique Customer-ID, which was one of the primary regulatory purposes of 
SEC Rule 613.\14\ As was the case prior to CAT, regulatory users could 
contact Industry Members directly to obtain any sensitive Customer 
information, including Names, Addresses, and YOBs.
---------------------------------------------------------------------------

    \14\ See, e.g. Securities Exchange Act Release No. 67457 (July 
18, 2012), 77 FR 45722, 45757 (Aug. 1, 2012) (``CAT Adopting 
Release'') (``The Commission . . . believes that unique customer 
identifiers are vital to the effectiveness of the consolidated audit 
trail. The inclusion of unique customer identifiers should greatly 
facilitate the identification of the orders and actions attributable 
to particular customers and thus substantially enhance the 
efficiency and effectiveness of the regulatory oversight provided by 
the SROs and the Commission. Without the inclusion of unique 
customer identifiers, many of the benefits of a consolidated audit 
trail . . . would not be achievable.''); CCID Exemption Order at 
16156 n.78 (``[I]n the Commission's view, without the Customer-ID, 
the value and usefulness of the CAT would be significantly 
diminished.'').
---------------------------------------------------------------------------

     Because the Proposed Changes would allow CAT LLC to 
achieve significant cost savings and would eliminate Name, Address, and 
YOB from the CAT while preserving the core regulatory objectives of SEC 
Rule 613, the benefits of the Proposed Changes significantly outweigh 
their costs, and CAT LLC strongly urges the Commission to approve the 
CAIS Amendment.
    The proposed changes to the CAT NMS Plan to implement the CAIS 
Amendment are set forth in Exhibit A to this filing.

Requirements Pursuant to Rule 608(a)

A. Description of the Proposed Amendments to the CAT NMS Plan

1. Permanently Exclude Customer Names, Addresses, and YOBs From CAT 
Reporting
a. CAT Reporting Requirements
    Under the CAT NMS Plan, the Participants must require Industry 
Members to report Customer Identifying Information and Customer Account 
Information to the CAT for each of their Customers.\15\ Customer 
Identifying Information is defined in Section 1.1 of the CAT NMS Plan 
to mean:
---------------------------------------------------------------------------

    \15\ See Sections 6.4(d)(ii)(C) and 6.4(d)(iv) of the CAT NMS 
Plan.

information of sufficient detail to identify a Customer, including, 
but not limited to, (a) with respect to individuals: name, address, 
date of birth, individual tax payer identification number 
(``ITIN'')/social security number (``SSN''), individual's role in 
the account (e.g., primary holder, joint holder, guardian, trustee, 
person with the power of attorney); and (b) with respect to legal 
entities: name, address, Employer Identification Number (``EIN'')/
Legal Entity Identifier (``LEI'') or other comparable common entity 
identifier, if applicable; provided, however, that an Industry 
Member that has an LEI for a Customer must submit the Customer's LEI 
in addition to other information of sufficient detail to identify a 
Customer.\16\
---------------------------------------------------------------------------

    \16\ Section 1.1 of the CAT NMS Plan.


[[Page 12847]]


---------------------------------------------------------------------------

    Customer Account Information is defined in Section 1.1 of the CAT 
NMS Plan to include, but not be limited to:

account type, customer type, date account opened, and large trader 
identifier (if applicable); except, however, that (a) in those 
circumstances in which an Industry Member has established a trading 
relationship with an institution but has not established an account 
with that institution, the Industry Member will (i) provide the 
Account Effective Date in lieu of the ``date account opened''; (ii) 
provide the relationship identifier in lieu of the ``account 
number''; and (iii) identify the ``account type'' as a 
``relationship''; (b) in those circumstances in which the relevant 
account was established prior to the implementation date of the CAT 
NMS Plan applicable to the relevant CAT Reporter (as set forth in 
Rule 613(a)(3)(v) and (vi)), and no ``date account opened'' is 
available for the account, the Industry Member will provide the 
Account Effective Date in the following circumstances: (i) where an 
Industry Member changes back office providers or clearing firms and 
the date account opened is changed to the date the account was 
opened on the new back office/clearing firm system; (ii) where an 
Industry Member acquires another Industry Member and the date 
account opened is changed to the date the account was opened on the 
post-merger back office/clearing firm system; (iii) where there are 
multiple dates associated with an account in an Industry Member's 
system, and the parameters of each date are determined by the 
individual Industry Member; and (iv) where the relevant account is 
an Industry Member proprietary account.\17\
---------------------------------------------------------------------------

    \17\ Section 1.1 of the CAT NMS Plan.

    Accordingly, as originally approved by the Commission, the CAT NMS 
Plan requires the CAT to capture and store certain Customer Identifying 
Information and Customer Account Information in the Central Repository, 
including social security numbers, dates of birth, and account 
numbers.\18\ In 2018, the Participants submitted a request for 
exemptive relief from certain reporting provisions of the CAT NMS Plan 
(the ``CCID Exemption Request'').\19\ The CCID Exemption Request was 
the product of close coordination between the Participants, Industry 
Members, and the Commission to develop alternatives to reporting 
Customer information while maintaining sufficient information to 
preserve CAT's intended regulatory uses. The Commission granted the 
CCID Exemption Request on March 17, 2020,\20\ which is described in 
more detail below.
---------------------------------------------------------------------------

    \18\ Section 9.1 of Appendix D of the CAT NMS Plan.
    \19\ See Letter from Michael Simon, CAT NMS Plan Operating 
Committee Chair, to Vanessa Countryman, Secretary, Commission (Jan. 
29, 2020), https://www.catnmsplan.com/sites/default/files/2020-02/Amended-Exemptive-Request-CCID-and-Modified-PII-Approaches%28Final%29.pdf.
    \20\ See supra note 11.
---------------------------------------------------------------------------

b. CCID Exemption Order
    On March 17, 2020, the Commission granted exemptive relief related 
to the reporting of SSNs/ITINs, dates of birth, and account numbers to 
the CAT. The CCID Exemption Order allows the Plan Processor to generate 
a unique identifier for a Customer, called a CAT Customer-ID 
(``CCID''), using a two-phase transformation process that avoids the 
requirement to have SSNs/ITINs reported to the CAT as originally 
contemplated by SEC Rule 613 and the CAT NMS Plan. In addition, instead 
of reporting dates of birth and account numbers, Industry Members are 
required to report years of birth and FDIDs.\21\
---------------------------------------------------------------------------

    \21\ The term ``Firm Designated ID'' is defined in the CAT NMS 
Plan as: ``(1) a unique and persistent identifier for each trading 
account designated by Industry Members for purposes of providing 
data to the Central Repository provided, however, such identifier 
may not be the account number for such trading account if the 
trading account is not a proprietary account; (2) a unique and 
persistent relationship identifier when an Industry Member does not 
have an account number available to its order handling and/or 
execution system at the time of order receipt, provided, however, 
such identifier must be masked; or (3) a unique and persistent 
entity identifier when an employee of an Industry Member is 
exercising discretion over multiple client accounts and creates an 
aggregated order for which a trading account number of the Industry 
Member is not available at the time of order origination, where each 
such identifier is unique among all identifiers from any given 
Industry Member.'' Section 1.1 of the CAT NMS Plan.
---------------------------------------------------------------------------

    The CAIS Amendment would incorporate the CCID Exemption Order into 
the CAT NMS Plan and would go further by eliminating Name, Address, and 
YOB from the CAT while preserving one of the primary objectives of the 
CAT, i.e., the ability for regulators to conduct cross-market 
surveillance of a specific Customer. As the Commission explained in the 
CCID Exemption Order:

[t]he ability to efficiently and accurately identify individual 
Customers will allow regulators to establish those that might be 
responsible for illegal conduct, or to identify those that might be 
the victim of fraudulent activity. Indeed, one of the hallmarks of 
the CAT is the ability to provide customer attribution of order and 
trade activity even if such trading activity spans multiple broker-
dealers. Pursuant to the Plan, the identification of Customers is 
achieved by the creation and use of the Customer-ID, a code that 
uniquely and consistently identifies every Customer. The Commission 
continues to believe, as it did when it approved the Plan, that the 
ability to link the full life cycle of every order as that order 
travels across broker-dealers and market centers to a specific 
Customer through the use of a Customer-ID will greatly facilitate 
the regulatory and surveillance efforts of regulators. For the 
Commission in particular, this ability to identify a Customer 
through the use of a CCID will also facilitate the Commission's 
efforts in the areas of market reconstruction, market analysis and 
rule-making support. Indeed, in the Commission's view, without the 
Customer-ID, the value and usefulness of the CAT would be 
significantly diminished.\22\
---------------------------------------------------------------------------

    \22\ CCID Exemption Order at 16156 n.78.
---------------------------------------------------------------------------

c. CAIS Exemption Order
    On February 10, 2025, the Commission published the CAIS Exemption 
Order sua sponte, granting exemptive relief related to the reporting of 
names, addresses, and years of birth for natural persons reported with 
transformed SSNs or ITINs to CAIS. Additional steps would further CAT 
LLC's efforts to reduce CAT operating costs and the SEC's 
considerations in granting the CAIS Exemption Order.
    First, CAT LLC and the Participants understand that the CAIS 
Exemption Order is permissive at the discretion of Industry Members 
(meaning that Industry Members may choose to take advantage of the 
exemptive relief or choose to continue reporting names, addresses, and 
years of birth for natural persons reported with transformed SSNs or 
ITINs to CAIS) and only applies to natural persons reported with 
transformed SSNs or ITINs, and not to natural persons reported without 
transformed SSNs/ITINs, including foreign nationals, or to legal 
entities. As a result, the Plan Processor must maintain all software 
that is required to continue to accept such Customer information for 
those Industry Members who choose to continue reporting it, as well as 
to support regulatory queries of Name, Address, and YOB data for non-
exempted persons. Consequently, the CAIS Exemption Order will not 
result in any cost savings. This CAIS Amendment proposes to fully 
eliminate the requirement to report Names, Addresses, and YOBs for all 
natural person and legal entity Customers to CAIS. Doing so would 
permanently eliminate Name, Address, and YOB from CAT reporting while 
also allowing the Plan Processor to eliminate the software that is 
required to support regulatory queries of Name, Address, and YOB, which 
would result in significant annual cost savings.
    Second, in granting its CAIS Exemption Order, the SEC cited 
security considerations, concluding that the benefits of reporting 
names, addresses, and years of birth for natural persons reported with 
transformed SSNs or ITINs no longer justify the potential risks.\23\ 
However, the CAIS Exemption Order only applies to the reporting of such 
Customer information after of the date of the order, and only to the 
extent

[[Page 12848]]

that Industry Members choose to discontinue reporting such exempted 
Customer information. In addition, the CAIS Exemption Order does not 
address the deletion of existing, previously reported Customer 
information currently stored in CAIS. Further, the CAIS Exemption Order 
does not apply to natural persons who are not reported with transformed 
SSNs or ITINs (e.g., foreign nationals) or legal entities. Therefore, 
this CAIS Amendment would build on the CAIS Exemption Order by (1) 
prohibiting the submission to CAIS of Names, Addresses, and YOBs for 
all natural person and legal entity Customers; and (2) requiring CAT 
LLC to direct the Plan Processor to delete from CAIS all Names, 
Addresses, and YOBs currently stored in the CAT.
---------------------------------------------------------------------------

    \23\ See CAIS Exemption Order at 9643-44.
---------------------------------------------------------------------------

d. Proposed Revisions to the CAT NMS Plan
    To incorporate the Proposed Changes, CAT LLC proposes certain 
revisions to the CAT NMS Plan, including Appendix D of the CAT NMS 
Plan, which are described below.\24\
---------------------------------------------------------------------------

    \24\ Because the Commission has acknowledged that Appendix C was 
not intended to be continually updated once the CAT NMS Plan was 
approved, CAT LLC is not proposing to update Appendix C to reflect 
the proposed amendments. See Exchange Act Rel. No. 89632 (Aug. 21, 
2020), 85 FR 65990 (Oct. 16, 2020).
---------------------------------------------------------------------------

i. Revisions to the CAT NMS Plan
    CAT LLC proposes adding certain new defined terms to Section 1.1 of 
the CAT NMS Plan. Specifically, CAT LLC would add new defined terms for 
``CAIS,'' ``CCID Subsystem,'' and ``Transformed Identifier'' or 
``TID,'' which would read as follows:

    `` `CAIS' means the customer and account information system of 
the CAT.
* * * * *
    `CCID Subsystem' means the isolated subsystem of CAIS that 
exists solely to transform input TID values into CCID values.
* * * * *
    `Transformed Identifier' or `TID' means the transformed version 
of the individual tax payer identification number (`ITIN') or social 
security number (`SSN') submitted by Industry Members in place of an 
ITIN or SSN.''

    CAT LLC would also add the phrase ``or `CAT Customer-ID' or `CCID' 
'' to the current definition of ``Customer-ID.'' The revised definition 
would read as follows:

    `` `Customer-ID' or `CAT Customer-ID' or `CCID' has the same 
meaning provided in SEC Rule 613(j)(5).''

    In addition to these new defined terms, CAT LLC also proposes 
revising certain defined terms in the Plan to incorporate existing 
reporting requirements that are currently outlined in the CCID 
Exemption Order and to remove references to Name, Address, and YOB. 
First, CAT LLC proposes to eliminate from the definition of ``Customer 
Account Information'' prior references to ``account number'' and to 
insert the parenthetical phrase, ``(excluding, for the avoidance of 
doubt, account number),'' to clarify that account numbers are not 
reportable to the CAT pursuant to the CCID Exemption Order.\25\ As an 
additional clarification, CAT LLC proposes to add the sentence, ``For 
the avoidance of doubt, Industry Members are required to provide a Firm 
Designated ID in accordance with this Agreement'' to the end of the 
definition. Additionally, CAT LLC proposes to change the defined term 
from ``Customer Account Information'' to ``Account Attributes'' to more 
accurately describe the information that can be attributed to a 
Customer's account under this definition. Relatedly, CAT LLC proposes 
to eliminate the term ``Customer Account Information'' and to replace 
that term with ``Account Attributes'' throughout the CAT NMS Plan.\26\ 
As revised, the proposed definition of ``Account Attributes'' would 
read as follows:
---------------------------------------------------------------------------

    \25\ Under the FDID definition, see supra note 21, Industry 
Members may elect to use an actual account number for any 
proprietary account of the firm when reporting an FDID.
    \26\ With respect to FAM-related defined terms, CAT LLC proposes 
to add a footnote in the definition of ``Full Availability and 
Regulatory Utilization of Transactional Database Functionality'' 
stating that ``[e]ffective [DATE], `Customer Account Information' as 
used in the Financial Accountability Milestones (Initial Industry 
Member Core Equity Reporting; Full Implementation of Core Equity 
Reporting; Full Availability and Regulatory Utilization of 
Transactional Database Functionality; and Full Implementation of CAT 
NMS Plan Requirements) is no longer a defined term and has been 
superseded by the new defined term `Account Attributes'.'' This 
language is intended to address any confusion caused by the use of 
``Customer Account Information'' in the Plan after that defined term 
is changed to ``Account Attributes'' in Section 1.1.

    `` `Account Attributes' shall include, but not be limited to, 
account type, customer type, date account opened, and large trader 
identifier (if applicable) (excluding, for the avoidance of doubt, 
account number); except, however, that (a) in those circumstances in 
which an Industry Member has established a trading relationship with 
an institution but has not established an account with that 
institution, the Industry Member will (i) provide the Account 
Effective Date in lieu of the `date account opened'; and (ii) 
identify the `account type' as a `relationship'; (b) in those 
circumstances in which the relevant account was established prior to 
the implementation date of the CAT NMS Plan applicable to the 
relevant CAT Reporter (as set forth in Rule 613(a)(3)(v) and (vi)), 
and no `date account opened' is available for the account, the 
Industry Member will provide the Account Effective Date in the 
following circumstances: (i) where an Industry Member changes back 
office providers or clearing firms and the date account opened is 
changed to the date the account was opened on the new back office/
clearing firm system; (ii) where an Industry Member acquires another 
Industry Member and the date account opened is changed to the date 
the account was opened on the post-merger back office/clearing firm 
system; (iii) where there are multiple dates associated with an 
account in an Industry Member's system, and the parameters of each 
date are determined by the individual Industry Member; and (iv) 
where the relevant account is an Industry Member proprietary 
account. For the avoidance of doubt, Industry Members are required 
---------------------------------------------------------------------------
to provide a Firm Designated ID in accordance with this Agreement.

    Second, CAT LLC proposes revising the definition of ``Customer 
Identifying Information'' to reflect reporting practices described in 
the CCID Exemption Order and to remove references to Name, Address, and 
YOB from the definition. Additionally, CAT LLC proposes to change the 
defined term from ``Customer Identifying Information'' to ``Customer 
Attributes'' to more accurately describe the information that could be 
attributable to a Customer in light of the proposal to remove Name, 
Address, and YOB from the definition. Relatedly, CAT LLC proposes to 
eliminate the term ``Customer Identifying Information'' and to replace 
that term with ``Customer Attributes'' throughout the CAT NMS Plan.\27\ 
As revised, the proposed definition of ``Customer Attributes'' would 
read as follows:
---------------------------------------------------------------------------

    \27\ With respect to FAM-related defined terms, CAT LLC proposes 
to add a footnote in the definition of ``Full Availability and 
Regulatory Utilization of Transactional Database Functionality'' 
stating that ``[e]ffective [DATE], `Customer Identifying 
Information' as used in the Financial Accountability Milestones 
(Initial Industry Member Core Equity Reporting; Full Implementation 
of Core Equity Reporting; Full Availability and Regulatory 
Utilization of Transactional Database Functionality; and Full 
Implementation of CAT NMS Plan Requirements) is no longer a defined 
term and has been superseded by the new defined term `Customer 
Attributes'.'' This language is intended to address any confusion 
caused by the use of ``Customer Identifying Information'' in the 
Plan after that defined term is changed to ``Customer Attributes'' 
in Section 1.1.

    `` `Customer Attributes' means information attributed to a 
Customer, including, but not limited to, (a) with respect to 
individuals: TID and the individual's role in the account (e.g., 
primary holder, joint holder, guardian, trustee, person with the 
power of attorney); and (b) with respect to legal entities: Employer 
Identification Number (`EIN')/Legal Entity Identifier (`LEI') or 
other comparable common entity identifier, if applicable; provided, 
however, that an Industry Member

[[Page 12849]]

---------------------------------------------------------------------------
that has an LEI for a Customer must submit the Customer's LEI.''

    Finally, CAT LLC proposes adding a new defined term ``Customer and 
Account Attributes'' to replace the defined term ``PII'' throughout the 
CAT NMS Plan. This new defined term would refer, collectively, to all 
of the attributes in the definitions of ``Customer Attributes'' and 
``Account Attributes'' described above. This term is a useful and 
efficient way to refer to all of the data attributes associated with a 
Customer (whether a natural person or a legal entity) that must be 
reported to the CAT. Furthermore, CAT LLC believes that it is 
appropriate to delete the defined term ``PII'' from the CAT NMS Plan 
and to replace it with the defined term ``Customer and Account 
Attributes'' because that term would more accurately describe the data 
attributes related to Customers and Customer accounts that must be 
reported to the CAT now that Customer name, Customer address, account 
name, account address, authorized trader names list, account number, 
day of birth, month of birth, year of birth, and ITIN/SSN would be 
eliminated from the CAT under this CAIS Amendment. Therefore, CAT LLC 
proposes to delete the definition of ``PII'' from the Plan and to 
replace it with the defined term ``Customer and Account Attributes'' 
throughout the CAT NMS Plan. Specifically, the term ``Customer and 
Account Attributes'' would replace the term ``PII'' in Sections 
6.2(b)(v)(F) and 6.10(c)(ii), and Appendix D, Sections 4.1; 4.1.2; 
4.1.4; 6.2; 8.1.1; 8.1.3; 8.2; and 8.2.2.\28\ The new term ``Customer 
and Account Attributes'' would be defined as follows:
---------------------------------------------------------------------------

    \28\ Additionally, the term ``Customer and Customer Account 
Information,'' which is used in Sections 9 and 10 of Appendix D, 
would be updated to ``Customer and Account Attributes'' in each 
instance for consistency and to clarify the scope of information 
contemplated by those Sections.

    `` `Customer and Account Attributes' shall mean the data 
elements in Account Attributes and Customer Attributes.''
ii. Revisions to Appendix D
    CAT LLC also proposes revising certain provisions of Appendix D of 
the CAT NMS Plan to incorporate the CCID Exemption Order and to remove 
references to Name, Address, and YOB.
    First, CAT LLC proposes revising Section 9.1 of Appendix D to make 
clear that, at a minimum, the CAT must capture Transformed Identifiers 
with respect to individuals and Legal Entity Identifiers with respect 
to legal entities. Additionally, CAT LLC proposes certain conforming 
changes to Section 9.1 of Appendix D relating to (a) Plan Processor 
data validation processes; and (b) the Plan Processor's procedures for 
assigning a unique CCID to each Customer. These conforming changes are 
intended to reflect reporting practices and the scope of reportable 
data contemplated by the CCID Exemption Order and the other Proposed 
Changes described in this amendment (i.e., eliminating Name, Address, 
and YOB from CAIS). Finally, references in Section 9.1 to ``Customer 
and Customer Account Information'' have been changed to ``Customer and 
Account Attributes'' consistent with the new defined term described 
above. As revised, Section 9.1 of Appendix D would read as follows:

``9.1 Customer and Account Attributes Storage

    The CAT must capture and store Customer and Account Attributes 
in a secure database physically separated from the transactional 
database. The Plan Processor will maintain certain information 
attributed to each Customer across all CAT Reporters, and associated 
accounts from each CAT Reporter. At a minimum, the CAT must capture 
Transformed Identifiers.
    For legal entities, the CAT must capture Legal Entity 
Identifiers (LEIs) (if available).
    The Plan Processor must maintain valid Customer and Account 
Attributes for each trading day and provide a method for 
Participants' regulatory staff and the SEC to easily obtain 
historical changes to that information.
    The Plan Processor will use the Transformed Identifier submitted 
by all broker-dealer CAT Reporters to the isolated CCID Subsystem to 
assign a unique Customer-ID for each Customer. The Customer-ID must 
be consistent across all broker-dealers that have an account 
associated with that Customer. This unique CAT-Customer-ID will not 
be returned to CAT Reporters and will only be used internally by the 
CAT.
    Broker-Dealers will initially submit full account lists for all 
active accounts to the Plan Processor and subsequently submit 
updates and changes on a daily basis. In addition, the Plan 
Processor must have a process to periodically receive full account 
lists to ensure the completeness and accuracy of the account 
database. The Central Repository must support account structures 
that have multiple account owners and associated Customer 
information (joint accounts, managed accounts, etc.), and must be 
able to link accounts that move from one CAT Reporter to another 
(e.g., due to mergers and acquisitions, divestitures, etc.).''

    Second, CAT LLC proposes revising Section 9.2 of Appendix D to make 
clear that the Central Repository will not accept data attributes 
related to an account owner's name, mailing address, or tax identifier. 
Additionally, the proposed revisions would indicate that the Central 
Repository must accept Transformed Identifiers with respect to 
Customers that are individuals and EINs with respect to Customers that 
are legal entities. As revised, Section 9.2 of Appendix D would read as 
follows:

``9.2 Required Data Attributes for Customer Information Data Submitted 
by Industry Members

    At a minimum, the following Customer information data attributes 
must be accepted by the Central Repository:
     Transformed Identifier (with respect to individuals) or 
EIN (with respect to legal entities);
     Market Identifiers (Larger Trader ID, LEI);
     Type of Account;
     Firm Identifier Number;
    [cir] The number that the CAT Reporter will supply on all orders 
generated for the Account;
     Prime Broker ID;
     Bank Depository ID; and
     Clearing Broker.''

    Third, CAT LLC proposes revising Section 9.3 of Appendix D to 
incorporate the existing process by which the Plan Processor determines 
a unique CAT-Customer-ID for each Customer under the CCID Exemption 
Order. As revised, Section 9.3 of Appendix D would read as follows:

``9.3 Customer-ID Tracking

    The Plan Processor will assign a CAT-Customer-ID for each unique 
Customer. The Plan Processor will generate and assign a unique CAT-
Customer-ID for each Transformed Identifier submitted by broker-
dealer CAT Reporters to the isolated CCID Subsystem. Once a CAT-
Customer-ID is assigned, it will be added to each linked (or 
unlinked) order record for that Customer.
    Participants and the SEC must be able to use the unique CAT-
Customer-ID to track orders from any Customer or group of Customers, 
regardless of what brokerage account was used to enter the order.''

    Fourth, CAT LLC proposes revising Section 9.4 of Appendix D to 
eliminate the requirement that the Plan Processor design and implement 
procedures and mechanisms to handle minor and material inconsistencies 
in Customer information. Minor data discrepancies refer specifically to 
variations in road name abbreviations for Customer addresses. Because 
this amendment would eliminate Name, Address, and YOB, the Plan 
requirement that the Central Repository be able to accommodate minor 
data discrepancies related to Customer addresses is no longer relevant. 
More broadly the inconsistency checks that are currently performed by 
the Plan Processor to handle both minor and material inconsistencies 
provide minimal value and impose unnecessary costs on Participants and 
Industry Members. As

[[Page 12850]]

revised, Section 9.4 of Appendix D would read as follows:

``9.4 Error Resolution for Customer Data

    The Central Repository must have an audit trail showing the 
resolution of all errors. The audit trail must, at a minimum, 
include the:
     CAT Reporter submitting the data;
     Initial submission date and time;
     Data in question or the ID of the record in question;
     Reason identified as the source of the issue;
     Date and time the issue was transmitted to the CAT 
Reporter, included each time the issue was re-transmitted, if more 
than once;
     Corrected submission date and time, including each 
corrected submission if more than one, or the record ID(s) of the 
corrected data or a flag indicating that the issue was resolved and 
corrected data was not required; and
     Corrected data, the record ID, or a link to the 
corrected data.''

    Finally, CAT LLC proposes adding a new Section 9.5 to Appendix D, 
which would require CAT LLC to direct the Plan Processor to delete from 
CAIS all existing Customer data and information contemplated by the 
Proposed Changes and clarify that such Customer data and information do 
not constitute records that CAT LLC must retain under Exchange Act Rule 
17a-1. Furthermore, to the extent that either CAT LLC or the Plan 
Processor becomes aware through self-reporting or otherwise that an 
Industry Member has improperly reported any such Customer data or 
information, this CAIS Amendment would permit its deletion. The new 
Section 9.5 of Appendix D would be entitled ``Deletion from CAIS of 
Certain Reported Customer Data'' and would read as follows:

``9.5 Deletion From CAIS of Certain Reported Customer Data

    Notwithstanding any other provision of the CAT NMS Plan, this 
Appendix D, or the Exchange Act, CAT LLC shall direct the Plan 
Processor to develop and implement a mechanism to delete from CAIS, 
or otherwise make inaccessible to regulatory users, the following 
data attributes: Customer name, Customer address, account name, 
account address, authorized trader names list, account number, day 
of birth, month of birth, year of birth, and ITIN/SSN. For the 
avoidance of doubt, such data attributes do not constitute records 
that must be retained under Exchange Act Rule 17a-1. CAT LLC or the 
Plan Processor shall be permitted to delete any such information 
that has been improperly reported by an Industry Member to the 
extent that either becomes aware of such improper reporting through 
self-reporting or otherwise.''

    To the extent that the Commission deems it necessary to grant 
exemptive relief from the recordkeeping and data retention requirements 
of Rule 17a-1 under the Exchange Act in order to effectuate the 
Proposed Changes, the Participants request such exemptive relief with 
respect to the deletion of such reported data described above on a 
retroactive and prospective basis.
2. Justifications for the CAIS Amendment
a. The CAIS Amendment Would Result in an Estimated $12 Million in Cost 
Savings Each Year
    The CAT's operating budget for 2025 includes approximately $35.5 
million in CAIS-related costs, which includes: (1) $20.7 million in 
operating fees payable to the Plan Processor to operate and maintain 
CAIS; \29\ (2) a $2.8 million CAIS-related annual license fee payable 
to the Plan Processor; and (3) approximately $12 million in CAIS-
related cloud hosting services fees.
---------------------------------------------------------------------------

    \29\ This CAIS operating fee is separate and in addition to a 
$30.8 million operating fee payable to the Plan Processor to operate 
and maintain the transaction database for the CAT.
---------------------------------------------------------------------------

    In total, the CAIS Amendment would allow CAT LLC to achieve 
approximately $10 million to $12 million in cost savings each year as 
compared to 2024 Actuals. First, the Plan Processor has proposed 
reducing its CAIS operating fees by approximately $5 million per year 
if the Proposed Changes are adopted.\30\ As a result, CAIS operating 
fees payable to the Plan Processor would be reduced from approximately 
$20.7 million to $15.7 million annually. The $2.8 million annual 
license fee payable to the Plan Processor would be unaffected by this 
CAIS Amendment. Second, the Plan Processor estimates approximately $5 
million to $7 million in savings per year related to cloud hosting 
services fees.\31\ Accordingly, the CAIS-related cloud hosting services 
fees, based on 2024 Actuals, would be reduced from approximately $12 
million to approximately $5 million to $7 million. These cost savings 
estimates are based on certain assumptions and the current scope of the 
CAT, and may vary based on, among other things, the details of the 
requirements in any final amendment approved by the Commission.
---------------------------------------------------------------------------

    \30\ The CAIS annual operating fee payable to the Plan Processor 
for 2025, which includes fees to pay for software that is required 
to support regulatory queries of CAIS data, is approximately $20.7 
million per year. By eliminating the software that is required to 
support regulatory queries of Name, Address, and YOB data, the CAIS 
annual operating fee would be reduced to approximately $15.7 million 
per year, which is a difference of approximately $5 million per 
year.
    \31\ CAT LLC currently budgets $12 million per year for CAIS 
cloud hosting services fees. Under the CAIS Amendment, CAIS cloud 
hosting services fees would total between approximately $5 million 
and $7 million per year, which represents a savings of between $5 
million and $7 million per year.
---------------------------------------------------------------------------

    To implement the CAIS Amendment, the Plan Processor has proposed a 
one-time change request implementation fee of approximately $4.5 
million to $5.5 million.\32\ One-time implementation costs will 
generally consist of Plan Processor labor costs associated with coding 
and software development, as well as any related cloud fees associated 
with the development, testing, and load testing of the Proposed 
Changes. Even accounting for this one-time implementation cost, the 
CAIS Amendment would allow CAT LLC to achieve approximately $5.5 
million in cost savings in the first year followed by approximately $10 
million to $12 million in cost savings each year thereafter, based on 
2024 Actuals.
---------------------------------------------------------------------------

    \32\ The Plan Processor estimates that it would take 
approximately 9 to 12 months to fully implement the Proposed 
Changes.
---------------------------------------------------------------------------

    CAT operating costs are estimated to approach $250 million in 2025 
as data volumes continue to reach record highs.\33\ CAT LLC and the 
Plan Processor have put significant effort into reducing CAT costs that 
are within their control given the strict reporting requirements in the 
CAT NMS Plan, but additional cost savings measures--like those 
contemplated in this CAIS Amendment--require Commission action to 
permit their implementation. While the Commission recently approved a 
cost savings proposal from CAT LLC, it is critical to continue thinking 
carefully about ways to further reduce CAT costs while preserving the 
CAT's intended regulatory uses. The CAIS Amendment would do just that. 
The potential cost savings associated with the amendment are 
significant and would materially advance CAT LLC's ongoing cost savings 
efforts \34\ without impacting the ability of regulators to perform 
cross-market surveillance or to otherwise use the CAT for its intended 
regulatory purposes. Therefore, CAT LLC urges the Commission to approve 
the CAIS Amendment to allow for

[[Page 12851]]

additional annual savings of approximately $12 million compared to 2024 
Actuals.
---------------------------------------------------------------------------

    \33\ On March 4, 2025, data volumes exceeded 1 trillion 
reportable events for the first time.
    \34\ For example, CAT LLC filed a cost savings amendment, which 
the Commission recently approved on December 12, 2024, that will 
permit approximately $21 million in annual cost savings, which cost 
savings were estimated based on then-estimated 2024 costs. See 
Letter from Brandon Becker, CAT NMS Plan Operating Committee Chair, 
to Vanessa Countryman, Secretary, Commission (Mar. 27, 2024); Letter 
from Brandon Becker, CAT NMS Plan Operating Committee Chair, to 
Vanessa Countryman, Secretary, Commission (Sept. 20, 2024); Order 
Approving Amendments to the National Market System Plan Governing 
the Consolidated Audit Trail Designed to Implement Cost Savings 
Measures, Securities Exchange Act Release No. 101901 (Dec. 12, 
2024), 89 FR 103033 (Dec. 18, 2024).
---------------------------------------------------------------------------

b. The CAIS Amendment Also Would Build on the CCID Exemption Order and 
the CAIS Exemption Order to Further Address the SEC's Stated Security 
Considerations
    In addition to allowing CAT LLC to achieve significant annual cost 
savings, the CAIS Amendment reflects a continuation of prior efforts to 
reduce Customer information in the CAT. Specifically, the CAIS 
Amendment would build on the CCID Exemption Order, which currently 
prohibits Industry Members from reporting SSNs/ITINs, dates of birth, 
and account numbers to the CAT. This CAIS Amendment would remove 
additional data attributes from the CAT, i.e., Name, Address, and YOB, 
while preserving the regulatory goals of SEC Rule 613 because the Plan 
Processor would continue to create a unique CCID allowing regulators to 
conduct cross-market, cross-broker, and cross-account surveillance.
    Furthermore, the CAIS Amendment would further address the security-
related considerations cited by the SEC in the CAIS Exemption Order 
with respect to all Customers. As discussed in more detail above, the 
CAIS Exemption Order grants relief from the requirement to report 
names, addresses, and years of birth for natural persons reported with 
transformed SSNs or ITINs to CAIS, but it does not address the deletion 
of existing data currently stored in CAIS. Therefore, the CAIS 
Exemption Order only addresses new natural persons reported with 
transformed SSNs or ITINs added to CAIS after the date of the order. It 
does not address the SEC's cited security considerations with respect 
to (1) existing natural persons reported with transformed SSNs or ITINs 
with data already stored in CAIS; (2) natural persons who are not 
reported with transformed SSNs or ITINs, including foreign nationals; 
or (3) legal entity Customers. This proposed CAIS Amendment addresses 
the SEC's security considerations with respect to all Customers--
including all natural person and all legal entity Customers, both new 
and existing--by fully eliminating the requirement to report Names, 
Addresses, and YOBs to CAIS for all Customers and by requiring CAT LLC 
to direct the Plan Processor to delete all such information that is 
currently stored in the CAT.
c. The Proposed Changes Would Preserve the Core Regulatory Purposes of 
CAIS
    Under this CAIS Amendment, Industry Members would continue 
reporting basic Customer and account information (e.g., TID, account 
type) to CAIS, but the information reported would no longer include 
Name, Address, and YOB. Industry Members would also continue reporting 
Transformed Identifiers to the CCID Subsystem in the same manner as 
they do today pursuant to the CCID Exemption Order.
    Similarly, the Plan Processor would continue creating a CCID for 
each unique Transformed Identifier in the same way that it does today. 
As such, a daily mapping of CCID to FDID would continue to be provided 
to the transactional database by the CAT System to provide CCID 
enrichment of transaction data. Additionally, the CAIS query tool would 
continue to be provided to allow the subset of regulatory users that 
have been authorized to access the CAIS database to search basic 
Customer and account information, minus Name, Address, and YOB. As was 
the case before CAT, regulatory users would need to contact Industry 
Members directly to obtain any more sensitive Customer information, 
including Name, Address, and YOB.
    In short, the proposed CAIS Amendment would not impact how the Plan 
Processor provides CCID enrichment of transaction data. It would simply 
remove certain unnecessary Customer information (i.e., Name, Address, 
and YOB) from the CAT in order to achieve significant cost savings 
while building on the existing CCID Exemption Order and the CAIS 
Exemption Order. Because the Plan Processor would continue to provide 
CCID enrichment of transaction data, the proposed CAIS Amendment would 
not impact the ability of regulators to track a Customer's trading 
activity across accounts, broker-dealers, and markets. By preserving 
regulators' ability to perform such cross-market, cross-broker, and 
cross-account surveillance, the CAIS Amendment would achieve 
significant cost savings and reduce unnecessary Customer information in 
the CAT without impacting a key aspect of CAT's intended regulatory 
uses.
d. The Benefits of the Proposed Changes Significantly Outweigh Their 
Costs
    The benefits of the CAIS Amendment significantly outweigh its 
costs. As described above, the CAIS Amendment would further address the 
SEC's security considerations noted in the CAIS Exemption Order by 
reducing the amount of Customer information in the CAT. In addition, 
the CAIS Amendment would allow CAT LLC to achieve an estimated $12 
million in cost savings each year as compared to 2024 Actuals, which 
would materially advance CAT LLC's ongoing efforts to reduce CAT 
operating costs. It would also build on CAT LLC's prior efforts to 
reduce Customer information in the CAT and the CAIS Exemption Order by 
eliminating the Plan requirement to report Name, Address, and YOB to 
CAIS for all Customers. At the same time, other than one-time 
implementation costs of approximately $4.5 million to $5.5 million 
(which would be fully offset by savings in the first year), the costs 
associated with the CAIS Amendment are minimal. If adopted, the CAIS 
Amendment would not change the Plan Processor's practices related to 
creating a unique CCID for each Customer and performing CCID enrichment 
of transaction data. While regulatory users would no longer be able to 
use the CAIS query tool to search for Name, Address, and YOB 
information, they would still be able to track Customer trading 
activity across accounts, broker-dealers, and markets without access to 
that information by using a CCID because the Plan Processor would 
continue performing CCID enrichment of transaction data in the same way 
that it does today. Furthermore, if it becomes necessary for a 
regulatory user to obtain Name, Address, and YOB data, that information 
could still be obtained directly from Industry Members. In this way, 
the CAIS Amendment would not affect how regulators use the CAT, and any 
added cost associated with obtaining Name, Address, and YOB information 
from Industry Members is significantly outweighed by the estimated $12 
million in cost savings that the proposed CAIS Amendment would allow 
CAT LLC to recognize each year as compared to 2024 Actuals.
    For all of these reasons, CAT LLC strongly urges the Commission to 
approve the CAIS Amendment.

B. Governing or Constituent Documents

    Not applicable.

C. Implementation of Amendment

    The Participants propose to implement the proposal upon approval of 
the proposed amendment to the CAT NMS Plan by directing the Plan 
Processor to make the technological changes to CAIS reporting required 
to effectuate the Proposed Changes and by amending their individual CAT

[[Page 12852]]

Compliance Rules to reflect the more limited scope of Customer-and-
account-related information that would be required to be reported to 
CAIS as a result of implementing the Proposed Changes.

D. Development and Implementation Phases

    Subject to SEC approval of this CAIS Amendment, the Participants 
and the Plan Processor, in consultation with Industry Members, will 
determine and communicate an implementation schedule to effectuate the 
Proposed Changes.

E. Analysis of Impact on Competition

    CAT LLC does not believe that the CAIS Amendment would result in 
any burden on competition that is not necessary or appropriate in 
furtherance of the purposes of the Exchange Act. Indeed, CAT LLC 
believes that the CAIS Amendment will have a positive impact on 
competition, efficiency and capital formation. The CAIS Amendment will 
provide significant savings in CAT costs and will eliminate Name, 
Address, and YOB from the CAT while imposing minimal impact on the 
regulatory use of CAT Data. Such substantial cost savings would inure 
to the benefit of all participants in the markets for NMS Securities 
and OTC Equity Securities, including Participants, Industry Members, 
and most importantly, the investors.
    In addition to providing significant cost savings, the CAIS 
Amendment would incorporate the existing CCID Exemption Order and build 
on the CAIS Exemption Order, both of which the Commission found to be 
appropriate in the public interest and consistent with the protection 
of investors.\35\ Because this CAIS Amendment would build on the CCID 
Exemption Order and the CAIS Exemption Order to further reduce the 
amount of Customer-and-account-related information in the CAT by 
eliminating Name, Address, and YOB without impacting the intended 
regulatory goals of SEC Rule 613, CAT LLC believes that the CAIS 
Amendment is appropriate in the public interest and consistent with the 
protection of investors. In this way, the CAIS Amendment would enhance 
the markets for NMS Securities and OTC Equity Securities for all market 
participants.
---------------------------------------------------------------------------

    \35\ See CCID Exemption Order at 16156; CAIS Exemption Order at 
9646.
---------------------------------------------------------------------------

    Furthermore, the CAIS Amendment would provide significant cost 
savings and build on the CCID Exemption Order and the CAIS Exemption 
Order without creating any disparate impact among Industry Members with 
Customers. This is because the CAIS Amendment would require all 
Industry Members to report the same narrower scope of Customer-and-
account-related information to the CAT. Therefore, the CAIS Amendment 
would have the same effect on all Industry Members with Customers.
    For all of these reasons, CAT LLC does not believe that the CAIS 
Amendment would result in any burden on competition that is not 
necessary or appropriate in furtherance of the purposes of the Exchange 
Act.

F. Written Understanding or Agreements Relating to Interpretation of, 
or Participation in Plan

    Not applicable.

G. Approval by Plan Sponsors in Accordance With Plan

    Section 12.3 of the CAT NMS Plan states that, subject to certain 
exceptions, the CAT NMS Plan may be amended from time to time only by a 
written amendment, authorized by the affirmative vote of not less than 
two-thirds of all of the Participants, that has been approved by the 
SEC pursuant to Rule 608 of Regulation NMS under the Exchange Act or 
has otherwise become effective under Rule 608 of Regulation NMS under 
the Exchange Act. In addition, the proposed amendment was discussed 
during Operating Committee meetings. The Participants, by a vote of the 
Operating Committee taken on March 4, 2025, have authorized the filing 
of this proposed amendment with the SEC in accordance with the CAT NMS 
Plan.

H. Description of Operation of Facility Contemplated by the Proposed 
Amendment

    Not applicable.

I. Terms and Conditions of Access

    Not applicable.

J. Method of Determination and Imposition, and Amount of, Fees and 
Charges

    Not applicable.

K. Method and Frequency of Processor Evaluation

    Not applicable.

L. Dispute Resolution

    Not applicable.

III. Solicitation of Comments

    The Commission seeks comment on the amendment. Interested persons 
are invited to submit written data, views and arguments concerning the 
foregoing, including whether the amendment is consistent with the 
Exchange Act. Comments may be submitted by any of the following 
methods:

Electronic Comments

     Use the Commission's internet comment form (https://www.sec.gov/rules/sro.shtml); or
     Send an email to [email protected]. Please include 
File Number 4-698 on the subject line.

Paper Comments

     Send paper comments in triplicate to Secretary, Securities 
and Exchange Commission, 100 F Street NE, Washington, DC 20549-1090.

All submissions should refer to File Number 4-698. This file number 
should be included on the subject line if email is used. To help the 
Commission process and review your comments more efficiently, please 
use only one method. The Commission will post all comments on the 
Commission's internet website (https://www.sec.gov/rules/sro.shtml). 
Copies of the submission, all subsequent amendments, all written 
statements with respect to the proposed plan amendment that are filed 
with the Commission, and all written communications relating to the 
amendment between the Commission and any person, other than those that 
may be withheld from the public in accordance with the provisions of 5 
U.S.C. 552, will be available for website viewing and printing in the 
Commission's Public Reference Room, 100 F Street NE, Washington, DC 
20549, on official business days between the hours of 10:00 a.m. and 
3:00 p.m. Copies of the filing also will be available for inspection 
and copying at the Participants' offices. All comments received will be 
posted without change. Persons submitting comments are cautioned that 
we do not redact or edit personal identifying information from comment 
submissions. You should submit only information that you wish to make 
available publicly. All submissions should refer to File Number 4-698 
and should be submitted on or before April 9, 2025.
---------------------------------------------------------------------------

    \36\ 17 CFR 200.30-3(a)(85).

    For the Commission, by the Division of Trading and Markets, 
pursuant to delegated authority.\36\
Sherry R. Haywood,
Assistant Secretary.

[[Page 12853]]

Exhibit A

Proposed Revisions to the CAT NMS Plan

Additions italicized; deletions [bracketed]
* * * * *

Article I

Definitions

* * * * *

Section 1.1. Definitions.

* * * * *
    ``[Customer ]Account Attributes[Information]'' shall include, but 
not be limited to, [account number, ]account type, customer type, date 
account opened, and large trader identifier (if applicable) (excluding, 
for the avoidance of doubt, account number); except, however, that (a) 
in those circumstances in which an Industry Member has established a 
trading relationship with an institution but has not established an 
account with that institution, the Industry Member will (i) provide the 
Account Effective Date in lieu of the ``date account opened''; [(ii) 
provide the relationship identifier in lieu of the ``account number''; 
]and (ii[i]) identify the ``account type'' as a ``relationship''; (b) 
in those circumstances in which the relevant account was established 
prior to the implementation date of the CAT NMS Plan applicable to the 
relevant CAT Reporter (as set forth in Rule 613(a)(3)(v) and (vi)), and 
no ``date account opened'' is available for the account, the Industry 
Member will provide the Account Effective Date in the following 
circumstances: (i) where an Industry Member changes back office 
providers or clearing firms and the date account opened is changed to 
the date the account was opened on the new back office/clearing firm 
system; (ii) where an Industry Member acquires another Industry Member 
and the date account opened is changed to the date the account was 
opened on the post-merger back office/clearing firm system; (iii) where 
there are multiple dates associated with an account in an Industry 
Member's system, and the parameters of each date are determined by the 
individual Industry Member; and (iv) where the relevant account is an 
Industry Member proprietary account. For the avoidance of doubt, 
Industry Members are required to provide a Firm Designated ID in 
accordance with this Agreement.
* * * * *
    ``CAIS'' means the customer and account information system of the 
CAT.
* * * * *
    ``CCID Subsystem'' means the isolated subsystem of CAIS that exists 
solely to transform input TID values into CCID values.
* * * * *
    ``Customer and Account Attributes'' shall mean the data elements in 
Account Attributes and Customer Attributes.
    ``Customer Attributes[Identifying Information]'' means information 
[of sufficient detail to identify ]attributed to a Customer, including, 
but not limited to, (a) with respect to individuals: [name, address, 
date of birth, individual tax payer identification number (``ITIN'')/
social security number (``SSN''),] TID and the individual's role in the 
account (e.g., primary holder, joint holder, guardian, trustee, person 
with the power of attorney); and (b) with respect to legal entities: 
[name, address, ]Employer Identification Number (``EIN'')/Legal Entity 
Identifier (``LEI'') or other comparable common entity identifier, if 
applicable; provided, however, that an Industry Member that has an LEI 
for a Customer must submit the Customer's LEI[ in addition to other 
information of sufficient detail to identify a Customer].
    ``Customer-ID'' or ``CAT Customer-ID'' or ``CCID'' has the same 
meaning provided in SEC Rule 613(j)(5).
* * * * *
    ``Full Availability and Regulatory Utilization of Transactional 
Database Functionality'' means the point at which: (a) reporting to the 
Order Audit Trail System (``OATS'') is no longer required for new 
orders; (b) Industry Member reporting for equities transactions and 
simple electronic options transactions, excluding Customer Account 
Information,* Customer-ID, and Customer Identifying Information,* with 
sufficient intra-firm linkage, inter-firm linkage, national securities 
exchange linkage, trade reporting facilities linkage, and 
representative order linkages (including any equities allocation 
information provided in an Allocation Report) to permit the 
Participants and the Commission to analyze the full lifecycle of an 
order across the national market system, from order origination through 
order execution or order cancellation, is developed, tested, and 
implemented at a 5% Error Rate or less; (c) Industry Member reporting 
for manual options transactions and complex options transactions, 
excluding Customer Account Information, Customer-ID, and Customer 
Identifying Information, with all required linkages to permit the 
Participants and the Commission to analyze the full lifecycle of an 
order across the national market system, from order origination through 
order execution or order cancellation, including any options allocation 
information provided in an Allocation Report, is developed, tested, and 
fully implemented; (d) the query tool functionality required by Section 
6.10(c)(i)(A) and Appendix D, Sections 8.1.1-8.1.3, Section 8.2.1, and 
Section 8.5 incorporates the data described in conditions (b)-(c) and 
is available to the Participants and to the Commission; and (e) the 
requirements of Section 6.10(a) are met. This Financial Accountability 
Milestone shall be considered complete as of the date identified in a 
Quarterly Progress Report meeting the requirements of Section 6.6(c).
---------------------------------------------------------------------------

    * Effective [DATE], ``Customer Account Information'' as used in 
the Financial Accountability Milestones (Initial Industry Member 
Core Equity Reporting; Full Implementation of Core Equity Reporting; 
Full Availability and Regulatory Utilization of Transactional 
Database Functionality; and Full Implementation of CAT NMS Plan 
Requirements) is no longer a defined term and has been superseded by 
the new defined term ``Account Attributes''.
    * Effective [DATE], ``Customer Identifying Information'' as used 
in the Financial Accountability Milestones (Initial Industry Member 
Core Equity Reporting; Full Implementation of Core Equity Reporting; 
Full Availability and Regulatory Utilization of Transactional 
Database Functionality; and Full Implementation of CAT NMS Plan 
Requirements) is no longer a defined term and has been superseded by 
the new defined term ``Customer Attributes''.
---------------------------------------------------------------------------

* * * * *
    [``PII'' means personally identifiable information, including a 
social security number or tax identifier number or similar information; 
Customer Identifying Information and Customer Account Information.]
* * * * *
    ``Transformed Identifier'' or ``TID'' means the transformed version 
of the individual tax payer identification number (``ITIN'') or social 
security number (``SSN'') submitted by Industry Members in place of an 
ITIN or SSN.
* * * * *

Article VI

Functions and Activities of CAT System

* * * * *

Section 6.2. Chief Compliance Officer and Chief Information Security 
Officer

* * * * *
    (a) Chief Compliance Officer.
* * * * *
    (v) The Chief Compliance Officer shall:
* * * * *
    (C) in collaboration with the Chief Information Security Officer, 
and consistent with Appendix D, Data

[[Page 12854]]

Security, and any other applicable requirements related to data 
security[,] and Customer and Account Attributes[Information and 
Customer Identifying Information], identify and assist the Company in 
retaining an appropriately qualified independent auditor (based on 
specialized technical expertise, which may be the Independent Auditor 
or subject to the approval of the Operating Company by Supermajority 
Vote, another appropriately qualified independent auditor), and in 
collaboration with such independent auditor, create and implement an 
annual audit plan (subject to the approval of the Operating Committee), 
which shall at a minimum include a review of all Plan Processor 
policies, procedures and control structures, and real time tools that 
monitor and address data security issues for the Plan Processor and the 
Central Repository;
* * * * *
    (b) Chief Information Security Officer.
* * * * *
    (v) Consistent with Appendices C and D, the Chief Information 
Security Officer shall be responsible for creating and enforcing 
appropriate policies, procedures, and control structures to monitor and 
address data security issues for the Plan Processor and the Central 
Repository including:
* * * * *
    (F) [PII]Customer and Account Attributes data requirements, 
including the standards set forth in Appendix D, [PII]Customer and 
Account Attributes Data Requirements;
* * * * *

Section 6.4. Data Reporting and Recording by Industry Members

* * * * *
    (d) Required Industry Member Data.
* * * * *
    (ii) Subject to Section 6.4(c) and Section 6.4(d)(iii) with respect 
to Options Market Makers, and consistent with Appendix D, Reporting and 
Linkage Requirements, and the Technical Specifications, each 
Participant shall, through its Compliance Rule, require its Industry 
Members to record and report to the Central Repository the following, 
as applicable (``Received Industry Member Data'' and collectively with 
the information referred to in Section 6.4(d)(i) ``Industry Member 
Data''):
* * * * *
    (C) for original receipt or origination of an order, the Firm 
Designated ID for the relevant Customer, and in accordance with Section 
6.4(d)(iv), Customer and Account Attributes [Information and Customer 
Identifying Information] for the relevant Customer; and
* * * * *

Section 6.10. Surveillance

* * * * *
    (c) Use of CAT Data by Regulators.
* * * * *
    (ii) Extraction of CAT Data shall be consistent with all permission 
rights granted by the Plan Processor. All CAT Data returned shall be 
encrypted, and [PII]Customer and Account Attributes data shall be 
masked unless users have permission to view the CAT Data that has been 
requested.
* * * * *

Appendix D

CAT NMS Plan Processor Requirements

* * * * *

4. Data Security

4.1 Overview

* * * * *
    The Plan Processor must provide to the Operating Committee a 
comprehensive security plan that covers all components of the CAT 
System, including physical assets and personnel, and the training of 
all persons who have access to the Central Repository consistent 
with Article VI, Section 6.1(m). The security plan must be updated 
annually. The security plan must include an overview of the Plan 
Processor's network security controls, processes and procedures 
pertaining to the CAT Systems. Details of the security plan must 
document how the Plan Processor will protect, monitor and patch the 
environment; assess it for vulnerabilities as part of a managed 
process, as well as the process for response to security incidents 
and reporting of such incidents. The security plan must address 
physical security controls for corporate, data center, and leased 
facilities where Central Repository data is transmitted or stored. 
The Plan Processor must have documented ``hardening baselines'' for 
systems that will store, process, or transmit CAT Data or 
[PII]Customer and Account Attributes data.
* * * * *

4.1.2 Data Encryption

* * * * *
    Storage of unencrypted [PII]Customer and Account Attributes data 
is not permissible. [PII]Customer and Account Attributes encryption 
methodology must include a secure documented key management strategy 
such as the use of HSM(s). The Plan Processor must describe how 
[PII]Customer and Account Attributes encryption is performed and the 
key management strategy (e.g., AES-256, 3DES).
* * * * *

4.1.4 Data Access

    The Plan Processor must provide an overview of how access to 
[PII]Customer and Account Attributes and other CAT Data by Plan 
Processor employees and administrators is restricted. This overview 
must include items such as, but not limited to, how the Plan 
Processor will manage access to the systems, internal segmentation, 
multi-factor authentication, separation of duties, entitlement 
management, background checks, etc.
* * * * *
    Any login to the system that is able to access [PII]Customer and 
Account Attributes data must follow [non-PII ]password rules for 
data that does not constitute Customer and Account Attributes and 
must be further secured via multi-factor authentication (``MFA''). 
The implementation of MFA must be documented by the Plan Processor. 
MFA authentication capability for all logins is required to be 
implemented by the Plan Processor.
* * * * *

4.1.6 [PII] Customer and Account Attributes Data Requirements

    [PII]Customer and Account Attributes data must not be included 
in the result set(s) from online or direct query tools, reports or 
bulk data extraction. Instead, results will display existing [non-
PII] unique identifiers (e.g., Customer-ID or Firm Designated ID) 
that do not constitute Customer and Account Attributes. The 
[PII]Customer and Account Attributes corresponding to these 
identifiers can be gathered using the [PII]Customer and Account 
Attributes workflow described in Appendix D, Data Security, 
[PII]Customer and Account Attributes Data Requirements. By default, 
users entitled to query CAT Data are not authorized for [PII] access 
to Customer and Account Attributes. The process by which someone 
becomes entitled for [PII] access to Customer and Account 
Attributes, and how they then go about accessing [PII]Customer and 
Account Attributes data, must be documented by the Plan Processor. 
The chief regulatory officer, or other such designated officer or 
employee at each Participant must, at least annually, review and 
certify that people with [PII] access to Customer and Account 
Attributes have the appropriate level of access for their role.
    Using the RBAC model described above, access to [PII]Customer 
and Account Attributes data shall be configured at the [PII 
attribute]Customer and Account Attribute level, following the 
``least privileged'' practice of limiting access as much as 
possible.
    [PII]Customer and Account Attributes data must be stored 
separately from other CAT Data. It cannot be stored with the 
transactional CAT Data, and it must not be accessible from public 
internet connectivity. A full audit trail of [PII] access to 
Customer and Account Attributes (who accessed what data, and when) 
must be maintained. The Chief Compliance Officer and the Chief 
Information Security Officer shall have access to daily 
[PII]Customer and Account Attributes reports that list all users who 
are entitled for [PII] access to Customer and Account Attributes, as 
well as the audit trail of all [PII] access to Customer and Account

[[Page 12855]]

Attributes that has occurred for the day being reported on.
* * * * *

6.2 Data Availability Requirements

* * * * *
    Figure B: Customer and Account Attributes[Information (Including 
PII)]
[GRAPHIC] [TIFF OMITTED] TN19MR25.021

    CAT [PII]Customer and Account Attributes data must be processed 
within established timeframes to ensure data can be made available 
to Participants' regulatory staff and the SEC in a timely manner. 
Industry Members submitting new or modified Customer information 
must provide it to the Central Repository no later than 8:00 a.m. 
Eastern Time on T+1. The Central Repository must validate the data 
and generate error reports no later than 5:00 p.m. Eastern Time on 
T+1. The Central Repository must process the resubmitted data no 
later than 5:00 p.m. Eastern Time on T+4. Corrected data must be 
resubmitted no later than 5:00 p.m. Eastern Time on T+3. The Central 
Repository must process the resubmitted data no later than 5:00 p.m. 
Eastern Time on T+4. Corrected data must be available to regulators 
no later than 8:00 a.m. Eastern Time on T+5.
    Customer information that includes [PII]Customer and Account 
Attributes data must be available to regulators immediately upon 
receipt of initial data and corrected data, pursuant to security 
policies for retrieving [PII]Customer and Account Attributes.
* * * * *

8. Functionality of the CAT System

8.1 Regulator Access

* * * * *

8.1.1 Online Targeted Query Tool

* * * * *
    The tool must provide a record count of the result set, the date 
and time the query request is submitted, and the date and time the 
result set is provided to the users. In addition, the tool must 
indicate in the search results whether the retrieved data was linked 
or unlinked (e.g., using a flag). In addition, the online targeted 
query tool must not display any [PII]Customer and Account Attributes 
data. Instead, it will display existing [non-PII] unique identifiers 
(e.g., Customer-ID or Firm Designated ID) that do not constitute 
Customer and Account Attributes. The [PII]Customer and Account 
Attributes corresponding to these identifiers can be gathered using 
the [PII]Customer and Account Attributes workflow described in 
Appendix D, Data Security, [PII]Customer and Account Attributes Data 
Requirements. The Plan Processor must define the maximum number of 
records that can be viewed in the online tool as well as the maximum 
number of records that can be downloaded. Users must have the 
ability to download the results to .csv, .txt, and other formats, as 
applicable. These files will also need to be available in a 
compressed format (e.g., .zip, .gz). Result sets that exceed the 
maximum viewable or download limits must return to users a message 
informing them of the size of the result set and the option to 
choose to have the result set returned via an alternate method.
* * * * *

8.1.3 Online Targeted Query Tool Access and Administration

    Access to CAT Data is limited to authorized regulatory users 
from the Participants and the SEC. Authorized regulators from the 
Participants and the SEC may access all CAT Data, with the exception 
of [PII]Customer and Account Attributes data. A subset of the 
authorized regulators from the Participants and the SEC will have 
permission to access and view [PII]Customer and Account Attributes 
data. The Plan Processor must work with the Participants and SEC to 
implement an administrative and authorization process to provide 
regulator access. The Plan Processor must have procedures and a 
process in place to verify the list of active users on a regular 
basis.
    A two-factor authentication is required for access to CAT Data. 
[PII]Customer and Account Attributes data must not be available via 
the online targeted query tool or the user-defined direct query 
interface.

8.2 User-Defined Direct Queries and Bulk Extraction of Data

    The Central Repository must provide for direct queries, bulk 
extraction, and download of data for all regulatory users. Both the 
user-defined direct queries and bulk extracts will be used by 
regulators to deliver large sets of data that can then be used in 
internal surveillance or market analysis applications. The data 
extracts must use common industry formats.
    Direct queries must not return or display [PII]Customer and 
Account Attributes data. Instead, they will return existing [non-
PII] unique identifiers (e.g., Customer-ID or Firm Designated ID) 
that do not constitute Customer and Account Attributes. The [PII] 
Customer and Account Attributes corresponding to these identifiers 
can be gathered using the [PII]Customer and Account Attributes 
workflow described in Appendix D, Data Security, [PII]Customer and 
Account Attributes Data Requirements.
* * * * *

8.2.2 Bulk Extract Performance Requirements

* * * * *
    Extraction of data must be consistently in line with all 
permissioning rights granted by the Plan Processor. Data returned 
must be encrypted, password protected and sent via secure methods of 
transmission. In addition, [PII]Customer and Account Attributes data 
must be masked unless users have permission to view the data that 
has been requested.
* * * * *

[[Page 12856]]

9. CAT Customer and [Customer] Account Attributes [Information]

9.1 Customer and [Customer] Account Attributes [Information] Storage

    The CAT must capture and store Customer and [Customer] Account 
Attributes[Information] in a secure database physically separated 
from the transactional database. The Plan Processor will maintain 
certain information [of sufficient detail to uniquely and 
consistently identify] attributed to each Customer across all CAT 
Reporters, and associated accounts from each CAT Reporter. [The 
following attributes, a]At a minimum, the CAT must capture 
Transformed Identifiers.[be captured:]
     [Social security number (SSN) or Individual Taxpayer 
Identification Number (ITIN);]
     [Date of birth;]
     [Current name;]
     [Current address;]
     [Previous name; and]
     [Previous address.]
    For legal entities, the CAT must capture Legal Entity 
Identifiers (LEIs) (if available).[the following attributes:]
     [Legal Entity Identifier (LEI) (if available);]
     [Tax identifier;]
     [Full legal name; and]
     [Address.]
    The Plan Processor must maintain valid Customer and [Customer] 
Account Attributes[Information] for each trading day and provide a 
method for Participants' regulatory staff and the SEC to easily 
obtain historical changes to that information[ (e.g., name changes, 
address changes, etc.)].
    [The Plan Processor will design and implement a robust data 
validation process for submitted Firm Designated ID, Customer 
Account Information and Customer Identifying Information, and must 
continue to process orders while investigating Customer information 
mismatches. Validations should:
     Confirm the number of digits on a SSN,
     Confirm date of birth, and
     Accommodate the situation where a single SSN is used by 
more than one individual.]
    The Plan Processor will use the [Customer information] 
Transformed Identifier submitted by all broker-dealer CAT Reporters 
to the isolated CCID Subsystem to assign a unique Customer-ID for 
each Customer. The Customer-ID must be consistent across all broker-
dealers that have an account associated with that Customer. This 
unique CAT-Customer-ID will not be returned to CAT Reporters and 
will only be used internally by the CAT.
    Broker-Dealers will initially submit full account lists for all 
active accounts to the Plan Processor and subsequently submit 
updates and changes on a daily basis. In addition, the Plan 
Processor must have a process to periodically receive full account 
lists to ensure the completeness and accuracy of the account 
database. The Central Repository must support account structures 
that have multiple account owners and associated Customer 
information (joint accounts, managed accounts, etc.), and must be 
able to link accounts that move from one CAT Reporter to another 
(e.g., due to mergers and acquisitions, divestitures, etc.).
* * * * *

9.2 Required Data Attributes for Customer Information Data Submitted by 
Industry Members

    At a minimum, the following Customer information data attributes 
must be accepted by the Central Repository:
     [Account Owner Name;]
     [Account Owner Mailing Address;]
     [Account Tax Identifier (SSN, TIN, ITN)] Transformed 
Identifier (with respect to individuals) or EIN (with respect to 
legal entities);
     Market Identifiers (Larger Trader ID, LEI);
     Type of Account;
     Firm Identifier Number;
    [cir] The number that the CAT Reporter will supply on all orders 
generated for the Account;
     Prime Broker ID;
     Bank Depository ID; and
     Clearing Broker.
* * * * *

9.3 Customer-ID Tracking

    The Plan Processor will assign a CAT-Customer-ID for each unique 
Customer. The Plan Processor will [determine] generate and assign a 
unique CAT-Customer-ID [using information such as SSN and DOB for 
natural persons or entity identifiers for Customers that are not 
natural persons and will resolve discrepancies] for each Transformed 
Identifier submitted by broker-dealer CAT Reporters to the isolated 
CCID Subsystem. Once a CAT-Customer-ID is assigned, it will be added 
to each linked (or unlinked) order record for that Customer.
    Participants and the SEC must be able to use the unique CAT-
Customer-ID to track orders from any Customer or group of Customers, 
regardless of what brokerage account was used to enter the order.
* * * * *

9.4 Error Resolution for Customer Data

    [The Plan Processor must design and implement procedures and 
mechanisms to handle both minor and material inconsistencies in 
Customer information. The Central Repository needs to be able to 
accommodate minor data discrepancies such as variations in road name 
abbreviations in searches. Material inconsistencies such as two 
different people with the same SSN must be communicated to the 
submitting CAT Reporters and resolved within the established error 
correction timeframe as detailed in Section 8.]
    The Central Repository must have an audit trail showing the 
resolution of all errors. The audit trail must, at a minimum, 
include the:
     CAT Reporter submitting the data;
     Initial submission date and time;
     Data in question or the ID of the record in question;
     Reason identified as the source of the issue[, such 
as:];
    [cir] [duplicate SSN, significantly different Name;]
    [cir] [duplicate SSN, different DOB;]
    [cir] [discrepancies in LTID; or]
    [cir] [others as determined by the Plan Processor;]
     Date and time the issue was transmitted to the CAT 
Reporter, included each time the issue was re-transmitted, if more 
than once;
     Corrected submission date and time, including each 
corrected submission if more than one, or the record ID(s) of the 
corrected data or a flag indicating that the issue was resolved and 
corrected data was not required; and
     Corrected data, the record ID, or a link to the 
corrected data.
* * * * *

9.5 Deletion From CAIS of Certain Reported Customer Data

    Notwithstanding any other provision of the CAT NMS Plan, this 
Appendix D, or the Exchange Act, CAT LLC shall direct the Plan 
Processor to develop and implement a mechanism to delete from CAIS, 
or otherwise make inaccessible to regulatory users, the following 
data attributes: Customer name, Customer address, account name, 
account address, authorized trader names list, account number, day 
of birth, month of birth, year of birth, and ITIN/SSN. For the 
avoidance of doubt, such data attributes do not constitute records 
that must be retained under Exchange Act Rule 17a-1. CAT LLC or the 
Plan Processor shall be permitted to delete any such information 
that has been improperly reported by an Industry Member to the 
extent that either becomes aware of such improper reporting through 
self-reporting or otherwise.
* * * * *

10. User Support

10.1 CAT Reporter Support

* * * * *
    The Plan Processor must develop tools to allow each CAT Reporter 
to:
* * * * *
     Manage Customer and [Customer] Account 
Attributes[Information];
* * * * *

10.3 CAT Help Desk

* * * * *
    CAT Help Desk support functions must include:
* * * * *
     Supporting CAT Reporters with data submissions and data 
corrections, including submission of Customer and [Customer] Account 
Attributes[Information];
* * * * *
[FR Doc. 2025-04516 Filed 3-18-25; 8:45 am]
BILLING CODE 8011-01-P