Three Broker-Dealers to Pay More Than $6 Million in Penalties for Providing Deficient Blue Sheet Data (SEC Release / December 10, 2018)

https://www.sec.gov/news/press-release/2018-275, which alleges, in part, that:

The Securities and Exchange Commission today announced that three broker-dealers have agreed to pay more than $6 million to settle charges for providing the SEC with incomplete and inaccurate securities trading information in required SEC productions known as "blue sheet data," which the SEC uses to carry out its enforcement and regulatory obligations, including the investigation of insider trading and other fraudulent activity. 

According to the SEC's orders, over a period of several years, Citadel Securities LLC, Natixis Securities Americas LLC, and MUFG Securities Americas Inc. each made numerous deficient blue sheet submissions containing inaccurate or missing data; incorrect order execution times that failed to adjust for time zone changes; and incorrect or missing exchange codes, transaction type identifiers, opposing broker number and contra-party identifiers.  Citadel, the largest provider of blue sheet data of the firms charged today, submitted incorrect data for nearly 80 million trades while Natixis and MUFG submitted incorrect data for approximately 150,000 trades and 650,000 trades, respectively.  These deficiencies largely stemmed from undetected coding errors.  None of the firms had adequate processes designed to validate the accuracy of its submissions. 

Two Broker-Dealers to Pay $4.65 Million in Penalties for Providing Deficient Blue Sheet Data (SEC Release / September 16, 2019)

https://www.sec.gov/news/press-release/2019-177, which alleges, in part, that:

The Securities and Exchange Commission today announced that Stifel, Nicolaus & Co., Inc. has agreed to pay $2.7 million and BMO Capital Markets Corp. has agreed to pay $1.95 million to settle charges for providing incomplete and inaccurate securities trading information to the SEC. Broker-dealers are required to provide the information known as "blue sheet data," which the SEC uses to carry out its enforcement and regulatory obligations, including investigations of insider trading and other fraudulent activity.

According to the SEC's orders, over a period of several years, Stifel and BMO each made numerous deficient blue sheet submissions containing missing or inaccurate data, largely due to undetected coding errors. The SEC found that Stifel failed to report data for approximately 9.8 million transactions and provided inaccurate information for approximately 1.4 million transactions. Separately, the SEC found that BMO submitted missing or incorrect data for approximately 5.4 million transactions. According to the SEC's orders, neither firm had adequate processes designed to validate the accuracy of its submissions and each willfully violated the broker-dealer books and records and reporting provisions of the federal securities laws.

Cantor Fitzgerald Agrees to Pay $3.2 Million to Settle Charges for Providing Deficient Blue Sheet Data (SEC Release / April 6, 2020)

The Securities and Exchange Commission today announced that Cantor Fitzgerald & Co. has agreed to pay $3.2 million to settle charges for providing the SEC with incomplete and inaccurate securities trading information known as "blue sheet data."

According to the SEC's order, for almost five years, Cantor Fitzgerald made numerous deficient blue sheet submissions containing missing or inaccurate data, largely due to inadequate processes designed to validate the accuracy of its submissions and undetected coding errors. The SEC found that Cantor Fitzgerald submitted missing or incorrect data for approximately 35 million transactions.  Broker-dealers are required to provide this information, which the SEC uses to carry out its enforcement and regulatory obligations, including investigations of insider trading and other fraudulent activity.

I write to dissent from the financial incentive amendments to the National Market System plan governing the Consolidated Audit Trail (CAT) that the Commission is adopting today. These amendments use financial penalties to encourage plan participants to get the CAT up and running quickly after years of implementation problems. Rather than encourage the CAT's expeditious completion, we should reconsider the project in light of the clear threat it poses to Americans' liberty and privacy.

Concerned by the 2010 "Flash Crash" and the subsequent difficulty in analyzing the events of that day, the Commission devised a plan in 2012 to create a consolidated audit trail. The Commission could have required self-regulatory organizations (SROs), which include securities exchanges and the Financial Industry Regulatory Authority (FINRA), to develop a tool designed to make it easier for the Commission and SROs to analyze similar market events in the future. Such a tool could have built on existing databases and trade-reporting processes to allow reconstructions of trading patterns preceding significant market disruptions.

What the Commission chose to do in 2012 was very different. It ordered the SROs to create a comprehensive surveillance database that will collect and store every equity and option trade and quote, from every account at every broker, by every investor. This ambitious objective means the CAT must contain, in some form, voluminous amounts of personal and business confidential information. This gigantic database, housing all this information in a single place, will be accessible to thousands of people at the Commission and the SROs, who will be able to watch investors' every move in real time.

As is common with projects of such grandiose scale, CAT implementation has been plagued with repeated delays. Chairman Jay Clayton, having inherited this project, has worked hard to see it through to completion, while also seeking to mitigate the risks it presents. His efforts have borne fruit in the form of changes that should make this information materially less susceptible to misappropriation and misuse by bad actors.

These changes, however, do not address the deeper problem with the CAT, namely the significant costs that a comprehensive surveillance tool of this type presents to Americans' liberty and privacy. The CAT's financial burden has grown increasingly apparent as the implementation process has dragged on. Staff of the SROs, broker-dealers, and Commission have expended countless hours and dollars to build the CAT's intricate regulatory, legal, and technological infrastructure. On the other hand, the costs our rules impose on liberty and privacy often draw less attention, in part because these costs are harder to measure than mere financial costs. However, the CAT's impending launch and the increasing emphasis on the value of the CAT's comprehensive, real-time database as an enforcement tool demand just such an analysis.

As an initial matter, it is doubtful whether the CAT's comprehensive surveillance database will significantly advance the Commission's mission. That mission is to protect investors; maintain fair, orderly, and efficient markets; and facilitate capital formation. The Commission's enforcement program is an important tool in pursuing that mission, and the CAT may make it a bit easier to investigate certain types of market misconduct. However, it is unlikely that it will materially change the types or number of enforcement cases the Commission brings. Is this questionable benefit worth the CAT's costs?

Even if the CAT were likely to advance the Commission's mission in a significant way, to determine whether pursuing the CAT further is worthwhile, we need to look carefully at all of the costs that the CAT is likely to impose after it is operational. As noted above, some of these costs are economic, but the most important costs are the non-quantifiable costs to society and to the liberty and privacy that all Americans hold dear. Perhaps somewhat counter-intuitively, the Commission needs to take seriously the public's interest in not having a single, comprehensive surveillance database that allows thousands of users to track every person's activities in the securities markets.

The non-financial costs of being surveilled reach to the very core of our humanity. Freedom of thought, expression, and action are key to unlocking each person's unique potential to contribute to society. Untargeted government surveillance programs, even well-intentioned ones, threaten that freedom. A fundamental expectation of a free people is to not be subject to unwarranted monitoring.

Our legal tradition recognizes these costs and limits when and how government can gather information about our lives. For example, if the government suspects that someone is planning a murder, it may seek to monitor her communications, but only in compliance with statutory and constitutional safeguards such as the requirement to show probable cause. Getting a warrant or following other required procedures may take time and inconvenience law enforcement officials, but Americans have decided that this burden on government is an acceptable, indeed necessary, safeguard of our liberties. The typical American would find it offensive if law enforcement decided willy-nilly to monitor her communications on the off chance that she might someday decide to plan a murder. Sure, such an approach might allow the police to prevent a few additional crimes each year, but society has decided that the cost would be too high.

Some surveillance defenders might say, "Well, if you are not planning a murder, you have nothing to be worried about." The matter is not so simple; ongoing, unwarranted monitoring imposes costs that fall on the innocent and guilty alike. Being watched can change the way people-even people whose actions are beyond reproach-behave. It eats away at the psyche and soul. It is not only being watched while you act that matters; being watched while you think is also problematic. As Professor Neil Richards has explained, "intellectual surveillance," which he describes as "surveillance of people when they are thinking, reading, and communicating with others in order to make up their minds about political and social issues"-"is especially dangerous."Among other problems, such surveillance dissuades them from exploring ideas that fall outside the mainstream.It also changes the "power dynamic between the watcher and the watched" by exposing the watched to the risk of "discrimination, coercion, and the threat of selective enforcement where critics of the government can be prosecuted or blackmailed for wrongdoing unrelated to the purpose of the surveillance."

Concerns like these have motivated Americans to resist surveillance that tracks our activities as drivers, bikers, shoppers, readers, and internet searchers.Many Americans find it troubling to have their activities monitored by any organization, public or private. We ought to be particularly troubled when the power of the state requires Americans to acquiesce to such monitoring as a condition of engaging in political, economic, or other activity. If many of us find the notion of a government agent looking over our shoulders while we browse the internet or shop for books obnoxious and a little creepy, should we feel any differently about being watched by the government as we trade?

Some people might say, "Of course it's different: trading history is not protected expression; it is simply information about an economic transaction with no expressive value." However, economic transactions offer a window into a person's deepest thoughts and core values. Our purchases and sales of securities, particularly when aggregated together as the CAT would do, are a rich form of value expression. They might express a view of how markets work, a determination on the efficiency of markets, expectations about the future, or even a moral philosophy. Investors' trades may flow from a carefully crafted trading strategy based on a person's education, careful data analysis, intuition, or market experience. People may trade to express their belief about how a company, industry, or nation will perform in the short- or long-term. People might sell stock because they fear a recession is coming or buy stock because they anticipate that the election of a particular candidate or party will bring a period of economic prosperity. An investor might buy shares of a movie company because she is sure a particular movie will be popular, shares of a technology company because she believes the company's engineers are geniuses, or the shares of a cellphone provider because she believes a strategic merger is on the horizon.

People's investment decisions-what they buy, what they sell, what they avoid buying-may also or alternatively reflect their moral convictions. An investor may purchase shares of a clothing company because he likes the political messages of its celebrity spokesperson or shares of a restaurant chain because it donates to his favorite charity. On the other hand, an investor may choose to avoid or sell companies that are associated with things he opposes-carbon emissions, dictatorial regimes, alcohol, tobacco, guns, pornography, discrimination, poor treatment of workers, abortion, the military, gambling, shoddy products, or any other of the many things about which people have strong feelings. Another investor may choose to express her defiance of popular sentiment by investing in companies that produce guns, alcohol, or cigarettes. Our markets provide all of these alternatives, and more, to suit the divergent values and tastes of the remarkably diverse investors in our markets.

Investors whose trades are not a direct reflection of granular moral, ethical, or religious beliefs may fear rebukes from other people who view trading decisions as morally motivated. Of course, the Commission and the SROs do not plan to assess investor virtue; rather, they intend to use CAT data to evaluate people's compliance with the securities laws. It should be evident, though, that today's good intentions do not protect against tomorrow's bad actors. One can imagine a future in which a delectably large database of trades becomes a tool for the government to single people out for making trading decisions that reflect-or are interpreted to reflect-opinions deemed unacceptable in the reigning gestalt. This concern may be premature, but thinking about it seriously now is necessary to protect the liberty of future investors in our markets.

Given their expressive value, untargeted surveillance of financial transactions raises the same types of civil liberty concerns as other mass surveillance programs. The Commission is a securities regulator, and it is tempting to think that First Amendment and other concerns about individual liberty are outside our job description; however, our responsibilities include defending the Constitution, and our rules are part of the legal framework that determines how freely Americans can exercise their constitutional rights. We must take care that our surveillance tools are consistent with these rights. Doing so means recognizing that, as with respect to her other activities, a person's trading activity merits watching only when there is a reason to suspect that she is violating the law. Recognizing this means resisting the desire to surveil a person's every move in the securities marketplace simply because she might do something wrong. It means understanding that a person's buying and selling of securities is an expression of what she knows and believes. It means acknowledging that markets are powerful precisely because they draw upon the unique, intensely personal knowledge and expertise of the participants in the marketplace. And finally, it means acknowledging that we cannot, in our desire for investigative efficiency, disregard the liberty and privacy interests of ordinary Americans.

For all of these reasons, it is a mistake to view the CAT as nothing more than an innocuous repository of dry economic data. The CAT will be a comprehensive record of decisions made by millions of Americans that communicate their carefully constructed trading strategies, their opinions about the prospects of particular issuers and industries, and, for some, their moral, ethical, or religious beliefs. That some investors undoubtedly are engaged in misconduct in our financial markets cannot justify amassing this information, especially when more targeted techniques, such as electronic blue sheets, exist. We do not set up mass surveillance programs of other types of activity simply because some of it is illegal. There is no principled basis for treating Americans' activity in financial markets any differently from other types of activity that reflect a person's thoughts, preferences, fears, and hopes.

Moreover, gathering all of this sensitive information in a single database to facilitate more convenient surveillance of investors creates other risks for the very investors the CAT is purportedly intended to protect. Because the surveillance function requires a comprehensive database, the CAT will gather data from thousands of reporting entities, including many that have not previously been required to stream all of their customers' transaction data to an outside entity. Because the surveillance function requires eyes to watch and minds to interpret the data, thousands of Commission staff and employees of the participants must have access to the database.

The sheer value and size of the database will make the CAT an inviting target, and the number of users and reporting entities will make it a more vulnerable one. Each of the thousands of users and each of CAT's many contributors will afford a would-be hacker a potential point of entry. Each of these thousands of users will be able to track investors' market moves, and, with a little effort, also will be able to reconstruct and misappropriate proprietary and confidential trading strategies.

My colleagues are taking the security of the CAT very seriously, as are the SROs, but such a large database will remain an attractive target. As noted above, Chairman Clayton has directed-and the rest of the Commission has embraced-numerous, welcome changes to the CAT to make it more secure. In addition, the Commission and the SROs will continue to take considerable steps to screen employees carefully to weed out potential bad actors. After all, the reputation of each of these organizations depends largely on the quality of its employees, and on their prudence, discretion, and responsibility in fulfilling their critically important functions. Even the most vigilant employer, however, cannot identify every possible bad actor, and one security lapse involving only one of the CAT's thousands of users could compromise the entire database. Moreover, even an honest employee can become the inadvertent conduit for a cyber-breach. If history is any guide, unauthorized access to, or disclosure of, the information contained in the CAT is almost certainly just a matter of time.

Given these risks, we should eliminate the CAT. As Justice Roberts said, "Privacy comes at a cost." In this instance, that cost would not be terribly high. The Commission's enforcement program already performs very well without the CAT. If the Commission believes the program needs further improvement, we could enhance both the rules regarding responses to electronic blue sheets and FINRA's Order Audit Trail System (OATS). Both tools already allow us to get the information we need, and incremental improvements to reduce delays and errors could make our investigations more efficient without sacrificing Americans' liberty and privacy.

Because we should be working to shelve this well-intentioned, but ill-conceived project, not encouraging its quick completion, I cannot support the Commission's action today.

The best lack all conviction, while the worst   

Are full of passionate intensity.