SEC Seeks Public Comment on CAT and Other Audit Trails

Reference: Release No. 2026-37

Official publication: Read the full Release No. 2026-37 on the agency website

The SEC’s April 16, 2026 release signals that the agency’s current review of the Consolidated Audit Trail is broader than a routine operational adjustment. At this stage, the Commission is not adopting new requirements, but it is inviting market participants and other stakeholders to weigh in on whether the CAT and related regulatory data sources should be re-examined at a more fundamental level, including their purpose, governance, cost structure, design, scope, and security framework.

Executive Summary

• The SEC issued a concept release seeking public comment for a comprehensive review of the Consolidated Audit Trail, other audit trails, and related data sources used in regulating U.S. securities markets.
• The topics identified in the release are substantial: CAT funding and cost management, regulatory purpose, structure and governance, design and scope, cybersecurity and data privacy, and the balance between regulatory need, confidentiality, privacy, and civil liberties protections.
• No immediate rule change was announced in the press release. The Commission is gathering input before deciding whether and how to pursue future regulatory action.
• The release suggests that the review is not limited to narrow technical fixes. Chairman Paul S. Atkins described the request for comment as addressing “foundational and existential aspects” of the CAT.
• Firms with CAT reporting exposure, market infrastructure responsibilities, surveillance obligations, data security responsibilities, or public policy interests in market data governance should treat the comment process as operationally significant even though the end state is not yet defined.

What the Regulator Issued

On April 16, 2026, the Securities and Exchange Commission issued a press release announcing a concept release that solicits public comment in support of a comprehensive review of the Consolidated Audit Trail and other audit trails and related data sources currently used in the regulation of U.S. securities markets. The official press release is available here: SEC Seeks Public Comment on the Consolidated Audit Trail and Other Audit Trails and Data Sources.

According to the release, the concept release seeks comment on CAT funding and cost management, the regulatory purpose of the CAT, the CAT’s structure and governance, the CAT’s design and scope, and the cybersecurity and data privacy of the CAT and other audit trails and related data sources. The release also states that the Commission is seeking views on the appropriate balance among privacy and confidentiality considerations, civil liberties protections, and regulatory need.

The release explains that SEC concept releases are used to obtain public input on policy topics before the Commission pursues related regulatory action. In that sense, this is an early-stage solicitation rather than a final or proposed rule. The Commission also stated that it welcomes comment on potential regulatory responses tied to the issues identified in the concept release, including comments addressing resulting costs, burdens, and benefits.

The release includes two additional points that matter for context. First, Chairman Atkins said the Commission has already issued exemptive relief and approved amendments to the national market system plan governing the CAT that, among other stated benefits, reduced projected annual operating costs by more than $100 million and permanently eliminated the reporting of personal identifiable information to the CAT. Second, Jamie Selway, Director of the Division of Trading and Markets, said the Division expects the concept release to “provoke meaningful dialogue.”

Who Is Impacted

The press release does not identify a single regulated class as the sole audience for comment, but the issues it raises point to several groups that should pay close attention.

First, entities with direct CAT reporting, supervisory, or implementation responsibilities are obvious stakeholders because funding, cost management, data scope, and governance changes could alter compliance budgets, data pipelines, control frameworks, and vendor relationships. Second, self-regulatory bodies and other participants in market surveillance infrastructure are implicated because the release expressly frames the review around the role that CAT and other audit trails play in the regulation of U.S. securities markets.

Third, legal, compliance, cybersecurity, privacy, and records teams at market participants may be affected even if they are not responsible for day-to-day CAT submission mechanics. The release squarely raises cybersecurity, data privacy, confidentiality, and civil liberties considerations, which means the SEC is asking questions that reach beyond pure reporting operations and into enterprise governance.

Fourth, trade groups, civil liberties advocates, and firms that interact with multiple regulatory data sources should not assume the discussion will remain limited to CAT in its current form. The release repeatedly refers to other audit trails and related data sources, but it does not define the full outer boundary of that phrase in the press release itself. That uncertainty is significant because it leaves open whether the review could influence data collection, retention, access, or integration choices beyond the CAT architecture alone.

Key Dates and Deadlines

• The SEC issued the press release on April 16, 2026.
• The release states that the public comment period will remain open for 60 days following publication of the concept release in the Federal Register.
• A calendar-specific comment deadline is not specified in the release.
• The release does not identify an implementation date, compliance date, or vote date for any concrete regulatory change.

Practical Action Checklist

• Identify the internal owners for CAT reporting, regulatory reporting architecture, market surveillance, privacy, cybersecurity, records, and outside vendor oversight so the response to the concept release is coordinated rather than siloed.
• Pull current CAT-related cost data, including direct reporting costs, vendor charges, governance participation expenses, and internal support costs, so the organization can quantify how different funding or scope changes would affect operations.
• Map the data fields currently transmitted to CAT and any related regulatory repositories used for surveillance or examination support, with attention to whether those data sets contain personal, confidential, or otherwise sensitive elements.
• Review current controls around access management, encryption, retention, incident response, and third-party handling for CAT-adjacent systems, because the release puts cybersecurity and data privacy directly in scope.
• Assess whether existing compliance assumptions rely on the current design or availability of CAT data, especially for surveillance support, investigations, regulatory response workflows, and record reconstruction.
• Track Federal Register publication promptly so the actual comment deadline can be calendared and internal drafting timelines can be set with enough lead time for approvals.
• Prepare a short issues memorandum on whether the organization has concrete views on funding allocation, data minimization, permissible use, governance, or oversight changes, and support each point with operational evidence rather than abstract preference.
• Coordinate with industry groups or market associations where appropriate if shared concerns exist on cost, burden, privacy, confidentiality, or technical feasibility, while preserving the ability to submit organization-specific points where interests diverge.
• Brief senior management or the relevant governance committee that the SEC has opened a concept-stage review that could affect both regulatory data obligations and broader enterprise risk management, even though no immediate rule text has been proposed.

Open Questions / Watch Items

• How far the SEC intends to go on CAT scope and design is still unclear. The press release signals a foundational review, but it does not say whether the Commission is considering targeted refinements, structural redesign, or more fundamental retrenchment.
• The release flags CAT funding and cost management, but it does not identify which funding alternatives are under the most serious consideration or how costs might be reallocated across affected stakeholders.
• The reference to structure and governance raises the possibility of changes to accountability, oversight, or operational control, but the press release does not specify whether the Commission is focused on governance mechanics, decision rights, transparency, or all of the above.
• The repeated inclusion of other audit trails and related data sources is important but underdefined. Market participants should watch for whether the concept release draws comparisons among systems, proposes consolidation, or questions whether some data collections are duplicative or insufficient.
• The release acknowledges privacy, confidentiality, cybersecurity, and civil liberties concerns, but it does not indicate how the Commission may weigh those interests against surveillance and enforcement needs in any later proposal.
• The SEC states that it welcomes comment on possible regulatory responses and their costs, burdens, and benefits. That means the eventual path could range from no immediate action to exemptive relief, plan amendments, rule proposals, or some combination of those tools.

My Law Tampa publishes this website memo as part of its public regulatory developments library.

This material is provided for informational purposes only and does not create an attorney-client relationship.

Source Materials

• Official publication: Release No. 2026-37
• Regulator archive: SEC memo archive
• Memo library: browse the full regulatory memo archive
• Related memo: SEC Roundtable on Options Market Structure: Analyzing the 2026 Regulatory Agenda
• Related memo: SEC Advisory Committee to Address IPO Market Accessibility and Small Business Capital Formation
• Related memo: SEC Approves Customer Cross-Margining in the U.S. Treasury Market: Regulatory Analysis