Fintech
SEC Proposes Data Security Enhancements to the CAT NMS Plan
Washington, D.C.–(Newsfile Corp. – August 21, 2020) – The Securities and Exchange Commission today proposed amendments to the national market system plan governing the Consolidated Audit Trail (the “CAT NMS Plan”) to bolster the Consolidated Audit Trail’s (“CAT”) data security. While the CAT NMS Plan currently sets forth a number of requirements regarding the security and confidentiality of CAT data, the proposed amendments to the CAT NMS Plan are the latest SEC action to limit the scope of sensitive information required to be collected by CAT and enhance the security of the CAT and the protections afforded to CAT data.
“Data security is an essential pillar of the CAT,” said SEC Chairman Jay Clayton. “The requirements outlined in the proposal, including requiring the removal of sensitive PII, are designed to both (1) significantly reduce the amount of sensitive data collected without affecting the operational effectiveness of the CAT and (2) provide market participants with greater certainty regarding how CAT data will be protected and used. We will continue to evaluate these matters, including to address changes in risks and other matters, as implementation and operation of the CAT continues.”
The public comment period will remain open for 60 days following the date that the release is posted on www.sec.gov.
* * *
Fact Sheet
Action
Today, the Commission voted to propose amendments to the CAT NMS Plan that are designed to enhance the security of the CAT through increased security requirements as well as limiting the scope of sensitive information required to be collected by the CAT.
Comprehensive Information Security Program
The proposed amendments would explicitly define the scope of the CAT’s information security program by adding the term “Comprehensive Information Security Program” (the “CISP”) to set forth all elements of the information security program, inclusive of the proposed Secure Analytical Workspaces.
Security Working Group
The proposed amendments would require the permanent establishment of a security working group that will be composed of the CAT’s Chief Information Security Officer (“CAT CISO”), and the chief information security officer or deputy chief information security officer of each self-regulatory organization that is a participant to the CAT NMS Plan (the “Participants”). The CAT CISO and the Operating Committee may invite other parties to attend specific meetings.
Secure Analytical Workspaces
The proposed amendments would define a Secure Analytical Workspace (“SAW”) as an analytic environment account that is part of the CAT system, and subject to the CISP, where CAT data is accessed and analyzed. The proposed amendments would further require the CISP to establish data access and extraction policies. However, the proposed amendments would explicitly state that each Participant would be allowed to provide and use its own choice of software, hardware configurations, and additional data within its SAW, so long as such activities otherwise comply with the CISP.
The proposed amendments would require Participants to use their SAWs for analyzing CAT data accessed through user-defined direct query and bulk extract tools and for any customer and account data. Participants may only extract from SAWs the minimum amount of CAT Data necessary to achieve a specific surveillance or regulatory purpose. The proposed amendments also set forth a process by which Participants may be granted an exception from using the SAW related to data accessed via user-defined direct query and bulk extract tools.
Online Targeted Query Tool and Logging of Access and Extraction
The proposed amendments would limit the maximum amount of records that regulators can download using an online targeted query tool. The proposed amendments would also enhance logging requirements by requiring logging of extraction of CAT data.
CAT Customer and Account Attributes (Removing Sensitive Personally Identifiable Information)
The proposed amendments would modify the Customer-ID creation process and reporting requirements in accordance with the exemptive order issued by the Commission on March 17, 2020. Specifically, the proposed amendments would no longer require Industry Members to report social security numbers/individual taxpayer identification numbers and account numbers for natural person Customers, and would replace the requirement that the date of birth for a natural person Customer be reported with the requirement that the year of birth for a natural person Customer be reported to, and collected by, the CAT.
Customer Identifying Systems Workflow
The proposed amendments define the workflow for accessing customer and account attributes and establish restrictions governing such access. As described above, Customer Identifying Systems, which contain customer and account attributes, would have to be accessed through a Participant’s SAW. Only Regulatory Staff may access Customer Identifying Systems and such access would have to follow role based access control (“RBAC”) and the “least privileged” practice of limiting access to Customer Identifying Systems and customer and account attributes as much as possible. All queries of Customer Identifying Systems would have to be based on a “need to know” the data in the Customer Identifying Systems, and queries must be designed such that query results would contain only the customer and account attributes that Regulatory Staff reasonably believes will achieve the regulatory purpose of the inquiry or set of inquiries.
Access to Customer Identifying Systems would be limited to two types of access: manual access and programmatic access. For manual access, the proposed amendments generally provide that Regulatory Staff must have identified a Customer(s) of regulatory interest through their own regulatory efforts before they may use manual access to obtain additional information regarding such Customer(s). To use programmatic access, authorization would have to be requested and approved by the Commission pursuant to the process described in the proposed amendments, and Participants approved for such access may programmatically query the Customer Identifying Systems.
Participants’ Data Confidentiality Policies and Regulator Access to CAT Data
The proposed amendments would require the Participants to establish, maintain, enforce and publish identical written data confidentiality policies. Each Participant would establish, maintain and enforce procedures and usage restrictions in accordance with these policies. In addition, the Participants would be required to make the data confidentiality policies publicly available on a website, and on an annual basis each Participant would be required to engage an independent accountant to perform an examination of compliance with the data confidentiality policies.
The proposed amendments would define the term “Regulatory Staff” and the data confidentiality policies adopted by Participants would be required to limit access to CAT data to Regulatory Staff, and certain technology and operations staff, except when there is a specific regulatory need and a Participant’s Chief Regulatory Officer (or similarly designated head(s) of regulation), or his or her designee, documents written approval. The policies would also limit the extraction of CAT data, define the roles and regulatory activities of specific users, and require implementation of the Customer Identifying Systems workflow along with supporting requirements for monitoring and testing.
The proposed amendments would also require that CAT data be accessed only for surveillance and regulatory purposes and forbid the use of CAT data where such use may serve both a surveillance or regulatory purpose, and a commercial purpose (e.g., economic analyses or market structure analyses in support of rule filings).
Secure Connectivity and Data Storage
In addition to requiring connectivity to CAT infrastructure in a manner consistent with current implementation, the proposed amendments would require the Plan Processor to implement “allow” listing, which would limit access to CAT only to those countries where CAT reporting or regulatory use is both necessary and expected. In addition, the proposed amendments would require that data centers housing CAT systems must be physically located in the United States.
Breach Management Policies and Procedures
The proposed amendments would modify existing requirements related to breach management policies and procedures to explicitly require corrective actions and breach notifications to CAT Reporters be a part of the Plan Processor’s cyber incident response plan, modeled after Regulation SCI obligations.
In addition to the security-related items above, the proposed amendments would, consistent with previously granted exemptive relief, explicitly require customer and account attributes to be reported for Firm Designated IDs that are submitted in allocation reports, as is required for Firm Designated IDs associated with the original receipt or origination of an order.
What’s next?
The proposal will be published on SEC.gov and in the Federal Register. There will be a 45-day comment period following publication in the Federal Register.
As we close out 2024, the fintech industry continues to deliver headlines that underscore its dynamism and innovation. From IPO aspirations to groundbreaking regulatory milestones, today’s updates highlight the transformative power of fintech partnerships, regulatory evolution, and disruptive technologies. Here’s what you need to know.
Chime’s Quiet Step Toward Public Markets
Chime, the U.S.-based financial technology startup best known for its digital banking services, has taken a significant step by filing confidential paperwork for an initial public offering (IPO). As one of the most valuable private fintechs in the U.S., Chime’s move could potentially signal a renewed appetite for fintech IPOs in a market that has been cautious following fluctuating valuations across the tech sector.
With a valuation that reportedly exceeded $25 billion in its last funding round, Chime’s IPO could set a new benchmark for the industry. Observers note that its strong customer base and revenue growth may make it an appealing choice for investors seeking to capitalize on the digital banking boom. However, the timing and success of the IPO will depend on broader market conditions and the regulatory landscape.
Source: Bloomberg
ZBD’s Pioneering Achievement: EU MiCA License Approval
ZBD, a fintech company specializing in Bitcoin Lightning network solutions, has made history by becoming the first to secure an EU MiCA (Markets in Crypto-Assets Regulation) license. This landmark approval by the Dutch regulator positions ZBD at the forefront of compliant crypto-fintech operations in Europe.
MiCA, which aims to harmonize the regulatory framework for crypto-assets across the EU, has been a focal point for industry players aiming to establish legitimacy and expand their offerings. ZBD’s achievement not only validates its operational rigor but also sets a precedent for other fintech firms navigating the evolving regulatory landscape.
Industry insiders view this as a strategic advantage for ZBD as it broadens its footprint in Europe. By leveraging its regulatory approval, the company can accelerate its product deployment and establish trust with institutional and retail users alike.
Source: Coindesk, PR Newswire
The Fintech-Credit Union Synergy: A Blueprint for Innovation
The convergence of fintechs and credit unions continues to reshape the financial services ecosystem. Collaborative initiatives, such as the one highlighted in the recent partnership between fintech innovators and credit unions, are proving to be a potent force in delivering tailored financial solutions.
This “dream team” approach allows credit unions to leverage fintech’s technological expertise while maintaining their community-focused ethos. Key areas of collaboration include digital payments, personalized financial management tools, and enhanced loan processing capabilities. These partnerships not only enhance member engagement but also enable credit unions to remain competitive in an increasingly digital-first financial environment.
Industry analysts emphasize that such collaborations underscore a broader trend of traditional financial institutions embracing fintech-driven solutions to bridge service gaps and foster innovation.
Source: PYMNTS
Tackling Student Loan Debt: A Fintech’s Mission
Student loan debt remains a pressing issue for millions of Americans, and a Rochester-based fintech aims to offer relief through its cloud-based platform. This innovative solution is designed to simplify loan management and provide borrowers with actionable insights to reduce their debt burden.
The platform’s features include repayment optimization tools, personalized financial education, and seamless integration with loan servicers. By addressing the complexities of student loan management, this fintech is empowering borrowers to make informed decisions and achieve financial stability.
As the student loan crisis continues to evolve, solutions like this highlight the critical role fintech can play in addressing systemic financial challenges while fostering financial literacy and inclusion.
Source: RBJ
Industry Implications and Takeaways
Today’s updates underscore several key themes shaping the fintech landscape:
- Regulatory Milestones: ZBD’s MiCA license approval exemplifies the importance of regulatory compliance in unlocking growth opportunities.
- Strategic Partnerships: The collaboration between fintechs and credit unions demonstrates the value of combining technological innovation with traditional financial models to drive customer-centric solutions.
- Market Opportunities: Chime’s IPO move reflects a potential revival in fintech public offerings, signaling confidence in the sector’s long-term prospects.
- Social Impact: Fintech’s ability to tackle systemic issues, such as student loan debt, showcases its role as a force for positive change.
The post Fintech Pulse: Your Daily Industry Brief (Chime, ZBD, MiCA) appeared first on News, Events, Advertising Options.
Leading global payments platform SPAYZ.io has confirmed it will be attending iFX EXPO Dubai 2025 on 14 to 16 January. Exhibiting at Stand 64 at Trade Centre Dubai, SPAYZ.io’s team of professionals will be on hand providing live demonstrations of its renowned payment services for payment providers. Attendees will also receive exclusive insight into SPAYZ.io’s plans for 2025 alongside early early access to its upcoming plans for the new year.
SPAYZ.io delivers a host of payment solutions that leverage the latest technological innovations and open access to the fastest growing emerging markets across Africa, Europe and Asia. Over the past year, there has been huge demand for its Open Banking and local payment method services, alongside bank transfers, mass payouts, online banking and e-wallets.
Yana Thakurta, Head of Business Development at SPAYZ.io commented: “We look forward to once again participating at iFX Dubai to expand our network of partners and clients. It’s a fantastic way to kick off the year, connecting with thousands of industry leaders from FOREX platforms to trading companies, and everything in between.
“Our key goal for iFX Dubai EXPO 2025 is to expand our portfolio of solutions and geographies. We’re using this as an opportunity to partner with like-minded entities who share our ambition to provide payment solutions that are truly global.”
Come meet SPAYZ.io’s team at the Trade Centre Dubai at Stand 64. You can also book a meeting slot with a member of a team.
The post SPAYZ.io prepares for iFX EXPO Dubai 2025 appeared first on News, Events, Advertising Options.
Airtm, the most connected digital dollar account in the world, is proud to announce the addition of two distinguished industry leaders to its Board of Directors: Rafael de la Vega, Global SVP of Partnerships at Auctane, and Shivani Siroya, CEO & Founder of Tala. These appointments reflect Airtm’s commitment to innovation and financial inclusion as the company enters its next phase of growth.
“We are thrilled to welcome Rafael and Shivani to Airtm’s Board of Directors,” said Ruben Galindo Steckel, Co-founder and CEO of Airtm. “Their unique perspectives and proven track records will be invaluable as we continue scaling our platform to empower individuals and businesses in emerging markets. Together, we’ll push the boundaries of financial inclusion and innovation to create a more connected and equitable global economy. Rafael and Shivani bring a wealth of experience and strategic insight that will strengthen Airtm’s mission to connect emerging economies with the global market.”
Rafael de la Vega, a seasoned leader in fintech global partnerships and technology innovation, is currently the Global SVP of Partnerships at Auctane. With a proven track record of delivering scalable, impactful solutions at the intersection of fintech, innovation, and commerce, Rafael’s expertise will be pivotal as Airtm continues to grow. “Airtm has built a platform that breaks down barriers and opens up opportunities for people in emerging economies to connect to global markets. I am excited to contribute to its growth and help further its mission of fostering financial inclusion on a global scale,” said Rafael.
Shivani Siroya, CEO and Founder of Tala, is a pioneer in financial technology, renowned for empowering underserved communities through access to credit and essential financial tools. Her leadership in leveraging data-driven innovation aligns seamlessly with Airtm’s vision of creating more equitable financial opportunities. “Empowering underserved communities has always been at the core of my work, and Airtm’s mission resonates deeply with me. I’m thrilled to join the Board and work alongside such a dynamic team to expand access to financial tools that truly make a difference in people’s lives,” said Shivani.
The post Airtm Enhances Its Board of Directors with Two Strategic Appointments appeared first on News, Events, Advertising Options.
-
Fintech PR5 days agoGCL Energy Technology and Ant Digital Technologies Launch First Blockchain-Based RWA Project in Photovoltaic Industry
-
Fintech PR4 days ago2025 Will See Increased QR Code Payments but Payment Card IC ASPs Will Not Return to Pre-Covid Levels
-
Fintech PR4 days agoBybit Champions Web3 Innovation and Strengthens Ties with Asia’s Crypto Community at Taipei Blockchain Week
-
Fintech PR5 days agoH.I.G. Realty Announces Strategic Partnership with Queen Mary BioEnterprises Innovation Centre in London
-
Fintech PR5 days agoCKGSB Successfully Hosts 2024 MBA Professor Training Program for Western China
-
Fintech PR2 days agoMarkets Show Resilience Ahead of End-of-Year Options Expirations: Bybit x Block Scholes Crypto Derivatives Report
-
Fintech PR3 days agoSinopec Completes Construction of China’s Largest Petrochemical Industrial Base
-
Fintech PR2 days ago2024 Global Youth Design Contest on Chinese Characters Themed “Guiyang in Characters” Successfully Concluded