mopdf.com

BIG DATA BIG PICTURE BIG OPPORTUNITIESWe see big to continuously boil down the essentialimprovements until you achieve sustainable growth! 617.237.6111 [email protected] databoiler.comcourt cases,25 FINRA and presumably all SROs remain subject to liability should claim(s) arises as a result of privatebusiness or commercial conduct. The SROs’ immunity from private civil actions applies ONLY when they are actingwithin their delegated authority.26 How courts apply a “functional test” to determine whether an SRO is entitled toimmunity from burdens of litigation or civil damage suits may be a controversy here. If in the case of SROs’ executive(s) orstaff(s) or contractor(s) willful misconduct, gross negligence, bad faith or criminal acts related to CAT, SROs shouldNEVER be immune under those circumstances because these are not part of their arbitral and prosecutorial authority.Given FINRA replaced Thesys Technologies (a private company) as the CAT processor indeed signified that FINRA and CATLLC are in effect conducting private business. We argue such commercial conducts must subject to corresponding risksand civil claims in the case of liability.When we rebut the Charles River Associates’ Economic Analysis (CRAEA) on their estimates of “greater than 100 milliondamage or 95% percentile loss may misguide policy makers info falsely believing the risks may possibly be accepted whenit should not” in our January 27, 2021 comments.27 We are thinking of the temptation for function creep28 and the realismof various adverse scenarios29 if happened to CAT may potentially destabilize our capitalistic system and economy. Onthe other hand, we have the following picture in mind:Outsized risks of thiselephant cannot beaccepted, insurers refuseliability coverage.CAT participants seekimmunity and ways outby transferring risks toIndustry Members.Industry Members cannotabsorb the risk and has noway to mitigate risksoutside of their controls.Shouldn’t this be a CAT, not an Elephant in the first place? What can be done to ensurefit-for-purpose and proper security protection, so risks would be mitigated accordinglyrather than being forced to accept or unnecessarily transferring the risks to ordinaryinvestors that have nothing to do with risky or abnormality of trading activities.25Weissman v. Nat’l Ass’n of Sec. Dealers, 468 F.3d 1306, 1312 (11th Cir. 2006); see also Sparta Surgical Corp. v. Nat’l Ass’n of Sec.Dealers, 159 F.3d 1209, 1213 (9th Cir. view.uchicago.edu/files/77-2-SRO dex htm ity.pdf28The defined purposes of accessing CAT should be much narrower than the broadly defined “regulatory purposes”. Using tax filingto the Internal Revenue Service (IRS) as an illustrating analogy, the IRS asks for income information, but would not ask for the completecustomer and supplier lists and detail transactions unless the party is being summoned in court. Therefore, we argue that there shouldbe no access to CAT for ‘market surveillance’ purpose prior to identifying symptoms of irregularity that are substantiated by data atSecurities Information Processors/ Competing Consolidators and/or analytical procedures at SROs/ the SEC.29The CRAEA failed to account for scenario, such as the Edward Snowden case where information from CIA systems got exposed toWikiLeaks. The CRAEA also neglected the scenarios, such as the 2015-2016 SWIFT banking hack, where hackers used stoleninformation of a foreign central bank to initiate the scam/ scandal to theft on the Federal Reserve Bank of New York; or Market Chaossuch as the GameStop phenomenon if it may allegedly involve foreign adversaries. We can go on-and-on with additional scenarios andpotential exploitations or abuse of CAT. In any case, the SEC’s proposed standard Limitation of Liability Provisions (LLP) to the ReporterAgreement and Reporting Agent Agreement is inconsistent with the Exchange Act because these threats could escalate into NationalSecurity issues which are outside the jurisdiction of the SEC.P.O. Box 181, North Weymouth, MA 02191Page 4 of 13 (Public)

BIG DATA BIG PICTURE BIG OPPORTUNITIESWe see big to continuously boil down the essentialimprovements until you achieve sustainable growth! 617.237.6111 [email protected] databoiler.comNevertheless, neither the SEC nor the SROs have rights above the U.S. Constitution. Please be reminded that the FourthAmendment right to be free of unwarranted search or seizure, recognized by the Supreme Court as protecting a generalright to privacy.9 No-one wants his/her data be used by regulator(s) to develop policies that potentially may discriminateagainst him/her. Suspicion of crime or anticipation of market turmoil should begin with some basis or require ‘searchwarrant’ before permissible collection or surveillance on information that would otherwise be considered as private.Unlike census, collection of non-public and PII by CAT for all trade activities without express consent by the investors is anintrusion of one’s privacy. Stakeholders of CAT should NOT be placed above the law.According to a recent National Security Commission on Artificial Intelligence Final Report30, “The reach of tools that China,for instance, uses to monitor, control, and coerce its own citizens—big data analytics, surveillance, and propaganda—canbe extended beyond its borders and directed at foreigners. Without adequate data protection, A.I. makes it harder foranyone to hide his or her financial situation, patterns of daily life, relationships, health, and even emotions. Personal andcommercial vulnerabilities become national security weaknesses as adversaries map individuals, networks, and socialfissures in society; predict responses to different stimuli; and model how best to manipulate behavior or cause harm. Therise and spread of these techniques represent a major counterintelligence challenge.”This is America, not a communist country that performs massive government surveillance.31 To be consistent with §11Aor any other provision of the Securities Exchange Act of 1934, we think the SEC has full authority to pursue, without worryof other U.S. regulatory authorities’ objection, to demand better Suspicious Activity Report (SAR) from Broker-Dealers(BDs) and/or order improvements of BDs’ trade controls or fulfill certain compliance requirements. We also think the SEChas rights (without stepping on other agencies’ jurisdictions) to adopt the “A-Z” clauses that we suggested in Appendix 1,as part of the minimum requirements for CAT NMS Plan’s principle based rules rather than the Enhanced Data Securityproposal which makes specific reference to an outdated revision 4 of SP800-53 by the NIST.8 However, the CAT NMS Planin its current form or the application of the captioned proposal(s) may be in contradiction with the Department ofJustice’s latest edition of the Privacy Act of 197410 and other applicable laws and new bills11.C. CAT’s Funding does NOT have to be a “Sh*t hit the fan” scenario, there are better alternativesAt Data Boiler, we despise the mentality of stop trying when there is still room for improvement. Attempt to “allocate”risks (shift liability disproportionally) to industry members who are NOT users of CAT and have NO control over potentialsecurity breach caused by CAT participants, external hackers, or in case of CAT system failure is UNFAIR. If we compare thecurrent CAT design with our “A through Z” requirements per Appendix 1, we see significant deficiencies and ineffectivecontrols requiring immediate attention. We are not sure if that’s the reason why the CAT operating committee seems tohesitate to respond to each of our 26 suggestions17, but to resolve CAT’s challenges, it takes not just cooperation andcollaboration, but development and deployment efforts.CAT participants and Industry Members do not have to worry about heightened costs related to improving CAT’s systemand security and privacy controls, because creative design such as our alternative suggestions per Figure 2 of ourNovember 30, 2020 comments or Appendix 2 in this letter, would innovate the approach to analyze suspicious tradingbehavior and unusual market events directly and quickly, as well as yield substantial savings while enhancing security forall parties. In turn, the essential data stored at CAT would be much more manageable, data control would be more robust,and by then, insurers should be more willing to provide liability kipedia.org/wiki/Mass surveillance in ChinaP.O. Box 181, North Weymouth, MA 02191Page 5 of 13 (Public)

BIG DATA BIG PICTURE BIG OPPORTUNITIESWe see big to continuously boil down the essentialimprovements until you achieve sustainable growth! 617.237.6111 [email protected] databoiler.comRegarding CAT’s funding model, both the original and the revised proposal are like the Financial Transaction Tax (FTT).32The plan is simply tolling everyone in the industry, which will ultimately be passed-down to the end-investors. Wequestion why the CAT operating committee, a CAT governing body composed of ONLY representatives of the SROs, wouldhold concentrated power on the Funding Authority as set out in §11.1?33 We challenged the Article XI §11.2 FundingPrinciples being insufficient to check against the CAT operating committee’s legislative power to (a) approve budget ofCAT and (b) establish fees for themselves as well as for all industry members, the committee’s executive power in (c)imposing and collecting of all Consolidated Audit Trail Funding Fees, and the judicial right to (d) assign and change the tierassigned to any particular Person, resolution of disputes upon reasonable notice to such Person. Even though the SROs arerequired to file the fee schedules with the Commission, such unchecked power34 of the CAT operating committee wouldnot ease the public or the industry community’s concerns for potential biases.If the CAT operating committee’s funding authority under Article XI §11.1 is a delegated power conferred by the SEC toperform a public duty, then we have the following concerns and/or questions:i.Bifurcated Cost Allocation is Inequitable and Proposed Minimum for Industry MembersWhy are the CAT fees not imposed on the direct recipients of those that receive benefits from such services butrather a ‘tax’ on all industry members? Whether CAT participants should or should not be the direct recipients ofCAT benefits is also arguable given the rationale we stated in Part A of this letter.a) If the CAT fee is related to supporting the SEC to “rapidly reconstruct market events/ trading activity” beyondusing the public available data, then the Commission may subscribe to the SROs’ proprietary feeds for anynon-public data, or seek expressed consent to voluntarily share, or use of its permissible authority to summonthe relevant private information.b) If the CAT fee is related to “facilitating risk-based examinations” and/or “improving abilities for evaluating tips,complaints and referrals of potential misconduct made to regulators, monitoring and evaluating changes tomarket structure”, then the SEC and SROs may go back to the Congress for funding or pay for it usingcollected fines, penalties, and intragovernmental fees, but not “user fees”.c) If the CAT fee is related to “better identification of potentially manipulative trading activity, increasedefficiency of cross-market and principal order surveillance”, then private surveillance businesses affiliatedwith Exchange Groups stand to receive benefits from CAT, hence they should pay the most if not all of suchCAT costs. The SEC and other SROs shall have choice to use peers’ surveillance system, or build their own orbuy from other private vendors.d) If the CAT fee is related to “improving efficiencies from a potential reduction in disparate reportingrequirements and data requests”, then it should be segregated into regulators’ portion and the users’ portion.If CAT is constituted as one of the “user fees” imposed by the SEC and/or SROs, then according to theGovernment Accountability Office (GAO), these “fees assessed to users for goods or services provided by theFederal Government are deposited to the Treasury as miscellaneous receipts and are generally not availableto the nt/uploads/STA-FTT-Letter-FINAL-03 16 files/2015/10/leadership-xtufp4.pdf35Fees assessed under the authority of the Independent Offices Appropriation Act of 1952 (codified at 31 U.S.C. § 9701), rather thanunder a specific authorizing statute, must be deposited to the Treasury as miscellaneous receipts and are not available to the agencyor program that collected the fees, unless otherwise authorized by law.33P.O. Box 181, North Weymouth, MA 02191Page 6 of 13 (Public)

BIG DATA BIG PICTURE BIG OPPORTUNITIESWe see big to continuously boil down the essentialimprovements until you achieve sustainable growth! 617.237.6111 [email protected] databoiler.comIf the SROs argue that CAT fee setting, collection, and dispute resolution are common commercial practices thatthey should have full discretion, then, CAT would not be part of their arbitral and prosecutorial authority. Hence,the SROs should not enjoy immunity related to their private businesses and the industry members shall thenhave choice (under antitrust laws), including rights to opt-out of CAT given they are not even users of the CATsystem. If CAT fee/ minimum is a “pay to play” bundled cost to participate in a market, then this “tax” is a barrierof entry inconsistent with the competition, capital formation, and other goals of the Exchange Act.ii.The allocation and minimum are undue burden on Industry MembersOther than a negotiable portion of point “C(i)(d)”, CAT has no reason to allocate an inequitable36 75% of CAT costto Industry Members. The proposed 125 per quarter ( 500/ annum) minimum to Industry Members hits 225industry members in the bottom population (18.2% of 1237). There will be 792 industry members (64%) paying 1penny to 86 cents above the minimum per quarter under the proposal. If counting from industry members #37 tothe #1237 (97.1%), they generate 3.33% of message traffic, but will be required to pay for 4.26% of aggregatedindustry member fees under the proposal. It is a huge wastage in CAT billing and other administrative functions tocollect these “de Minimis” fees or minimums from small industry members; it proves that the proposed fundingmodel is inconsistent with funding principle §11.2(d).Also, why should smaller firms subsidize the top 36 elites whom generate 96.67% of message traffic but will pay95.74% of aggregated industry member fees after the discounts? Some of the top elites already receive 32 milsuper-tier rebates and other favorite treatments to compensate for their market making efforts and order flowcontributions in the price discovery process. The CAT operating committee’s proposal with discount, maximumcap, minimum, and other adjustments would further exacerbate the inequalities in the market37. Establishmentof funding model without involvement of industry members and the public may raise public concerns or potentialnegative impression that CAT being a “private party” among elites to seek unfair advantages over others. Contrastto serving the public interest, rulemaking to seek sole benefit for the government agency or the affiliated SROsshould be prohibited.We suggest adding a new CAT funding principle 11.2(g) about CAT costs allocation should be in proportion withspecific public benefits received, i.e. not private benefits of CAT participants; and those that have higher implicitrisk and vulnerability to potential conflicts of interest must be charged higher fees than others, to cover what isnot already funded by fines and settlements from abuse or other securities law violation cases.iii.Proposed CAT Participants allocation versus Our Counter SuggestionsWe argue against both the original “execution venue” concept and the proposed “message traffic” concept. If CATNMS Plan is meant to prevent future flash crashes, curb suspicious trading behavior and unusual market events,then why should one who is doing things fairly and squarely be subjected to regulatory scrutiny and CAT costburden? CAT funding model should be driven mainly by fines and settlements. We believe the Commission’scurrent operating cost is also supported substantively by fines and settlements. So fines and settlements shouldbe deemed acceptable revenue streams to cover CAT LLC costs satisfying the Article XI §11.2 funding principles.If fines and settlements are insufficient to cover all CAT costs, then the SEC and CAT operating committee mayconsider imposing a negotiable portion of an earlier mentioned point “C(i)(d)” cost to those based on kelvin-to/P.O. Box 181, North Weymouth, MA 02191Page 7 of 13 (Public)

BIG DATA BIG PICTURE BIG OPPORTUNITIESWe see big to continuously boil down the essentialimprovements until you achieve sustainable growth! 617.237.6111 [email protected] databoiler.comand number of suspicious activities reported on the Suspicious Activity Reports (SAR). Those who under reporton SAR should get increased fines. We think those who “operate at the edge” and have higher risks for potentialconflicts of interest, should bear much of CAT cost given the extra efforts in deciphering their complex activitiesas compared to firms with a simpler business model. Indeed, smaller players who do not accept or pay paymentfor order flow (PFOF) and who are not entitled to access fee rebates deserve appropriate subsidies, so there willbe a sustainable pipeline of emerging broker-dealers to participate in the markets.a) Categorization of ATS, Market Making Discount, and Maximum are UnjustRegarding Alternative Trading Systems (ATS), we think Dark pools introduce higher implicit risks due to theirlack of transparency and vulnerability to potential conflicts of interest38 than Lit venues. Therefore, dark poolsshould

BIG DATA BIG PICTURE BIG OPPORTUNITIES We see big to continuously boil down the essential improvements until you achieve sustainable growth! 617.237.6111 [email protected] databoiler.com The CAT’s technical 12design since 2012 as a golden-source while well intended (or