FINRA CAT

Understand, validate and oversee CAT reporting with confidence

The Consolidated Audit Trail, (CAT) was established under SEC Rule 613 (17 CFR 242.613), and adopted in July of 2012, to enable regulators to efficiently and accurately track order and trade activity throughout US equity and options markets. CAT is the sole source of order audit trail data for these markets, having fully replaced OATS in 2024. TheCAT NMS Plan set out the operational obligations that apply to Participants and Industry Members.

For firms in scope, the challenge is not simply sending files to CAT. It is demonstrating that reportable events have been captured correctly across the full order lifecycle, that linkage and customer / account data is complete and accurate, and that the control framework around CAT submissions can withstand regulatory scrutiny. CAT is a highly operational regime with tight deadlines and detailed technical specifications.

What is CAT Reporting?

CAT reporting refers to the obligation to submit required CAT data to the Central Repository under SEC Rule 613 and the CAT NMS Plan. Rule 613 requires every national securities exchange and FINRA, together with their members, to record and report detailed order and execution data for regulators to be able to efficiently and effectively reconstruct market activity across all US equity and options venues.

The CAT framework is supported by the CAT NMS Plan, CAT technical specifications — currently v4.1.0 r15, covering 99 event types and 141 reportable fields — and related FAQs. Those materials are central to understanding how order events, linkage, customer and account information and corrections must be reported in practice.

Who is required to report under CAT reporting?

The CAT framework applies to the SRO Participants that maintain the CAT NMS Plan and to Industry Members / CAT Reporters that must submit required CAT data under the Plan and related compliance rules. FINRA Rule 6800 Series sets out the specific compliance obligations that apply to FINRA member firms. All FINRA-registered broker-dealers that receive or originate orders in NMS stocks, OTC equity securities or listed options must report, regardless of size. No size-based exemptions exist.

That means firms need to understand not only whether they are a CAT Reporter, but also which events, customer and account records and linkage obligations sit within their reporting population. For many firms, CAT is as much a books-and-records control challenge as it is a submission challenge.

Scope and US nexus

CAT applies to reportable activity in NMS stocks, OTC equities and listed options. Fixed income, futures, swaps, mutual funds, warrants and foreign exchange are currently outside scope. The reporting obligation is triggered when a firm receives or originates an order in a regulated product, routes an order to another broker-dealer or exchange, or executes a trade in a regulated product.

For firms operating across products, affiliates and order-handling models, that makes event classification, customer and account linkage, representative order treatment and internal system mapping especially important. In practice, firms need to be confident they can apply the CAT reporting model consistently across all relevant order and execution flows.

What must be reported?

CAT reporting requires the submission of reportable event data across the order lifecycle, together with the relevant customer, account and linkage information required under the CAT NMS Plan and CAT technical specifications. The current specifications (v4.1.0 r15) define 99 event types spanning equity orders, options orders, multi-leg orders, quote events, trade events and post-trade allocations across 141 fields.

In practice, that means firms need to control:

• order lifecycle events

• customer and account identifiers

• linkage between related events and orders

• representative order treatment

• corrections and resubmissions

• reconciliation-relevant fields across the full CAT record

• Customer and Account Information System (CAIS) data: Firm Designated IDs (FDIDs), hashed Transformed Input IDs (TIDs), and Large Trader ID (LTID) linkage. Full CAIS compliance has been mandatory since May 31st, 2024

• clock synchronization: electronic systems must be within 50 milliseconds of NIST atomic clock time (FINRA Rule 6820), with annual certification due by March 15th each year

Reporting deadlines

CAT operates a tiered deadline structure under Sections 6.4.1–6.4.3 of the CAT Technical Specification:

• Transaction events (NEW): T+1 by 08:00 AM ET on the next CAT Trading Day

• Error repairs (RPR): T+3 by 08:00 AM ET

• Firm-initiated corrections (COR): T+3 by 08:00 AM ET

• CAIS customer and account updates: T+3 by 05:00 PM ET

• Weekends and days on which all national securities exchanges are closed are not counted as Trading Days

Failure to repair errors by T+3 is one of the primary findings in FINRA’s 2025 and 2026 Annual Regulatory Oversight Reports and is an active exam focus area.

Is CAT reporting single-sided, dual-sided or delegated?

CAT is single-sided. Each firm reports its own side of each event only. Cross-firm linkage is achieved through shared identifiers — orderID, firmROEID, routedOrderID, senderIMID, receiverIMID and tradeID — rather than through counterparty reporting of the same event. This replaced the dual-sided model used under OATS for certain event types.

Firms may centralise reporting or use a Cat Reporting Agent (CRA), but responsibility for completeness, linkage and timeliness remains with the reporting firm in all cases.

Are there CAT reporting exemptions or reliefs?

Several material developments since CAT’s initial implementation are directly relevant to firms’ current obligations and rule coverage:

• CAIS Exemption Order (10 February 2025): The SEC granted exemptive relief from requirements to report customer names, addresses and years of birth for natural persons with transformed SSNs or ITINs.

• CAIS Amendment (filed 13 March 2025, amended 28 May 2025): CAT LLC proposed permanently eliminating name, address and year of birth from CAIS submissions while preserving cross-market surveillance capability through the CAT Customer-ID (CCID).

• 2025 Cost Savings Amendment (approved 1 April 2026): Reduces CAT operating costs by an estimated $55–$73 million annually through infrastructure and processing changes.

• CAT Tech Spec v4.1.0 r15: Added TXSE (Texas Stock Exchange) and 24X (24X National Exchange) as reportable venues.

Firms should verify that their validation logic and rule coverage reflect the current technical specification version and any applicable exemptive relief.

Consequences of non-compliance

CAT reporting failures create regulatory, operational and reputational risk, particularly where firms cannot evidence control over event capture, linkage, customer / account enrichment and reporting timeliness. CAT exists specifically to support regulators in reconstructing market activity, so poor data quality directly undermines a core supervisory objective.

FINRA’s 2025 and 2026 Annual Regulatory Oversight Reports identify the following as active exam findings: failure to repair errors by T+3; incomplete event reporting, particularly for options and multi-leg events; inadequate Written Supervisory Procedures (WSPs); failure to supervise CAT Reporting Agents; clock synchronization failures; and insufficient accuracy review processes. Firms that cannot demonstrate a defensible control framework across these areas face heightened examination risk.

For firms in scope, the expectation is clear: CAT reporting must be complete, accurate, timely and supported by a defensible control framework.

How En:ACT helps with CAT reporting oversight

En:ACT helps firms strengthen control over their CAT reporting obligations by ingesting raw transaction and order data from any source system, performing books and records reconciliation, and assessing all reportable events and fields against a rules gallery maintained in line with the current CAT Technical Specification — v4.1.0 r15, covering 99 event types, 141 fields and validation tests mapped directly to specific regulatory requirements.

Using transparent, regulator-linked logic, the platform identifies:

• event capture issues

• field-level errors

• cross-field inconsistencies

• linkage failures

• customer and account enrichment gaps

• timing breaches

• reporting anomalies

• timestamp granularity violations

Each identified issue is linked directly to the specific CAT requirement breached, giving firms a clear view of what is wrong, why it matters and where remediation is required.

En:ACT also ensures rules are kept up to date to reflect developments across:

• regulatory text

• regulator guidance

• consultation papers

• relevant industry papers

For CAT specifically, that means firms benefit from rule coverage maintained in line with Rule 613, the CAT NMS Plan and CAT technical specificationsupdated with each new release of the CAT Tech Spec and adjusted to reflect applicable exemptive relief and regulatory changes.

‍

Common CAT reporting challenges

Some of the most common CAT reporting issues include:

• incomplete event capture

• broken linkage between related orders and events

• incomplete customer or account identifiers

• representative order treatment errors

• late submission

• weak reconciliation between front-office records and CAT output

• clock synchronization failures and timestamp granularity violations

• failure to track and implement CAT Tech Spec version update

In many cases, the issue is not one bad field. It is a mismatch between the order lifecycle as it happened internally, the linkage logic applied to it and the final CAT record submitted to the repository.

‍

Why firms choose En:ACT for CAT reporting oversight

Firms use En:ACT because it gives them more than a validation tool. It provides a control framework around CAT reporting.

With En:ACT, firms can:

• test reporting quality against transparent rule logic

• reconcile source data to reported data

• identify issues before they become regulatory problems

• evidence control over linkage and customer / account enrichment

• benchmark reporting quality over time

• prepare for technical change ahead of go-live

• evidence clock synchronization and timestamp compliance

• maintain rule coverage aligned to the current CAT Tech Spec version

The result is stronger reporting assurance, better governance and a clearer line of sight from raw event data to CAT submission quality.

‍