The Competitive Enterprise Institute is calling on the Securities and Exchange Commission to completely eliminate its Consolidated Audit Trail program, arguing the sweeping surveillance system violates multiple constitutional amendments and exceeds the agency's legal authority. In regulatory comments filed June 22, 2026, CEI senior fellow Richard Morrison wrote that "whatever practical law enforcement or regulatory values the CAT may serve, they do not overcome the program's serious constitutional concerns and lack of statutory legitimacy." The organization argues the SEC should pursue "full elimination as soon as possible," comparing the CAT to other expensive and invasive compliance regimes across federal financial regulation.
The CAT requires routine collection and retention of detailed trading information on all investors without individualized suspicion, creating what the report describes as a centralized repository accessible to "over a dozen different organizations in the public and private sector" with "few concrete parameters on how they can use it." U.S. financial institutions filed 28.7 million reports under similar bank secrecy regulations in 2025, the comment notes, citing recent congressional testimony showing those reports led to just 275 investigations by the IRS Criminal Investigations division. The report argues that this pattern of collecting massive amounts of data from non-offending citizens with "only very small and diffuse results" mirrors the problems with the CAT. The SEC itself has suffered cybersecurity breaches to its EDGAR database and a former chairman's social media account, raising concerns about the vulnerability of centralized trading data.
According to Morrison, the CAT raises First Amendment concerns because "where Americans choose to invest their money can reveal their political and personal beliefs, such as divesting from certain industries for ethical reasons, supporting specific companies, or using strategies tied to environmental or religious principles." The report cites Supreme Court precedent in Americans for Prosperity Foundation v. Bonta and NAACP v. Alabama, arguing that compelled disclosure regimes may chill protected speech and association even when government asserts an administrative purpose. The comment also challenges the SEC's legal authority, noting the agency relies on Section 11A of the Securities Exchange Act of 1934—designed to fix a geographically fragmented trading system in 1975—but that "no statutory language authorizes SEC to order SROs to seize for later search investor-identifying information about every trade in the entire market." Morrison points out the claimed authority "lay dormant for a suspiciously long time, well over 30 years" before the CAT was implemented in 2014, suggesting the agency may be addressing what the Supreme Court considers a major question of public policy without express congressional authorization.
CEI frames the constitutional objections around Fourth Amendment protections against unreasonable searches, noting that searching trading patterns first and matching them to individuals later "should be no more lawful than police searching every home in a given area without a warrant and obtaining the names of the owners only after discovering evidence of illegal conduct." The report invokes Carpenter v. United States to argue that third-party involvement doesn't extinguish reasonable expectations of privacy in comprehensive, retrospectively searchable data. Commissioner Hester Peirce is quoted asking readers to imagine if "every time [we] went to the grocery store, convenience store, bookstore, or hardware store, those stores—under government orders—sent a complete, itemized list of what [we] bought and when [we] bought it to the government." The comment also raises Fifth Amendment self-incrimination concerns about compelled reporting that could later be used in enforcement proceedings and property rights issues around compelled disclosure of valuable private information.
The report draws explicit parallels to the SEC's climate disclosure rule, which the agency proposed rescinding in May 2026 after initially adopting it in March 2024. Both rules, Morrison argues, "would have mandated the creation of an extremely large database of information of dubious value, at great cost, with burdens resting on every regulated party regardless of underlying conduct." The Commission solicited comments on whether changes should be made to address "civil liberty, privacy, and confidentiality concerns; cost-efficient technology solutions; and cybersecurity considerations," and CEI's answer is unequivocal: the Consolidated Audit Trail should be "reformed via elimination."