skip to main content

H.R. 3973 (115th): Market Data Protection Act of 2017

The text of the bill below is as of Nov 13, 2017 (Passed the House).

Summary of this bill

Source: Republican Policy Committee

H.R. 3973 requires the Securities and Exchange Commission (SEC), the Financial Industry Regulatory Authority (FINRA), and the operator of the Consolidated Audit Trail (CAT), in consultation with the SEC’s Chief Economist, to develop comprehensive internal risk control mechanisms to safeguard and govern the storage of market data, market data sharing agreements, and academic research using market data. The legislation also prohibits market data reporting to the Consolidated Audit Trail until the operator develops internal control mechanisms.

In April 2016, the Government Accountability Office identified weaknesses in the SEC’s information security protocols and noted the failure to implement an agency-wide data security program. In May 2017, Chairman Clayton ...



1st Session

H. R. 3973



To amend the Securities Exchange Act of 1934 to require certain entities to develop internal risk control mechanisms to safeguard and govern the storage of market data.


Short title

This Act may be cited as the Market Data Protection Act of 2017.


Internal risk controls

The Securities Exchange Act of 1934 (15 U.S.C. 78a et seq.) is amended—


by inserting after section 4E the following:


Internal risk controls


In general

Each of the following entities, in consultation with the Chief Economist, shall develop comprehensive internal risk control mechanisms to safeguard and govern the storage of all market data by such entity, all market data sharing agreements of such entity, and all academic research performed at such entity using market data:


The Commission.


Each national securities association registered pursuant to section 15A.


The operator of the consolidated audit trail created by a national market system plan approved pursuant to section 242.613 of title 17, Code of Federal Regulations (or any successor regulation).


Consolidated audit trail prohibited from accepting market data until mechanisms developed

The operator described in paragraph (3) of subsection (a) may not accept market data (or shall cease accepting market data) until the operator has developed the mechanisms required by such subsection. Any requirement for a person to provide market data to the operator shall not apply during any time when the operator is prohibited by this subsection from accepting such data.


Treatment of previously developed mechanisms

The development of comprehensive internal risk control mechanisms required by subsection (a) may occur, in whole or in part, before the date of the enactment of this section, if such development and such mechanisms meet the requirements of such subsection (including consultation with the Chief Economist).

; and


in section 3(a)—


by redesignating the second paragraph (80) (relating to funding portals) as paragraph (81); and


by adding at the end the following:


Chief economist

The term Chief Economist means the Director of the Division of Economic and Risk Analysis, or an employee of the Commission with comparable authority, as determined by the Commission.


Passed the House of Representatives November 13, 2017.

Karen L. Haas,