In the face of fierce opposition from industry bodies, Wall Street watchdog Finra appears to be backtracking on proposals to introduce an automated data collection system designed to help identify risky and suspicious activities.
First proposed in 2012, the Comprehensive Automated Risk Data System (Cards) plan would require brokerage firms to hand over huge amounts of customer account data - although not personally identifiable information - in an automated, standardised format.
Industry-funded regulator Finra argues that the system would boost investor protection and ensure market integrity by allowing it to identify and quickly respond to high-risk areas and suspicious activities that it might not identify through normal surveillance and examination programmes.
The proposals have attracted strong opposition from market participants. Drawing on research it commissioned from IBM, trade lobby Sifma in December noted that, even without personal identifiable information, Cards data includes sufficient detail for an attacker to reverse engineer an investor's identity for fraud, market manipulation and other crimes.
The IBM research also suggests that the costs of Cards would be far greater than Finra estimates. For phase one of the project, for clearing and carrying firms alone the cost would be approximately $680 million for the build, with $360 million required for labour, infrastructure, and storage to maintain the reporting regime annually.
In testimony before a Congressional capital markets subcommittee meeting, Finra chairman and CEO Richard Ketchum said the agency was meeting with industry and investor groups as well as individual firms "to ensure that we understand all the concerns raised...We understand and share the concerns raised around the potential ability of bad actors to access information that could possibly be reengineered to identify individuals."
As a result, he says, Finra is conducting additional analyses and engaging third-party experts to explore "alternative approaches". Finra is also reviewing the feasibility of meeting its objectives by using existing data sources, says Ketchum, and the data that will become available when the new Consolidated Audit Trail is implemented. This latter ambition could take some time, since the CAT plan is itself mired in red tape and already years behind schedule.
Ketchum concludes: "To be clear, we will not move ahead with the present form of the proposal and will not move forward with an amended version until we conclude that the concerns raised in the comments have been addressed."