SIFMA today submitted comments to the Financial Industry Regulatory Authority (FINRA) regarding FINRA's concept proposal to develop a Comprehensive Automated Risk Data System (CARDS).
While SIFMA supports FINRA's goal of utilizing technology to make it a more efficient and effective regulator, SIFMA cannot support the CARDS concept. More information as well as further analysis on how the system would be structured and utilized, and a better understanding of what existing FINRA-mandated systems would be replaced is necessary before proceeding any further.
CARDS calls for the development of a new system to collect, on standardized, automated and regular basis, sensitive information regarding retail customer brokerage accounts, including customer profile information, account activity and account balances and holdings, among other data.
"CARDS would be a massive and invasive regulatory undertaking with serious privacy implications for the general public and added technology costs and regulatory burdens for the financial industry. We appreciate that FINRA has recognized the scale of this initiative by introducing CARDS as a concept release and seeking the industry's feedback," said Ira Hammerman, executive vice president and general counsel at SIFMA.
Hammerman added, "The concept proposal raises serious questions about data security and privacy issues for retail investors, as it would create a centralized location for highly personal, private and sensitive consumer financial data. Further, CARDS would require tremendous resources from the financial industry, and it's not clear why existing systems or the new required Consolidated Audit Trail system couldn't be used to accomplish FINRA's goal. Without more information on the intent and structure of CARDS, we cannot do the necessary analysis to support the proposal."
SIFMA's letter further outlines the Association's views on the CARDS concept proposal:
Process for Vetting CARDS: SIFMA strongly urges FINRA to follow the normal notice-and-comment rulemaking process in adopting CARDS. If FINRA moves forward, SIFMA urges FINRA to continue to work closely with the industry to address the techress the technical, compliance and legal questions prior to the proposal being published for comment as a proposed rule.
Duplicative, Superfluous Reporting: SIFMA believes that before FINRA considers the implementation of a new, significant and costly reporting regime, FINRA should review all current reporting requirements to determine whether and how much of the information believed necessary to meet the intended purposes of CARDS is already being collected through one or more existing reporting systems.
CARDS vs. CAT: CARDS could overlap with the Consolidated Audit Trail that is currently being developed. FINRA does not clearly articulate a rationale for having CARDS as a separate collection mechanism and repository of information.
Costs: SIFMA is very concerned about the likely significant technology and compliance costs of implementing CARDS - both from a start-up perspective and on an on-going basis.
Data Security Concerns: Perhaps more daunting than the potential technological challenges of implementing FINRA's undefined reporting requirements is protecting the sensitive information outlined in the proposal. SIFMA believes that FINRA does not sufficiently address the data security concerns associated with CARDS, especially in light of broad governmental policy objectives related to the security of financial data.
Privacy Concerns: CARDS raises serious issues under foreign and state privacy laws, regardless if CARDS collects or stores personally identifiable information. The information that will be requested through CARDS is a roadmap to an individual's financial life and virtually all investors' information will be housed in one place
Data Standardization: SIFMA is concerned about issues associated with data quality and data standardization. Currently, there is no uniform regulatory standard for the format of and approach to information that must be gathered regarding issues such as account objectives and risk tolerance.
Clearing Firm Concerns: The concept proposal suggests that clearing firms will be conduits for the submission of data on behalf of introducing firms but does not provide sufficient details for firms to understand the actual technical requirements of such a role. If CARDS is adopted and retains the conceptual approach that the customer information will be gathered by, and transmitted to FINRA by, clearing firms, it must be made clear that clearing firms are simply conduits for passing the information from introducing brokers to FINRA and have no responsibility to review the information or to detect potential rule violations.
SIFMA's letter notes that without more information about required data elements, data standardization, other technical details regarding the reporting platform, data transmission methods, an analysis of other current and proposed reporting requirements, and an explanation of how the data will be stored, protected and used, SIFMA cannot conduct the necessary cost and benefit analysis of the proposal to conclude that the proposal should be supported.