An influential Wall Street interest group told Finra on Monday to withdraw its proposal for a massive customer-data-collection system.
In a Dec. 1 comment letter, the Securities Industry and Financial Markets Association said the Financial Industry Regulatory Authority Inc. does not have the authority to pursue the initiative, known as the Comprehensive Automated Risk Data System. It also said CARDS would substantially increase regulatory costs for financial firms while potentially exposing sensitive customer information to cyberattacks.
“SIFMA believes that Finra's CARDS proposal would impose undue costs and burdens on the member firms, and is an attempt to diagnose a regulatory ill without appropriately accounting for the impact on investor privacy and civil liberties, and should not be filed with the Securities and Exchange Commission,” wrote Ira Hammerman, SIFMA executive vice president and general counsel.
Mr. Hammerman continued: “Most troubling is that CARDS would require the continued and regular disclosure to Finra of the most intimate financial details for every investor's securities account, would be aggregated and stored on Finra's computer system, thereby creating a centralized, prime target for computer hackers and nation-state sponsored cyberterrorists.”
As for the price tag, an IBM analysis conducted on SIFMA's behalf of 16 firms representing both large and small enterprises showed that the mean cost for a financial firm to implement CARDS would be $3.4 million, and the annual cost to run and maintain the system would be $1.8 million.
“CARDS would require another new, expensive and standardized technology system to be built by the industry while the industry already produces mass quantities of data and reports to Finra, the SEC and other self-regulatory organizations on a regular basis,” Mr. Hammerman wrote.
The system also would encourage regulatory creep by Finra, Mr. Hammerman suggested.
Under current rules, brokerages are responsible for monitoring the activities of their advisers and detecting sales-practice abuses, while Finra reviews supervisory systems. CARDS could put Finra in a different position by giving it “every trade, every account balance and every money movement of every customer of a broker-dealer.”
“CARDS would drastically change that paradigm and potentially position Finra as the first level resource for regulator supervision of activity at the individual account level,” Mr. Hammerman wrote.
SIFMA's frontal attack on CARDS contrasted with the comment letter submitted Monday by the Financial Services Institute. The FSI, an organization representing independent broker-dealers, did not call for Finra to scuttle the CARDS proposal, although it outlined several recommendations to improve it.
“FSI members support Finra's investor protection goals, and are interested in providing essential input and suggestions for Finra to create a system that will allow it to achieve its vision,” wrote David Bellaire, FSI executive vice president and general counsel.
Monday was the deadline for comment letters about Finra's implementation proposal for CARDS.
Finra has made the system a priority. Under CARDS, Finra would regularly collect reams of customer-account data from clearing firms and brokerages, a process Finra said would enable it to detect more quickly dangerous industry trends and harmful product-sales practices.
Finra, the industry-funded broker-dealer regulator, modified the CARDS proposal, originally floated in December 2013, to ensure it would not collect information that could identify individual investors. It also said it would conduct a thorough cost-benefit analysis. The CARDS proposal would have to be approved by the SEC before it is implemented.
Like FSI, SIFMA suggested Finra expand its consolidated audit trail system with new “data fields” rather than set up CARDS separately.