SIFMA says Sony hack is cautionary tale for CARDS

The recent cyberattack on Sony Pictures Entertainment holds lessons for Finra's pending data-collection proposal, SIFMA executive argues.
MAY 01, 2015
A recent cyberattack on Sony Pictures Entertainment did more than lead to the limited Christmas release for the movie “The Interview.” It also served as a cautionary tale for Finra's pending data-collection proposal, according to a major financial industry interest group. The Securities Industry and Financial Markets Association has been trying to stop Finra's Comprehensive Automated Risk Data System, which would enable the broker-dealer regulator to collect reams of brokerage account information on a monthly basis and analyze it for sales trends that could potentially harm investors. “Housing all this financial data in one place does not make sense,” Ira Hammerman, SIFMA executive vice president and general counsel, said in a recent interview. “The Sony hacking incident gives everyone involved a real-life, real-time reminder of what we've been saying in our comment letters over the last year or so.” The Financial Industry Regulatory Authority Inc. did not directly respond to Mr. Hammerman's assertion. It reiterated that it is reviewing comment letters and considering adjustments to CARDS. In its Sept. 30 regulatory notice on the proposal, Finra addressed data-security concerns. It pointed out that CARDS will not collect personally identifiable customer information, such as name, address or tax identification number. “In the absence of [personally identifiable information], Finra believes that CARDS would not contain information that would enable accounts to be linked across firms or that would reasonably enable a potential hacker to determine the identity of an account's owner,” the notice states. “Moreover, all data sent to Finra would be encrypted in transmission and after receipt in a way that would not permit anyone to read or interpret the data without the proprietary encryption keys.” Those reassurances are not enough for Mr. Hammerman. He worries about creating a central repository for information such as securities transactions, holdings and account profiles. “[Hackers] will figure out a way to link that sensitive information to some other database” and identify individual account holders, he said. “If the bad guys break into Finra, they've got everything.” Hackers will not be able to do harm directly from the CARDS database, Finra said. “Unlike financial firm account databases, access to the CARDS database would provide no ability for potential hackers to access or cause movements of either cash or securities,” the notice states. A cybersecurity expert said that not all businesses have the same vulnerabilities as Sony, but the episode should remind them all to reassess their defenses. “The attack demonstrates how problematic a major attack can be, even after all the attention that companies have devoted in recent months and years to improving cybersecurity,” John Villasenor, a nonresident senior fellow at the Center for Technology Innovation at the Brookings Institution wrote in an email. “That's a lesson that is certainly relevant to data collection in the context of providing brokerage services.” The Sony attack is not the only recent talking point SIFMA has utilized to bash CARDS. Last week, it released the results of an online survey conducted by Harris Poll from Nov. 18-24 that shows that 69% of 1,103 respondents opposed CARDS after they were read a description of the proposal. Most of the respondents were not initially familiar with Finra. Mr. Hammerman said the poll represented “the investors' voice saying 'thanks but no thanks' with respect to Finra proposing the CARDS system.” He defended a poll that required that participants be educated on a topic before giving an opinion, leaving SIFMA room to shape perceptions during the process. “We used a reputable firm,” Mr. Hammerman said. “There's total transparency with respect to the questions that were asked.” Finra released its own poll earlier in the fall showing that investors are willing to pay more for stronger regulation. “We will review the results of the SIFMA survey, as well as other investor surveys that are more broadly drawn, including comparing the results to a recent Finra survey on investor attitudes,” Finra spokesman George Smaragdis said in a statement. Finra, the industry-fund broker-dealer regulator, has not indicated when it will take the next step on the CARDS proposal, which ultimately must be approved by the Securities and Exchange Commission before going into effect.

Latest News

RIAs need to visit universities to attract students
RIAs need to visit universities to attract students

RIAs need to find universities that offer financial planning programs and sponsor or host events, advisor suggests.

Orion deepens Capital Group alliance with ETF portfolio tie-up
Orion deepens Capital Group alliance with ETF portfolio tie-up

The leading wealth tech provider is helping more advisors access active ETF models through its exclusive partnership.

JPMorgan client who lost $50M amid dementia battle denied trial
JPMorgan client who lost $50M amid dementia battle denied trial

Case of once-wealthy family highlights risks, raises questions on firms' duties to sophisticated investors suffering cognitive decline.

Stifel loses huge $14.2 million arbitration claim linked to star Miami broker
Stifel loses huge $14.2 million arbitration claim linked to star Miami broker

“The evidence in this case was overwhelming,” says an attorney.

$9B Gateway Investment Advisers names Julie Schmuelling president
$9B Gateway Investment Advisers names Julie Schmuelling president

The move marks the culmination of a decade-long journey for the new leader at the Ohio-based RIA and Natixis affiliate firm.

SPONSORED Leading through innovation – with Tom Ruggie of Destiny Wealth Partners

Uncover the key initiatives behind Destiny Wealth Partners’ success and how it became one of the fastest growing fee-only RIAs.

SPONSORED Client engagement strategies, growth and retention in the down markets

Key insights from Gabriel Garcia on adapting to demographic shifts and enhancing client experience in a changing market