The financial services industry's main lobbyist group is warning that a proposed FINRA data system could put sensitive client information at risk of exposure, and burden financial services firms with new costs.

As it's currently defined, the proposed comprehensive automated risk data system, better known as CARDS, would require clearing firms to regularly send information about clients' accounts, such as the type, investments involved and trading activities. This would enable FINRA to analyze brokerage data collected in CARDS in order to identify red flags, such as sales misconduct, and shift some work away from on-site examinations, according to the self-regulatory organization's documents and its website.

But SIFMA contends that the proposed system will introduce as many problems as it might resolve.

"CARDS would be a massive and invasive regulatory undertaking with serious privacy implications for the general public and added technology costs and regulatory burdens for the financial industry," Ira Hammerman, SIFMA's executive vice president and general counsel, said in a statement. "Without more information on the intent and structure of CARDS, we cannot do the necessary analysis to support the proposal."

SIFMA argues that there will be significant technology costs associated with CARDS for firms, as they will have to add or modify existing data systems, create new storage capacity and hire additional personnel maintain those systems.

"These efforts inevitably will create new overhead for member firms (both clearing firms and introducing brokers) and the costs ultimately will be borne by the investing public," SIFMA said in a comment letter sent to FINRA.


The association also warns that collecting clients' investment activities in one place could put their privacy at risk and argues that FINRA hasn't made clear how it will protect clients' information during transmission or during storage.

"The information that will be requested through CARDS is a roadmap to an individual's financial life and virtually all investors' information will be housed in one place," said SIFMA, adding that "the list of possible harms that could result from a breach, given the breadth of data covered by CARDS, is only limited by the imagination."

There will also be overlap in the data collected by CARDS and other systems, such as the Consolidated Audit Trail, says SIFMA. The association argues that FINRA should first review the information already being collected by regulators before creating a new data system that will add to the regulatory requirements faced by firms.

FINRA first requested public comment on CARDS in December.  The self-regulatory organization removed requirements for account addresses and tax identification number from the proposed system in February and asked for new feedback. The most recent comment period ended on Friday.

In an email, a FINRA spokesman said: "FINRA remains very committed to the CARDS initiative and believes it is the path forward in ensuring the most effective regime for investor protection. We have been engaged with firms on a regular basis in terms of hearing feedback and appreciate SIFMA's constructive discussion of the issues posed by this proposal. We look forward to discussing the issues with SIFMA and the industry as we move forward."


Read more: