More On Legal & Compliancefrom The Advisor's Professional Library
- How to Avoid Sabotaging Your Compliance Exam There is much more to compliance examination survival than knowing all of the rules. It helps to understand why the rules were put in placeand to recognize that examiners are not the enemy.
- Disaster Recovery Plans and Succession Planning RIAs owe a fiduciary duty to clients to prepare for disasters and other contingencies. If an RIA does not have a disaster recovery plan, clients financial well-being may be jeopardized. RIAs should also engage in succession planning, ensuring a smooth transaction if an owner or principal leaves.
Richard Ketchum, chairman and CEO of the Financial Industry Regulatory Authority, said Monday that while the self-regulator was moving ahead with its controversial Comprehensive Automated Risk Data System (CARDS) as it’s “the next step—and big leap forward—in the evolution” of FINRA’s risk-based regulatory programs, FINRA has created broker-dealer working groups and is "aggressively" seeking BD feedback to “get this right.”
Noting the more than 800 comment letters that FINRA received on its CARDS plan, Ketchum told the 1,000 attendees at FINRA’s annual conference in Washington that “your input is critical to us getting CARDS right. By giving us your feedback, you have an opportunity to contribute to the best solution possible. Please help us shape this.”
However, Ketchum said that while FINRA is “looking closely” at the cost and operational concerns that broker-dealers have raised, many commenters’ concerns “seem to me to be a tad one-sided.”
CARDS, Ketchum argued, “has the potential to be one of the most important investor protection tools to emerge in recent years,” and “strongly urged” BDs to view CARDS “through the broader lens of investor protection, rather than through the more narrow lens of how it affects your firm.”
That being said, Ketchum said that FINRA recognized “that costs tied to CARDS are a real issue for firms,” stating that’s FINRA has created a CARDS “pilot” and is talking to BDs about the “real, bottom-line impact” it may have on their firms.
CARDS would be a rule-based program that would allow FINRA to collect — on a standardized, automated and regular basis — account information, as well as account activity and security identification information that a firm maintains as part of its books and records.
CARDS, Ketchum said during his remarks, “will allow us to collect and manage data from firms in such a way that we can quickly identify trends and product concentrations that are harmful to investors and take swift, responsive action.”
The automated system would gather data from broker-dealers and clearing firms that the regulator can then use to spot potential problems with sales practices of individual BDs, branches and reps prior to onsite FINRA exams.
Indeed, Hardeep Walia, co-founder and CEO of Motif Investing and a member of both FINRA's Small-Firm Advisory Board and its Technology Advisory Committee, noted on a compliance panel after Ketchum’s speech that “there’s a lot of good that can come out of CARDS,” adding that “the power of CARDS is that it’s the next generation of regulation, which is technology.”
If “we can get it right and get safeguards around it, it will be the next-gen form of regulation” that other regulators can look to, he said.
Michelle Oroschakoff, chief risk officer of LPL Financial, noted on a separate panel on the top 10 regulatory issues that "if done right," CARDS "is going to be terrific" for the markets and for investors, allowing "more targeted [exam] sweeps." However, she said that advisors were already getting questions from their clients about CARDS regarding data privacy issues and that the "investing public is not as supportive of" CARDS as may have been thought.
After pushback, FINRA said in early March that it would modify its original approach by not collecting sensitive personally identifying information (PII) from the data it receives from CARDS, a point that Ketchum noted during his Monday remarks.
“We clarified that PII is not part of the proposal, so CARDS data will not include account names, addresses, tax IDs or Social Security numbers,” Ketchum said. “Thus, customer accounts will not be linked across firms. We know that CARDS will be effective without collecting this information.”
Ketchum said that the self-regulator has also heard BDs' concerns about the security “of such a large database.” However, Ketchum said that FINRA believes the security risk “is very low — and dispute[s] that CARDS could create systemic risk.”
Given that FINRA will not be collecting personally identifiable information, he said, “the chance that anyone could exploit what is, in effect, anonymous data for nefarious purposes is very small.”
But Paul Tolley, chief compliance officer of Commonwealth Financial Network, noted on a panel discussion about the top 10 regulatory issues that he's "not a fan" of CARDS, particularly due to its "privacy" concerns. "The sheer volume" of data in "such a huge database," if breached, could be a problem, he said. "There are some pretty sophisticated systems that have been breached," noting that such a breach of CARDS could spark market manipulation.
CARDS will also be launched “in stages,” Ketchum said, and the CARDS plan has been changed to allow firms to choose how they send data to FINRA. “You can send it to us through a clearing firm, you can send it to us through a service bureau or you can send it to us directly," he said. "It’s up to you.”
Firms raised concerns about having to send the data through clearing firms, with many BDs worrying about “the cost implications of working with a clearing firm, especially since nearly 2,000 firms don’t currently have clearing firm relationships,” Ketchum said.
While FINRA will provide firms with a “standardized file specification” for transmitting data, FINRA plans to permit “variability in the format of data related to suitability,” Ketchum said, which “stems from comments that introducing firms, in particular, use different terminology with respect to information about their customers.”
To address concerns about “direct business data and how the clearing firms would handle that data,” Ketchum noted that “in its initial phases, CARDS will not require firms to submit information about products not held at the firm,” such as variable annuities, direct participation programs and direct mutual funds.
Ketchum also addressed the question of why FINRA doesn’t first tackle implementing the consolidated audit trail (CAT) before CARDS.
The short answer, Ketchum said: “Unlike CARDS, CAT will not contain the kind of critical information about customer risk appetites, investment objectives, cash movements, margin requirements and position data that we need for our sales practice reviews,” he said. “Moreover, CAT needs to function on a near real-time basis. CARDS does not. To have it do so would be light years more costly than our current proposal.”