Bentsen called CARDS "an invasion of privacy, raises significant cyber risk and ... effectively a sledgehammer approach."

It looks as if Financial Industry Regulatory Authority’s reproposed plan to collect broker-dealer account data through its Comprehensive Automated Risk Data System (CARDS) will continue to be a hot-button issue as the Securities Industry and Financial Markets Association looks forward to 2015.

CARDS, which was the focus of SIFMA’s critical letter to FINRA on Monday and two prior comment letters, was the top discussion topic during SIFMA’s state of the industry press briefing Thursday morning in New York.

“I think [FINRA is] beginning to recognize that there is a great deal of concern from the industry and the general public,” said Ken Bentsen Jr., president and CEO of SIFMA, at the press briefing. Adding, “We are going to continue to raise concerns and questions and objections.”

In late September, FINRA released the second iteration of its controversial CARDS plan and sought comments on it through Dec. 1. CARDS would be a rule-based program that would allow FINRA to collect — on a standardized, automated and regular basis — account information, as well as account activity and security identification information, from firms.

“I think you’ll also note that there’s pretty broad-based opposition to this big data approach to trying to collect all investor data on a monthly basis to be held in one quasi-government central data repository that our members feel is an invasion of privacy, raises significant cyber risk, and is effectively a sledgehammer approach to what FINRA has described as trying to identify much smaller problems at significant cost,” Bentsen said.

SIFMA believes the costs associated with implementing and maintaining CARDS is much higher than FINRA has estimated. SIFMA retained IBM to perform a detailed cost-benefit analysis of the CARDS proposal, estimating that Phase 1 of CARDS will cost the industry $680 million to build and $360 million annually for ongoing maintenance.

Bill Johnstone, chair of SIFMA’s board of directors, said, “Certainly there’s a concern about cost. We think the cost of implementing the system would be substantial, the cost of maintaining the system would be significant.”

Johnstone, along with Ira Hammerman, executive vice president and general counsel of SIFMA, went on to discuss the serious security issues they and their members see with the CARDS program.

“I’ve talked to a lot of our clients and there’s very significant concern from the clients about having a quasi-governmental agency having all this information, and skepticism about their ability to protect it,” Johnstone said. “Whatever the perceived benefits, our clients are saying they’re not in favor.”

Once FINRA has information like securities transactional information, account balances and money movements for every brokerage account in the United States, Hammerman asked, “how do you protect that information?”

“So if you’re one of the 90 million individual investors that they’re out there to protect and if you’re an institutional investor, CARDS would provide FINRA on a monthly report an exacting level of the most intimate detail,” Hammerman added. “That is a big concern, having that type of sensitive data maintained by a ‘quasi-governmental agency.’ An agency that can share that data with the government and other interested folks.” Hammerman sees this program as an easy target for cyber criminals to hack.

“Literally not a day goes by that we don’t read about some hacking incidence,” he said. “To have literally in one warehouse, one honeypot, all of these hundreds of millions of accounts’ information at one place that the cyber criminals can try and attack, does not make sense in our opinion.”

Hammerman noted that the recent CARDS comment letter was just one of more than 130 comment letters that SIFMA files each year.

So, what are other items on the forefront of SIFMA’s attention?

  • Cybersecurity: “This is an area where the industry has spent a great deal of time and effort over the past several years but nonetheless is an area where we continue to see increasing risk, increasing level of attacks. It’s something SIFMA undertook as a major initiative over the last year,” said Bentsen.
  • Market structure: “Earlier this summer we came out with principles for reform of U.S. equity market structure, notwithstanding the fact that U.S. equity markets today are much more efficient than they have been in any time,” Bentsen said. He said there are complexity issues as well as questions around technology and transparency that could “affect investor trust and confidence, and our members feel strongly that the SEC and industry should take steps to address those concerns.”
  • Senior investors: “This is an emerging issue,” said Bentsen. SIFMA has created a working group to exchange ideas and best practices when dealing with elderly clients and to work with regulators to collaborate on how to address older investors. “Our hope is from this effort of working with our regulators that we can develop policies and processes to address an issue that all of our member firms, and society more broadly, are having to address,” Bentsen said.

— Check out FINRA Responds to SIFMA’s Latest Critiques of Proposed Data System on ThinkAdvisor.