Skip navigation
FINRA Releases New CARDS Proposal

FINRA Releases New CARDS Proposal

FINRA moved forward on its planned Comprehensive Automated Risk Data System (CARDS) on Tuesday, issuing a regulatory notice that outlines plans to implement the database initiative in phases.

According to the regulatory notice issued Tuesday, the first phase of CARDS will require carrying or clearing firms (approximately 200 firms, according to the regulator) to “periodically submit in an automated, standardized format specific information that is part of the firms' books and records relating to their securities accounts and the securities accounts for which they clear.”

The second phase of the CARDS initiative would require brokerage firms to submit the specified client account information either directly to FINRA or through a third party, according to the notice.  As previously released, FINRA says it will not be collecting customers’ personally identifiable information, including account names, account addresses and Social Security numbers.

When the second phase of the CARDS is implemented, brokerage firms will be responsible for sending FINRA information on clients as well, including individual investment time horizon, investment objective, risk tolerance, clients’ net worth, clients’ birth year and advisors’ compensation allocation for individual clients. 

FINRA anticipates it will cost the regulator up to $12 million to develop the CARDS database over a three year period. Clearing firms may have to spend up to $8 million to develop the systems needed to transmit the required data, as well as pay up to $2.4 million in annual mainenance costs. 

"It is critical that we work together to strengthen investor confidence, and the ultimate purpose of the data and analytic capabilities to be obtained through CARDS is to help protect investors' bottom line,” FINRA Chairman and CEO Richard Ketchum said in a statement. “Without collecting one iota of personally identifiable information, CARDS will help us quickly identify unusual trends and product concentrations—and take swift, responsive action.”

CARDS will help the regulator look at trends across the industry in a real-time way, Susan Axelrod, FINRA's executive vice president of regulatory operations, told attendees of FSI’s Advisor Summit on Monday (watch video of Axelrod outlining CARDS here). She noted FINRA also hopes to leverage the data gathered by CARDS in the examination process.

“In my 25 years as a regulator, there’s been no other issue where we have been as engaged, Axelrod said. “We’ve got two firms giving pilot data, six firms that are working on the data specs with us, we have 11 diverse firms making up our sounding board, we’ve met with FSI and will continue to meet with FSI, we’ve met with SIFMA, and we talk about it with all of our committees.”

Since its unveiling as a concept release last December, broker/dealers, industry groups and individual advisors have been critical of the draft proposal (over 800 comment letters were received on the first concept proposal), questioning how FINRA would handle the client account data, the security of such information and the costs of creating and maintaining a system of this size.

“Data security [is] a critical issue for every company in America today,” Axelrod said, but noted that FINRA has been receiving data for a number of years. She added that FINRA’s early decision to remove the personal identifying information requirement, particularly clients’ Social Security numbers, was helpful in protecting the data security of the overall proposed CARDS database.  

“The database we will have is much less interesting and much less vulnerable. It doesn’t mean it’s invulnerable, but that removal of PII is really significant.” And unlike if a broker/dealer or advisory firm should be hacked, cyber thieves will not be able to transfer funds or such within FINRA’s system.

Tuesday’s release noted that all data sent to FINRA would be encrypted in transmission and after receipt, blocking the ability to read or interpret the data without proper encryption keys.

Another key area of concern, cost, is also being addressed by FINRA, Axelrod said. FINRA’s chief economist Jonathan Sokobin, and his team have been conducting an ongoing cost-benefit analysis since the initiative was announced. “They’ve met with firms, they’ve issued surveys and that’s just in the initial phase of this project.”

Tuesday’s notice (Reg Notice 14-37) also contains an interim economic impact assessment, which outlines both the benefits, as well as the anticipated costs associated with the first phase of the rollout. The report acknowledges clearing firms will likely incur costs ranging from $390,000 to $8.3 million to develop and build the infrastructures required to submit the data to FINRA. Further, the regulator estimates it will cost $76,000 to $2.44 million annualy to maintain the systems. 

Additionally, there would be costs associated with any data CARDS may require that was not previously received by the clearing firm. FINRA notes clearing firms have much of the required data already in their systems, but not all the information that would be required by CARDS.

Brokerage firms will not see any additional expenses during the first phase, however, FINRA’s staff is continuing to collect information on the costs to firms during the second phase of the rollout. 

“We’re trying to be responsive, but move this initiative forward,” Axelrod said. ‘We think the benefits are huge, we just need to get a handle on what the costs are.” 

In response to the latest regulatory notice, industry group SIFMA said Tuesday it appreciates that FINRA is soliciting feedback on CARDS, but still had concerns regarding the initiative.  

“As SIFMA noted in its two previous comment letters, CARDS raises a number of important concerns, including investor privacy, data security, duplication of regulatory data collection with the pending CAT system and other cost-benefit concerns, that remain outstanding and must be fully vetted with all interested parties,” Ira Hammerman, SIFMA’s executive vice president & general counsel, said in a statement. 

The comment period expires on Dec. 1, and FINRA is requesting data and quantified comments where possible.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.