The Securities Industry and Financial Markets Association is standing by its opposition to the Financial Industry Regulatory Authority’s proposed Comprehensive Automated Risk Data System rule, saying at a media briefing Thursday it will use every tool available to defeat it as it currently stands.
“Our members will take every action they feel is appropriate under the rules of procedure,” SIFMA President and CEO Kenneth Bentson said in response to a question regarding the potential for the group to engage in CARDS litigation. The proposed rule is still awaiting approval by FINRA and the Securities and Exchange Commission.
The financial services industry lobby group submitted a strongly worded comment letter on Monday to FINRA regarding its concerns with the CARDS proposal, which aims to require both custodians and brokerage firms to submit wide-ranging data on clients’ securities transactions, account balances and money flows.p>
“Our members feel it is an invasion of privacy, raises risks, particularly cyber risks, and is effectively a sledge hammer approach to what FINRA has described as trying to identify much smaller problems at significant cost,” Bentson says.
SIFMA argued in its comment letter that the first phase of CARDS would cost firms $680 million to build and another $360 million annually to maintain the database, according a study by IBM commissioned by SIFMA. Meanwhile, FINRA estimates that the first phase would cost between $8 million and $12 million, with another $76,000 to $2.44 million annually for maintenance, depending on the size of the firm.
“We think this CARDS proposal is significantly flawed,” SIFMA General Counsel Ira Hammerman said. “To have in one warehouse, one honey pot, all of this information from hundreds of millions of accounts, that the cyber-criminals can try to attack does not make sense,” he added.
FINRA’s step to drop the personal identifying information collected did not go far enough to protect investors, Hammerman said. It’s “relatively easy” for cyber criminals to get into the CARDS system and link up the available data to one other piece of data personally identifying the investor, he added.
The other concern SIFMA highlighted was regarding the potential false positives that could result from the proposed monthly data collection. “Armed with this big data and this monthly information, that will just provoke FINRA to engage in an ongoing, never-ending dialogue with the industry on topics of interest to them,” Hammerman said.
In addition to not ruling out using litigation to halt the CARDS initiative, Bentson also noted that SIFMA is working to raise awareness on the issue, adding SIFMA is seeing interest from Capital Hill.
“Clients are increasingly concerned as they learn of proposal, so too are members of Congress,” he said. “We’re going to raise concerns and questions and objections.”