FINRA is reviewing a slew of comments on a controversial proposal to develop a comprehensive automated risk data system, nicknamed "CARDS." FINRA published the proposal on December 23, 2013, in Regulatory Notice 13-42, and extended the comment deadline to March 21.
Under the CARDS program as originally proposed, FINRA would systematically collect broker-dealer customer "account information, as well as account activity and security identification information that a firm maintains as part of its books and records." At least initially, this "would generally represent the same types of information FINRA currently collects on a firm-by-firm basis during the examination process." However, FINRA subsequently announced that it would not require information that would identify the individual account owner, particularly the account name, address and tax identification number.
The Regulatory Notice says the information would be used to "run analytics that identify potential red flags of sales practice misconduct … as well as help FINRA identify potential business conduct problems with member firms, branches and registered representatives." It defines "sales practice misconduct" to include "churning, excessive commissions, pump and dump schemes, markups, and mutual fund switching."
Rather than formally proposing a rule, the Regulatory Notice sets out a "concept proposal." The intent is "to obtain the views of firms and others at the initial stage of determining how FINRA should obtain broader information to advance its supervision of firms and their associated persons."
Commenters have raised a wide range of problems and questions with the CARDS proposal, such as:
the uncertainty of the proposal’s objective and its lack of specific cost-benefit analysis,
the difficulty and cost of providing data in the format that CARDS would require, on a standardized basis across the industry,
the question of responsibility for data quality, particularly where introducing brokers would submit information to FINRA through clearing brokers,
the obstacles to using third parties to perform functions, and
security risk and customer privacy concerns.