The brokerage industry is digging in its heels to ward off the Financial Industry Regulatory Authority’s controversial Comprehensive Automated Risk Data System proposal, known as CARDS.
The massive CARDS project would collect customer account information and create a database for automated oversight.
Finra says CARDS will harness modern technology and improve regulation, but brokerage firms see it as overly intrusive and expensive.
On Monday, Wall Street’s powerful trade group, the Securities Industry and Financial Markets Association, said it is dead set against the idea.
CARDS “is an attempt to diagnose a regulatory ill without appropriately accounting for the impact on investor privacy and civil liberties, and should not be filed with the Securities and Exchange Commission,” wrote Sifma general counsel Ira Hammerman, in a comment letter.
“Most troubling is that CARDS would require the continued and regular disclosure to Finra of the most intimate financial details for every investor’s securities account, would be aggregated and stored on Finra’s computer system, thereby creating a centralized, prime target for computer hackers and nation state sponsored cyber terrorists,” Hammerman said.
In September, Finra asked for comment on a CARDs rule. Comments were due Monday.
Finra can still amend the proposal, which has yet to be filed with the SEC for approval.
The CARDS database would be a “honey pot of [data on] the wealth of all the citizens in the U.S.” for cyber criminals, Hammerman said in an interview.
Even if CARDS were totally secure, “do we really want our government to have, at the  push of a button, the account balances and the money movements of all the citizens of a country?” Hammerman said. “I’ll bet 80 percent [of Americans] would say, no way.”
Sifma’s arguments are “frenzied” and “hysterical,” countered Barbara Roper, director of investor protection at the Consumer Federation of America.
Finra has made clear that it will do what is needed to address any security concerns, she said.
“It’s absurd to believe a hacker would target the CARDs database [which would have] no personally identifiable information and no ability to transact, and [a hacker would] perform some complex reverse engineering” to identify customers in the CARDs system instead of going to the brokerage firms themselves, Roper said.
The privacy and civil liberty arguments Sifma is making “sound so much better than saying, ‘We don’t want our regulators to have the ability to look over our shoulders,” Roper added.