The Financial Industry Regulatory Authority on Tuesday proposed a rule to implement its controversial Comprehensive Automated Risk Data System plan, known as Cards.

The massive project would collect customer account information and create a database that Finra would use for automated oversight purposes.

Cards is envisioned as a tool to spot suspect activity at individual firms, branches and by individual brokers, as well as identify emerging risks industry-wide.

Finra is proposing a phased implementation for Cards. The first phase would begin with about 200 carrying or clearing firms that would submit data on trades, holdings, account transfers, account profile information and other information.

The second phase would require fully-disclosed introducing firms to submit suitability-related information, either directly to Finra or through a third party.

Firms covered under the first phase would start submitting Cards information approximately nine months following SEC approval, Finra said, and fully-disclosed introducing firms would begin submitting Cards information to Finra within 15 months of SEC approval.       
Comments on the plan are due to Finra by Dec. 1, 2014.

Finra could still modify the proposal before sending it to the SEC for final approval. The proposal is the first formal step Finra has taken to implement the ambitious project. In the notice, Finra took pains to reiterate that no personally identifiable information like Social Security numbers would be collected.
Security concerns have dogged Cards ever since Finra floated the idea in a December 2013 concept release.

“Finra believes that the investor protection benefits that would come from Cards, and Finra’s increased ability to reduce fraudulent and abusive behavior, significantly outweigh the remote risk of a security breach,” Finra said in the notice.

The proposal addressed a number of issues that arose from its earlier concept release.

Under the plan released Tuesday, reporting requirements would not apply to securities that are held directly at product sponsors. Those investments might be covered later in a separate rule-making.

Finra also dismissed an idea suggested by the Securities Industry and Financial Markets Association and others, that it should consider using its Consolidated Audit Trail (CAT) system instead of Cards to collect customer account data.