The Financial Industry Regulatory Authority on Tuesday proposed a rule to implement its controversial Comprehensive Automated Risk Data System plan, known as Cards.
The massive project would collect customer account information and create a database that Finra would use for automated oversight purposes.
Cards is envisioned as a tool to spot suspect activity at individual firms, branches and by individual brokers, as well as identify emerging risks industry-wide.
Finra is proposing a phased implementation for Cards. The first phase would begin with about 200 carrying or clearing firms that would submit data on trades, holdings, account transfers, account profile information and other information.
The second phase would require fully-disclosed introducing firms to submit suitability-related information, either directly to Finra or through a third party.
Firms covered under the first phase would start submitting Cards information approximately nine months following SEC approval, Finra said, and fully-disclosed introducing firms would begin submitting Cards information to Finra within 15 months of SEC approval.
Comments on the plan are due to Finra by Dec. 1, 2014.
Finra could still modify the proposal before sending it to the SEC for final approval. The proposal is the first formal step Finra has taken to implement the ambitious project. In the notice, Finra took pains to reiterate that no personally identifiable information like Social Security numbers would be collected.
Security concerns have dogged Cards ever since Finra floated the idea in a December 2013 concept release.
“Finra believes that the investor protection benefits that would come from Cards, and Finra’s increased ability to reduce fraudulent and abusive behavior, significantly outweigh the remote risk of a security breach,” Finra said in the notice.
The proposal addressed a number of issues that arose from its earlier concept release.
Under the plan released Tuesday, reporting requirements would not apply to securities that are held directly at product sponsors. Those investments might be covered later in a separate rule-making.
Finra also dismissed an idea suggested by the Securities Industry and Financial Markets Association and others, that it should consider using its Consolidated Audit Trail (CAT) system instead of Cards to collect customer account data.
“Fundamentally, CAT and Cards collect different information,” Finra said. “Unlike Cards, CAT will not contain information regarding customer risk tolerance, investment objectives, money movements, margin requirements and position data.”
CAT is another massive project currently under development for gathering trading data.
Finra said that with Cards up and running, it might be able to phase out several current data-collection programs, the Automated Exam Program and the Integrated National Surveillance and Information Technology Enhancements system (Insite). Neither of these systems are as expansive as Cards is envisioned to be.
Finra said existing analytic tools have been helpful in spotting suspicious trading and concentration of risky products.
“Finra used the data collected to determine … which investor accounts had high concentrations of Puerto Rican debt and conflicts of interest based on a firm’s proprietary accounts or employees selling their own holdings of Puerto Rican debt while their customers were buying these securities,” the notice said.
Finra estimated that Cards would cost clearing and carrying firms anywhere from $390,000 to $8.33 million to implement, and $76,000 to $2.44 million annually to run.
Finra said its own costs to develop Cards are estimated to run from $8 million to $12 million over a three-year period.