The Comprehensive Automated Risk Data System (CARDS) proposed by the Financial Industry Regulatory Authority (FINRA) to regularly collect customer account data from various broker-dealers and clearing firms and allow FINRA to more efficiently detect dangerous product sales practices and industry trends continues to draw stiff opposition.

According to FINRA, CARDS "would … reduce present regulatory costs and burdens on firms by reducing the need for manual, partial, overlapping and one-time regulatory report generation for the information required to be reported." However, the Securities Industry and Financial Markets Association (SIFMA), the principal broker-dealer trade association, submitted a comment letter on December 1, 2014 strongly opposing FINRA’s most recent iteration of its CARDS proposal. Later in the month, SIFMA also published the results of an investor survey it commissioned concerning the proposal.

A very large percentage of investors who took the survey:

  • believed that CARDS’s risks outweigh the benefits, even if their data is kept anonymous, because it will create a single location that hackers and cyber-terrorists can target, putting investors’ account activity balances and money movements at risk; and,
  • trusted their financial professionals or firms much more than the government to keep their financial information safe.

Such fears about the danger of cyber-attacks on personal data can only have been reinforced by the recent cyber-attack on Sony Pictures Entertainment. Indeed, in an interview, one SIFMA executive was quoted as follows: "[t]he Sony hacking incident gives everyone a real-life, real-time reminder of what we’ve been saying in our comment letters over the last year or so...If the bad guys break into FINRA, they’ve got everything."

At least for now, however, FINRA is keeping CARDS very much on the table.