FINRA Proposes a New Method to Obtain Transaction Information: Comprehensive Automated Risk Data System

On December 23, 2013, FINRA issued Regulatory Notice 13-42, a concept proposal to develop a new Comprehensive Automated Risk Data System (“CARDS”) (the “Proposal”).¹ According to FINRA, CARDS initially would collect customer account information, customer account activity, and security identification information on a standardized, automated and regular basis.² Over time, FINRA believes that CARDS will reduce the regulatory costs and burdens on firms while allowing the regulator to automate its surveillance for potential sales practice and business conduct violations.³ FINRA requests comments from firms on the Proposal, including input on 11 sets of specific questions.⁴ The comment period expires on February 21, 2014.

I. FINRA’s Proposal

The Proposal, if adopted, “initially” would require clearing and self-clearing firms to submit retail customer information to CARDS,⁵ including:

Account Information

• Customer investment profile information (e.g., investment objective, date of birth)
• An identifier for beneficial owners or control persons
• Servicing registered persons and locations (e.g., registered person CRD number and branch CRD number)

Account Activity Information

• Details of account activity (e.g., purchases and sales transactions, event dates)
• Additions/withdrawals, securities and account transfers
• Margin and balances

Security Identification Information

• Description of securities (e.g., CUSIP, symbol, description, name, ISIN, SEDOL)⁶

The Proposal deliberately states that this is the “initial” data to be collected. Indeed, FINRA suggests in the Proposal that it will review the program every 12 to 18 months to decide whether to change the data being sought as rules and regulatory focus change (in all likelihood by collecting additional information).⁷ Under the current proposal, data would be transmitted to FINRA only by clearing and self-clearing firms, while introducing firms would be required to provide all necessary information to their clearing firms.⁸ Clearing firms would be required to submit the information to FINRA in a standardized format with sufficient information so that FINRA can distinguish customer accounts of an introducing firm from customer accounts of any firm for which the introducing firm is acting as an intermediary.⁹ In the Proposal, FINRA suggests that the information would be submitted to the regulator regularly (either daily or weekly).¹⁰

FINRA explains in the Proposal that it intends to analyze the information provided through CARDS for potential red flags concerning sales practice misconduct or potential business conduct issues as well as to benchmark individual firms against industry norms.¹¹ FINRA also touts in the Proposal the likelihood that CARDS would streamline the examination process by allowing FINRA to review selected data to pinpoint risk areas or areas of concern in advance of an onsite exam, while eliminating “[t]he need for manual, partial, overlapping and one-time regulatory report generation...”¹² FINRA claims that, in the long run, CARDS will reduce the burden and expense exams place on firms and allow the onsite exam to be more focused, and therefore, shorter.¹³ FINRA also notes that, in instances where there is concern about imminent or ongoing customer harm, having current data on hand will allow FINRA to act more swiftly.¹⁴ FINRA also suggests that CARDS might allow the regulator to eliminate certain other duplicative reporting processes.¹⁵

FINRA does, however, acknowledge in the Proposal that clearing firms would likely incur costs to build and maintain the appropriate reporting infrastructure and for monitoring the information that is provided to CARDS.¹⁶ FINRA also acknowledges that the frequency of information requests also could affect costs, and that introducing firms (at least initially) may incur certain costs in providing required information to their clearing firms.¹⁷

II. Requests for Industry Input

In 11 sets of questions, the Proposal seeks industry input regarding:

1. Need for the program: Are alternative methods available for FINRA to achieve its goals?
2. Cost of the program: What aspects of implementing CARDS do firms expect will be the most costly, including what systems will need to be modified?
3. Anticipated changes required: Other than systems modifications, what other changes do firms anticipate (e.g., staffing)?
4. Use of vendors: Will firms use vendors to fulfill the reporting obligations and, if so, should FINRA specify supervisory obligations over these relationships?
5. Collection of customer profile information: How is customer profile and suitability information currently retained, by whom, in what formats, and what changes would need to be made (if any) for clearing firms to be able to collect this information in a standard format?
6. Current availability of information: Is the information in the Proposal collected and maintained, is it in an automated format, and where is it kept?
7. CARDS updates: How often should FINRA review CARDS to update the information sought – would a 12- to 18-month cycle be feasible?
8. Frequency of reporting: How often should firms be required to submit data to FINRA (daily, weekly, some other period), and what are the costs and benefits associated with different timing?
9. Phase-in of CARDS: How should the first phase be structured to best achieve its goal of focusing on business conduct for retail accounts?
10. Differentiation of retail account data: Can firms clearly distinguish between retail customers and others, and what changes would firms need to make to limit their submissions only to retail customers?
11. Benchmarking: Would it be beneficial for firms to receive data with performance benchmarks and if so, how should it be provided?¹⁸

Conclusion

Implementation of the Proposal will, without doubt, mark a substantial change in the way in which FINRA monitors the industry and conducts exams. The more immediate impact of the Proposal will be the financial and compliance burden associated with collecting and properly reporting this vast amount of data to FINRA. FINRA states that it wants to identify a cost-effective approach for CARDS.¹⁹ Interested parties, therefore, should provide comments to FINRA about the costs and scope of the Proposal. Comments are due no later than February 21, 2014.

Contacts

If you have any questions or would like more information on the issues discussed in this LawFlash, please contact any of the following Morgan Lewis lawyers:

¹ Comprehensive Automated Risk Data System, FINRA Requests Comment on a Concept Proposal to Develop the Comprehensive Automated Risk Data System, Regulatory Notice 13-42 (“Notice”) at 1, available at http://www.finra.org/web/groups/industry/@ip/@reg/
@notice/documents/notices/p413652.pdf.

² Id.

³ Id. at 2 and 7.

⁴ Id. at 8-9.

⁵ Id. at 2.

⁶ Id. at 5 (endnotes omitted from original).

⁷ Notice at 9.

⁸ Id. at 2.

⁹ Id. at 6.

¹⁰ Id.

¹¹ Id. at 2 and 7. FINRA explained that it has run two proofs of concept to help inform the Proposal, and that the regulator has piloted the data collection process with two large clearing firms. Id. at 4.

¹² Notice at 7.

¹³ Id. at 4.

¹⁴ Id. at 3-4.

¹⁵ Id. at 7.

¹⁶ Id.

¹⁷ Id.

¹⁸ Notice at 8-9.

¹⁹ Id. at 3.