December 2, 2014 - Plans by Wall Street watchdog Finra to introduce an automated data collection system designed to help identify risky and suspicious activities have been blasted by lobby group Sifma on cost, security and privacy grounds.
First proposed in 2012, the Comprehensive Automated Risk Data System (Cards) plan would require brokerage firms to hand over huge amounts of customer account data - although not personally identifiable information - in an automated, standardised format.
Industry-funded regulator Finra argues that the system would boost investor protection and ensure market integrity by allowing it to identify and quickly respond to high-risk areas and suspicious activities that it might not identify through normal surveillance and examination programmes.
Finra has to file its proposals with the Securities and Exchange Commission for approval. In a letter, Sifma urges the watchdog not to, claiming Cards would impose costs and burdens on its members that far exceed any benefits.
Drawing on research it commissioned from IBM, Sifma says that, even without personal identifiable information, Cards data includes sufficient detail for an attacker to reverse engineer an investor's identity for fraud, market manipulation and other crimes.
The IBM research also suggests that the costs of Cards would be far greater than Finra estimates. For phase one of the project, for clearing and carrying firms alone the cost would be approximately $680 million for the build, with $360 million required for labour, infrastructure, and storage to maintain the reporting regime annually.
Kenneth Bentsen, CEO, Sifma, says: "This centralised individual account database would become a prime target for cyber attackers, be costly to build and maintain, and would produce more false positives that would drain resources that could be put to better use to help investors."
Bentsen argues that it would be better for Finra "to work with the reams of data it already gets through existing systems such as Oats, LOPR and other systems, and to consider what data fields could possibly be added to the CAT if Finra adequately demonstrated an actual need for additional data, rather than mandate a redundant new system."