Skip to main content
News Release
FINRA logo
George Smaragdis (202) 728-8988
Nancy Condon (202) 728-8379


FINRA Solicits Comment on Proposed Rule to Implement CARDS

WASHINGTON—The Financial Industry Regulatory Authority (FINRA) today issued Regulatory Notice 14-37 requesting comment on a proposed rule to implement the Comprehensive Automated Risk Data System (CARDS). CARDS would be designed to enhance investor protection and ensure market integrity by allowing FINRA to identify and quickly respond to high-risk areas and suspicious activities that it might not identify through its current surveillance and examination programs.

The rule proposal would be implemented in phases. The first phase would require carrying or clearing firms (approximately 200 firms) to periodically submit in an automated, standardized format specific information that is part of the firms' books and records relating to their securities accounts and the securities accounts for which they clear. The second phase of CARDS would require fully-disclosed introducing firms to submit specified account profile-related data elements either directly to FINRA or through a third party.

The CARDS rule proposal would exclude the collection of personally identifiable information (PII) for customers, including account name, account address and Social Security number.

"It is critical that we work together to strengthen investor confidence, and the ultimate purpose of the data and analytic capabilities to be obtained through CARDS is to help protect investors' bottom line. Without collecting one iota of personally identifiable information, CARDS will help us quickly identify unusual trends and product concentrations—and take swift, responsive action," said Richard Ketchum, FINRA Chairman and CEO.

FINRA is committed to the highest level of security when it comes to CARDS and the information that would be collected through this program. All data sent to FINRA would be encrypted in transmission and after receipt in a way that would not permit anyone to read or interpret the data without the proprietary encryption keys. FINRA's security program is based upon industry best practices, is guided by relevant federal and international standards and is compliant with relevant data security and privacy laws and regulations.

Notice 14-37 contains an Interim Economic Impact Assessment, which discusses both the anticipated benefits as well as the anticipated costs of the proposed rule for the approximately 200 firms impacted by phase 1 of CARDS. Introducing firms would not have any additional reporting obligations in phase 1 and would not incur direct costs associated with those accounts they clear through other firms. FINRA staff is continuing to collect and assess information about the costs, benefits and other economic impacts of CARDS. As it gathers more information, FINRA will further develop its economic impact analysis regarding anticipated benefits and anticipated costs of phase 2 for impacted entities, including introducing firms. The comment period expires on December 1, 2014. FINRA is requesting data and quantified comments where possible.

FINRA, the Financial Industry Regulatory Authority, is the largest independent regulator for all securities firms doing business in the United States. FINRA is dedicated to investor protection and market integrity through effective and efficient regulation and complementary compliance and technology-based services. FINRA touches virtually every aspect of the securities business – from registering and educating all industry participants to examining securities firms, writing rules, enforcing those rules and the federal securities laws, informing and educating the investing public, providing trade reporting and other industry utilities, and administering the largest dispute resolution forum for investors and firms. For more information, please visit