21 March 2014

Marcia E. Asquith
Office of the Corporate Secretary
FINRA
1735 K Street, NW
Washington, DC 20006

Transmitted electronically to pubcom@finra.org

Dear Ms. Asquith,

RW Smith appreciates the opportunity to comment on the CARDS proposal presented in Regulatory Notice 13-42. RW Smith supports FINRA’s objective of utilizing technology in an effort to be a more effective regulator, however we do not support the CARDS concept or proposal. 

CARDS calls for the development of a new system to collect sensitive information on retail customer accounts including customer profile information, account activity, account balances and holding, among other data. We think there are immediate data security and privacy concerns that are triggered if this proposal moves forward, that it would be hugely invasive and is troubling to both customers and industry members alike, and contains massive regulatory burdens and COSTS to industry members of all sizes. 

CARDS would create a centralized location for highly sensitive and private personal information of retail customers. One of our many serious concerns about this revolves around the fact that many companies maintain this sensitive and private data on separate and unique systems, as a natural means of preventing intrusions by third parties. Aggregating that massive amount of sensitive private data in one place, in order to meet the proposed regulatory requirement, presents an unbelievable risk to the security of the data. It is imperative that existing safeguards that exist within companies and the industry not be compromised.

We would encourage FINRA to review all current reporting requirements to determine whether and how much of the information believed necessary to meet the intended purposes of CARDS is already being collected through one or more existing reporting systems.

We cannot underscore enough our concern over the extreme and ever-increasing regulatory burden and associated costs of maintaining compliance as a member firm in the financial industry. We are very concerned about the significant and overwhelming technology and compliance costs of implementing and maintaining CARDS. 

Small firms in the investment industry are closing their doors at an alarming rate and not because they don’t perform well for their customers. In large part small firms are being driven out of business because of the unending influx of unfettered rulemaking of the past decade and the associated compliance costs, required technology implementations, upgrades and maintenance, and the ongoing and unending imposition of regulatory fees. At some point this needs to stop and we would suggest CARDS is the point. Investors in America are NOT best served by eliminating the small firm sector and that is exactly what has already begun to occur in our industry.

Finally, we would point out the daunting data security and privacy concerns. There are state and foreign privacy laws that concern us, regardless if CARDS collects or stores personally identifiable information or not. The data requested in CARDS essentially provides a complete roadmap to an individual’s financial and investing life, with all of the data then being stored in one place. To say that is a troubling thought is an understatement; frankly, it is scary to think of what will happen when that ONE system is breached and in today’s world we must start with the assumption that it WILL be breached. We think this is a bad idea, start to finish, for more reasons than we can illustrate in this comment letter.

In consideration of the concerns we have expressed in this comment letter and in conjunction with those expressed in numerous comment letters and most specifically in the well-written SIFMA comment letter, we respectfully request that FINRA withdraw the CARDS proposal.

Best regards,

Paige W. Pierce
President & CEO