March 20, 2014
Marcia E. Asquith
Office of the Corporate Secretary
FINRA
1735 K Street, NW
Washington, DC 20006-1506
Re: Regulatory Notice 13-42
Dear Ms. Asquith:
Thank you for the opportunity to comment on the above-referenced Regulatory Notice (“RN”) wherein FINRA requested public comment on a concept proposal to develop the Comprehensive Automated Risk Data System (“CARDS”). I write on behalf of the Public Investors Arbitration Bar Association (“PIABA”), an international bar association comprised of attorneys who represent investors in securities arbitrations. Since its formation in 1990, PIABA has promoted the interests of the public investor in all securities and commodities arbitration forums, while also advocating for public education regarding investment fraud and industry misconduct. Our members and their clients have a strong interest in rules promulgated by the Financial Industry Regulatory Authority ("FINRA") relating to both investor protection and disclosure.
Like other measures designed to increase public investor protection, PIABA is generally supportive of the CARDS concept proposal. The advent of new technologies has revolutionized the securities markets, and PIABA believes that the CARDS concept will bolster FINRA’s core market surveillance, investigation and enforcement regulatory functions. If implemented correctly, CARDS should accomplish the objectives of the Securities and Exchange Commission’s (“SEC’s”) Consolidated Audit Trail Rule and Regulation NMS while remedying many of the shortcomings with FINRA’s current Rule 7400 Order Audit Trail System. See Securities Exchange Act Release No. 34-67457, 77 Fed. Reg. 45722, 45723 (August 1, 2012) (“CAT Release”). PIABA also writes to comment on potential positive and negative externalities that could result from implementation of CARDS.
Since the CARDS system relies upon the input of customer suitability data at the broker-dealer level, PIABA fears that the input of incorrect customer suitability data could compromise the effectiveness of the CARDS system as a regulatory tool and skew the resultant data collected by FINRA. CARDS implementation should address means to ensure the accuracy and reliability of such data. Nevertheless, PIABA strongly supports the concept of creating uniformity amongst the new account forms used by FINRA member firms for the collection of suitability data, but also believes that these documents should contain plain language explanations to ensure the public investor understands the meaning of the terms used therein.
PIABA is also concerned that the CARDS system may be used by member firms to shift the burden of supervision from their own internal compliance and supervisory personnel and systems to FINRA and the CARDS system. In addition, PIABA is wary that member firms may use the presence of the CARDS system against public investors in arbitrations where no enforcement action was taken against the broker and/or firm by arguing to the arbitration panels that inaction on the part of FINRA in light of the CARDS system is evidence that there was no improper conduct.
Finally, because the CARDS system presents serious issues relating to public investors’ privacy and data security, PIABA believes that FINRA should prioritize these issues in CARDS implementation.
1. FOR CARDS TO BE SUCCESSFUL, FINRA SHOULD ADOPT RULES TO ENSURE THAT MEMBER FIRMS ACCURATELY CAPTURE AND REPORT CUSTOMER SUITABILITY DATA
PIABA fears that the CARDS system’s reliance upon the input of customer suitability data at the member firm level could compromise its effectiveness. The CARDS system will be dependent upon the customer suitability information entered at the firm level. See RN 13-42 at p. 2. Therefore, it seems that the effectiveness in overseeing the financial industry and value of the data collected by the CARDS system will depend on the accuracy and consistency of this customer information. The potential that misinformation and the incorrect classification of investors could compromise the entire system seems to be a significant vulnerability of CARDS.
Unfortunately, the incorrect classification of public investors at the firm level is not uncommon. Investors are frequently categorized improperly as “speculative” or “aggressive,” when they are actually “conservative” or “moderate.” Such instances have been regularly documented in enforcement proceedings against registered representatives and their supervisors. See In re: Prime Capital Services, Inc., 2010 SEC LEXIS 2086 (2010); In re: Bresner, et al., 2013 SEC LEXIS 3511, 2013 WL 5960690 (2013).
For example, in connection with the sale of variable annuities to elderly investors:
[The public investor’s] goal was preservation of principal with
the hope of some return, without taking risks. She told [her
broker] that she did not want to take risks, and he orally agreed
with her concern about protecting principal. [Her broker],
however, listed her investment objective as "Aggressive Growth"
on her client profile…
In re: Prime Capital Services, Inc., et al., at 8.
If an investor like the one described above was improperly classified as aggressive, when she should have been classified as conservative, the CARDS system would not pick up on otherwise unsuitable trading patterns and/or individual investments in her account. When extrapolated out onto a large enough scale, such misinformation could materially skew the patterns and trends in the data gathered from CARDS, and substantially hinder the enforcement capabilities of the system.
To ensure the sustained effectiveness and value of the CARDS system, FINRA must take significant steps to ensure that this common practice is stopped. In addition to regular policing by firm supervisors and FINRA investigators, FINRA should consider implementing standardized new account forms. In addition to including plain language explanations of customer suitability factors (see below), FINRA could design the new account forms to require certification by member firms, registered representatives, and investors that the form does, in fact, reflect investors’ relevant suitability data. FINRA could also require periodic recertification of such data to ensure CARDS data does not become stale and accurately reflects investors’ changing risk tolerances and investment objectives.
2. CARDS’ UNIFORM, STANDARDIZED CUSTOMER SUITABILITY DATA WILL YIELD SIGNIFICANT, INCIDENTAL BENEFITS
PIABA strongly supports the standardization of retail customer information for use in the CARDS system, in that it will yield significant, incidental benefits for all FINRA stakeholders and increase transparency, accountability, and predictability across the securities industry.
For example, FINRA does not currently prescribe how members firms must describe customer suitability factors, such as risk tolerances and investment objectives, to their clients. In the absence of FINRA guidance, member firms have adopted internal definitions and descriptions of these factors which may vary widely from firm to firm. Moreover, some firms have adopted risk profiles that may be confusing and misleading to public investors, which facilitates sales practice misconduct. See In re Richard G. Cody, 2010 WL 1937033 at n. 7 (May 10, 2010) (observing that new account form’s investment objective objection were “income,” “long-term growth,” and “short-term trading,” while risk exposure options were “low,” “moderate,” “speculation,” and “high risk”); In re Stephen W. Wilson, 2010 WL 3598591 (Apr. 14, 2010) (broker recommended “conservative” and “moderately aggressive” portfolios promising 9-12% estimated rates of return and could not articulate his underlying methodology); In re David Lerner Associates, FINRA Disc. Proc. No. 2009020741901 (Oct. 22, 2012) (broker described speculative, overconcentrated, and illiquid REITs as “moderately conservative”).
Thus, in addition to standardizing customer suitability data, PIABA believes that FINRA implement new account forms containing plain language explanations to ensure that public investors understand the meaning of the terms used therein. The explanations would be located adjacent to the area where the investor is supposed to indicate their risk tolerance and investment objective, and should include examples of the type of trading patterns, securities, and potential losses that an investor could expect for particular risk tolerances and investment objectives. Such explanations could be easily adapted from the FINRA Investor Education Foundation’s investor education materials.
Not only will these simple measures assure the reliability of CARDS data, but they will empower public investors and give them the tools to engage with member firms and their registered representatives in a meaningful dialogue over their investments and financial security. FINRA should consider adopting uniform customer suitability measures even before it develops and implements CARDS.
3. MEMBER FIRMS MUST NOT BE ALLOWED TO RELY ON CARDS TO SHIRK THEIR COMPLIANCE AND SUPERVISORY OBLIGATIONS
PIABA is apprehensive that member firms will nevertheless attempt to shift their compliance and supervisory obligations on to the CARDS system. Thus, while FINRA indicates that “CARDS would not supplant the legal, compliance and supervisory programs firms administer,” RN 13-42 at p. 7, PIABA believes that this should be made explicit in FINRA Rules or SEC Regulations, depending on what legal framework is ultimately implemented for the CARDS system.
In addition, PIABA believes that the existence of the CARDS systems creates potential avenues for abuse. For example, member firms and registered representatives may attempt to characterize CARDS as a guarantee against investor loss or fraud. FINRA should adopt rules concerning member firms’ and registered representatives’ communications with public investors about the CARDS system’s scope and purpose.
4. MEMBER FIRMS MUST NOT BE PERMITTED TO MISCONSTRUE CARDS RESULTS TO DEFEAT PUBLIC INVESTOR CLAIMS IN ARBITRATION
PIABA’s fear that member firms may use the presence of the CARDS system against public investors in arbitrations flows logically from our concerns that members will use CARDS as a substitute for their own supervisory and compliance obligations. As PIABA understands the proposed CARDS system, it is a regulatory tool designed to monitor and track patterns and trends, both industry-wide and firm-specific. See RN 13-42 at p. 4. It does not appear to be a system designed to track and analyze account-specific suitability.
However, PIABA fears that in situations where a public investor initiates arbitration proceedings against a broker and/or firm, but FINRA takes no enforcement action, those public customers will find themselves being forced to rebut a presumption that no wrongdoing occurred since the CARDS system did not trigger a regulatory investigation. While such an assertion would seem plainly contrary to the design and purpose of the CARDS system as outlined in RN 13-42, it appears to be one by which arbitrators may be influenced absent proper training.
PIABA is also concerned that arbitrators may misinterpret public data generated by the CARDS system when presented with it. For example, the presence of a substantial number of retirees invested in speculative investments such as triple leveraged inverse ETFs should be viewed as a sign that too many senior investors are being sold unsuitable products. However, there is a fear that such a statistic could be manipulated and presented to arbitrators as evidence that it is acceptable for retirees to invest in such products. In this way, FINRA’s efforts to uncover alarming trends in unsuitability to protect public investors could be used against them without proper arbitrator training.
Should FINRA choose to implement the CARDS system, PIABA encourages FINRA to include training about the CARDS system into its mandatory training for arbitrators. Specifically, arbitrators should be made aware that CARDS is not designed to monitor individual account suitability. Arbitrators will need to understand that the absence of a regulatory inquiry is not evidence that no wrongful conduct occurred. They will also need to be taught to appreciate that suitability requires an individual, investor-by-investor assessment. Therefore, the prevalence of a certain type of unsuitable activity or investment in the marketplace as a whole is simply be evidence of widespread unsuitability issues, not evidence that that activity or investment is actually suitable.
5. FINRA SHOULD PRIORITIZE CUSTOMER PRIVACY AND DATA SECURITY ISSUES IN THE DEVELOPMENT AND IMPLEMENTATION OF CARDS
PIABA observes that the CARDS concept raises very serious issues implicating public investors’ privacy and the security of computer files containing personally-identifiable information. PIABA is concerned that the automated, indiscriminate collection, transmission, and dissemination of specific customer information may unduly invade customers’ privacy interests and facilitate identity theft and other unlawful conduct.
PIABA is not alone. When it adopted its Consolidated Audit Trial Regulation, the SEC expressed its “[belief] that maintaining the confidentiality of customer and other information reported to the central repository is essential.” CAT Release, 77 Fed. Reg. at 45782. As it implements the Consolidated Audit Trial Regulation and CARDS, FINRA must adopt policies, procedures, and privacy protections “necessary to assure regulators and market participants that [CARDS] provides for rigorous protection of confidential information.” Id. Indeed, regulators’ market surveillance “would be compromised if the Commission, the SROs and their members could not rely on the confidentiality and security of the information stored in” programs like CARDS. Id. at 45783. Accordingly, SEC Rule 613 mandates certain requirements and procedures to ensure the “security and confidentiality” of all customer information transmitted through CARDS and maintained by FINRA. 17 C.F.R. § 242.613 3(a)(1)(iv), (e)(4).
Unfortunately, FINRA initially opted to leave consideration of customer privacy and data security issues for another day. RN 13-42 at 10, n. 7. However, PIABA is encouraged by the steps taken thus far by FINRA expressed in the recent Update Regarding Regulatory Notice 13-42, in which FINRA advises that “the CARDS proposal will not require the submission of information that would identify to FINRA the individual account owner, particularly, account name, account address or tax identification number.” Nonetheless, PIABA maintains that risks to the privacy rights of public investors must be monitored closely and addressed promptly.
PIABA believes that these risks may be reduced or eliminated by using unique customer identifiers and anonymized personally-identifiable customer information within CARDS, as well as mandating that member firms adopt “best practices” security and encryption protocols for information technology and data transmission. These measures strike an appropriate balance between giving FINRA the tools and technology it needs to achieve its legitimate market surveillance and regulatory goals while protecting public investors’ privacy and proprietary interests.
Once more, PIABA appreciates the opportunity to comment on the CARDS concept proposal, and looks forward to working with FINRA on its implementation.
Sincerely,
Jason Doss
President