X

Broker-Dealer Fined for Cybersecurity Deficiencies

A broker-dealer settled charges with FINRA for failing to safeguard customer records and information.

In a Letter of Acceptance, Waiver, and Consent ("AWC"), FINRA stated that an unauthorized third party gained access to the broker-dealer's network and exposed records and nonpublic personal information for over 6,000 firm customers. FINRA noted that the firm voluntarily took corrective actions after discovery of the incident and notification to its customers. These corrective actions included improvements in its cyber program by "requiring multi-factor authentication for third-party service providers and implementing endpoint detection and response and security operations center monitoring of all access to firm systems, including third-party."

FINRA concluded that the broker-dealer violated Rule 30(a) of Regulation S-P ("Procedures to safeguard customer records and information; disposal of consumer report information") and FINRA Rule 2010 ("Standards of Commercial Honor and Principles of Trade").

To settle the charges, the broker-dealer agreed to (i) a censure and (ii) pay a $75,000 fine.

Primary Sources

  1. FINRA AWC: Bolton Global Capital

Premium Content

Available only to Premium subscribers.

 

Join Premium

US Regulatory Intelligence combines regulatory and enforcement news, analysis, and practical work tools on an easy-to-use digital platform.

Request a Free Trial

Tags

Regulated Activities
Data Protection / Cybersecurity
Regulated Entities
Broker-Dealers
Body of Law
Privacy / Data Protection / Cybersecurity Securities Law
Jurisdiction
US - Federal
Organization
FINRA / MSRB / SEC Exchanges / SIPC / Accountants
Sub-Author
FINRA