FINRA Fines Firm for Failing to Safeguard Customer Information
Commentary by Steven Lofchie
A firm settled FINRA charges for failing to reasonably safeguard customer information.
According to the AWC, the firm failed to "ensure the security and confidentiality of customer information." FINRA found that, upon the departure of registered representatives, the firm notified insurance carriers only for those it classified as "producing" and did not provide notice when "non-producing" representatives left. FINRA stated that the firm "miscategorized" 241 producing representatives as non-producing in its internal system, and, as a result, insurance carriers were not notified and the former representatives continued to have access to customer variable annuity accounts. FINRA highlighted that the accessible account data included customer "names, addresses, account numbers [and] account balances," and in some instances, personal information such as "dates of birth and Social Security numbers."
FINRA determined that the firm violated Regulation S-P Rule 30 ("Procedures to safeguard customer information, including response programs for unauthorized access to customer information and customer notice; disposal of customer information and consumer information") and FINRA Rules 3110 ("Supervision") and 2010 ("Standards of Commercial Honor and Principles of Trade").
To settle the charges, the firm agreed to (i) a censure and (ii) pay a $150,000 fine.
Commentary
FINRA had previously brought enforcement actions for violations of Regulation S-P against registered representatives who improperly took customer information when they left their firms. This is a reversed fact situation, a broker-dealer fined for failing to keep its customer information from departing representatives.