Worried That Your Next SEC Audit Will End in Fines? TAKE THE ASSESSMENT

FINRA Requiring Encryption of Laptops

I recently was approached by a financial adviser looking for a referral for someone who could help her encrypt her business’ laptops –  FINRA had conducted a review of her office and told her she was required to do so.

The Financial Industry Regulatory Authority (“FINRA”) is cracking down on firms that fail to meet required data security practices.

On May 15, 2015, FINRA reached a settlement with Sterne Agee & Leach Inc. (“Sterne Agee”), in which the firm agreed to certain sanctions, including public censure and a $225,000 fine. FINRA’s enforcement action stemmed from the firm’s loss of a laptop computer that contained unencrypted confidential financial and personal information on over 350,000 customers. FINRA concluded that between 2009 and 2014, the firm’s “written supervisory procedures were not reasonably designed to protect confidential customer and proprietary information.”

This is not the first time FINRA has levied a fine for failing to safeguard sensitive client information.

It is not a matter of IF your database of sensitive client information will be compromised, it is a matter of WHEN. Cybersecurity, including the safeguarding of client information, continues to be a top priority for FINRA, the SEC, and state regulators. Failure to implement policies and procedures to safeguard sensitive client information can prove costly.  If your firm has not already taken action, you should immediately have all portable media encrypted by your IT provider.

Regulation S-P requires registered broker-dealers, investment companies, and investment advisers to “adopt written policies and procedures that address administrative, technical, and physical safeguards for the protection of customer records and information.”


If you have not adopted policies and procedures in satisfaction of Regulation S-P, contact us today so that we can save you from a potential enforcement action. We also have trusted partners we can refer you to for the actual encryption of your devices. Don’t wait, call us today.

Author Bio

Leila Shaver is the Founder of My RIA Lawyer, a law firm that provides compliance and legal consulting for financial institutions. With extensive experience as a securities attorney and compliance expert, she has served as Chief Compliance Officer and General Counsel to RIAs, BDs, and TAMPs with billions in assets under management.

Leila understands the challenges RIAs face and is committed to helping RIAs streamline their processes, mitigate risks, and ensure compliance with regulatory requirements. She received her Juris Doctor from Atlanta’s John Marshall Law School and is a West Georgia Young Lawyers’ Association member. Leila has received numerous accolades for her work, including the Carroll County Bar Association’s Outstanding Young Lawyer Award in 2017.

LinkedIn | State Bar Association | Avvo | Google