I recently was approached by a financial adviser looking for a referral for someone who could help her encrypt her business’ laptops. FINRA had conducted a review of her office and told her she was required to encrypt her laptops.
The Financial Industry Regulatory Authority (“FINRA”) is cracking down on firms that fail to meet required data security practices.
On May 15, 2015, FINRA reached a settlement with Sterne Agee & Leach Inc. (“Sterne Agee”), in which the firm agreed to certain sanctions, including public censure and a $225,000 fine. FINRA’s enforcement action stemmed from the firm’s loss of an laptop computer that contained unencrypted confidential financial and personal information on over 350,000 customers. FINRA concluded that between 2009 and 2014, the firm’s “written supervisory procedures were not reasonably designed to protect confidential customer and proprietary information.”
This is not the first time FINRA has levied a fine for failing to safeguard sensitive client information.
It is not a matter of IF your database of sensitive client information will be compromised, it is a matter of WHEN. Cybersecurity, including the safeguarding of client information, continues to be a top priority for FINRA, the SEC and state regulators. Failure to implement policies and procedures to safeguard sensitive client information can prove costly. If your firm has not already taken action, you should immediately have all portable media encrypted by your IT provider.
Regulation S-P requires registered broker-dealers, investment companies, and investment advisers to “adopt written policies and procedures that address administrative, technical, and physical safeguards for the protection of customer records and information.”
If you have not adopted policies and procedures in satisfaction of Regulation S-P, contact us today so that we can save you from a potential enforcement action. We also have trusted partners we can refer you to for the actual encryption of your devices. Don’t wait, call us today.