As part of FINRA’s ongoing efforts to crackdown on cybersecurity failures, the brokerage industry’s self-regulatory organization issued $14.4 million in fines to a dozen firms – including companies in the Wells Fargo & Co. and RBC Capital networks, RBS Securities Inc., SunTrust Robinson Humphrey Inc., LPL Financial, Georgeson Securities Corp. and PNC Capital Markets – for deficiencies related to their cybersecurity programs.
According to FINRA, the aforementioned firms did not use the appropriate storage format to retain broker-dealers’ and customers’ electronic records. Per Federal securities laws and FINRA rules, business-related electronic records must be kept in WORM format. WORM – write once, read many – is designed to prevent the modification and destruction of data.
As a result of their failure to maintain electronic records in WORM format, the following firms received sanctions by the organization:
- Wells Fargo Securities, LLC and Wells Fargo Prime Services, LLC were jointly fined $4 million.
- RBC Capital Markets LLC and RBC Capital Markets Arbitrage S.A. were jointly fined $3.5 million.
- RBS Securities, Inc. was fined $2 million.
- Wells Fargo Advisors, LLC, Wells Fargo Advisors Financial Network, LLC and First Clearing, LLC were jointly fined $1.5 million.
- SunTrust Robinson Humphrey, Inc. was fined $1.5 million.
- LPL Financial LLC was fined $750,000.
- Georgeson Securities Corporation was fined $650,000.
- PNC Capital Markets LLC was fined $500,000.
Brad Bennett, FINRA’s Executive Vice President and Chief of Enforcement, said, “These disciplinary actions are a result of FINRA’s focus on ensuring that firms maintain accurate, complete and adequately protected electronic records. Ensuring the integrity of these records is critical to the investor protection function because they are a primary means by which regulators examine for misconduct in the securities industry.”
The firms neither admitted nor denied the charges by FINRA, but accepted the entry of the organization’s findings.
It is essential for financial firms to evaluate their cybersecurity controls. For more information, review Jacko Law Group’s Legal Risk Management Tip on “Legal Considerations for Your Cybersecurity Program.”
If you have questions or would like additional guidance on how to protect your securities data from cybersecurity breaches, contact us at 619.298.2880 or firstname.lastname@example.org.