WORM Deficiencies: Are Your Electronic Records Safe?


As part of FINRA’s ongoing efforts to crackdown on cybersecurity failures, the brokerage industry’s self-regulatory organization issued $14.4 million in fines to a dozen firms – including companies in the Wells Fargo & Co. and RBC Capital networks, RBS Securities Inc., SunTrust Robinson Humphrey Inc., LPL Financial, Georgeson Securities Corp. and PNC Capital Markets – for deficiencies related to their cybersecurity programs.

According to FINRA, the aforementioned firms did not use the appropriate storage format to retain broker-dealers’ and customers’ electronic records. Per Federal securities laws and FINRA rules, business-related electronic records must be kept in WORM format. WORM – write once, read many – is designed to prevent the modification and destruction of data.

As a result of their failure to maintain electronic records in WORM format, the following firms received sanctions by the organization:

  • Wells Fargo Securities, LLC and Wells Fargo Prime Services, LLC were jointly fined $4 million.
  • RBC Capital Markets LLC and RBC Capital Markets Arbitrage S.A. were jointly fined $3.5 million.
  • RBS Securities, Inc. was fined $2 million.
  • Wells Fargo Advisors, LLC, Wells Fargo Advisors Financial Network, LLC and First Clearing, LLC were jointly fined $1.5 million.
  • SunTrust Robinson Humphrey, Inc. was fined $1.5 million.
  • LPL Financial LLC was fined $750,000.
  • Georgeson Securities Corporation was fined $650,000.
  • PNC Capital Markets LLC was fined $500,000.

Brad Bennett, FINRA’s Executive Vice President and Chief of Enforcement, said, “These disciplinary actions are a result of FINRA’s focus on ensuring that firms maintain accurate, complete and adequately protected electronic records. Ensuring the integrity of these records is critical to the investor protection function because they are a primary means by which regulators examine for misconduct in the securities industry.”

The firms neither admitted nor denied the charges by FINRA, but accepted the entry of the organization’s findings.

It is essential for financial firms to evaluate their cybersecurity controls.  For more information, review Jacko Law Group’s Legal Risk Management Tip on “Legal Considerations for Your Cybersecurity Program.”

If you have questions or would like additional guidance on how to protect your securities data from cybersecurity breaches, contact us at 619.298.2880 or info@jackolg.com.


1 Comment

Filed under Broker-Dealers, Cybersecurity

One response to “WORM Deficiencies: Are Your Electronic Records Safe?

  1. Patrick Stump, Roka Security

    We are seeing a good number of smaller firms that think SEC and FINRA are only cracking down on the big shops. However, with Ransomware on the rise I think we will see them fining shops of all sizes in the future. Good point on the Legal considerations as it is something we always bring up as well. Hoping you won’t have an incident is not a sound legal strategy.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s