Customer Information Protection

Below is information about firms' obligations to protect customer account information and links to resources to help firms meet those obligations.

 

See also: Firm Identity Protection

 

Protection of financial and personal customer information is a key responsibility and obligation of FINRA member firms. Under the SEC’s Regulation S-P, firms are required to have policies and procedures addressing the protection of customer information and records. This includes protecting against any anticipated threats or hazards to the security or integrity of customer records and information and against unauthorized access to or use of customer records or information. 

 

Firms should be aware that customer information and records can be compromised in a variety of ways. This is especially true for firms that offer online, Web-based access to trading platforms and customer account information. Firms must understand and address the potential risks of brokerage account intrusions, whereby an unauthorized person gains access to a customer account and either steals available assets or misuses the account to manipulate the market. Intrusions are generally accomplished through the theft of the login credentials of a customer or firm employee.

 

Since this type of illicit activity can raise both investor protection and market integrity concerns, it is essential that firms use reasonable measures to protect customer information and assets.

 

Actions to Take If a Customer Account or Data Is Compromised

 

Regulatory Notices

 

Tools and Resources

 

Education

 

Please visit our e-learning courses page to register for one or more of the following courses.

  • Customer Information Protection for Registered Representatives
  • Customer Information Protection for Supervisors

 

News Releases and Speeches

 

Regulations and Rules

The following section lists some of the rules and regulations concerning the protection of customer information that firms should be familiar with. This list is not comprehensive, and it is the responsibility of each firm to research all applicable laws and rules, review their most recent versions, and consider their applicability to the particular firm.