Customer Information Protection
Protection of financial and personal customer information is a key responsibility and obligation of FINRA member firms. Under the SEC’s Regulation S-P, firms are required to have policies and procedures addressing the protection of customer information and records. This includes protecting against any anticipated threats or hazards to the security or integrity of customer records and information and against unauthorized access to or use of customer records or information.
Firms should be aware that customer information and records can be compromised in a variety of ways. This is especially true for firms that offer online, Web-based access to trading platforms and customer account information. Firms must understand and address the potential risks of brokerage account intrusions, whereby an unauthorized person gains access to a customer account and either steals available assets or misuses the account to manipulate the market. Intrusions are generally accomplished through the theft of the login credentials of a customer or firm employee.
Since this type of illicit activity can raise both investor protection and market integrity concerns, it is essential that firms use reasonable measures to protect customer information and assets.