Customer Information Protection

Protection of financial and personal customer information is a key responsibility and obligation of FINRA member firms. Under the SEC’s Regulation S-P, firms are required to have policies and procedures addressing the protection of customer information and records. This includes protecting against any anticipated threats or hazards to the security or integrity of customer records and information and against unauthorized access to or use of customer records or information.

Firms should be aware that customer information and records can be compromised in a variety of ways. This is especially true for firms that offer online, Web-based access to trading platforms and customer account information. Firms must understand and address the potential risks of brokerage account intrusions, whereby an unauthorized person gains access to a customer account and either steals available assets or misuses the account to manipulate the market. Intrusions are generally accomplished through the theft of the login credentials of a customer or firm employee.

Since this type of illicit activity can raise both investor protection and market integrity concerns, it is essential that firms use reasonable measures to protect customer information and assets.

If a Customer's Account or Data Is Compromised

Titlesort descendingTypeDate
National Conference of State Legislatures List of State Security Breach Notification LawsLink02-19-2015
SEC Staff Responses to Questions about Regulation S-PLink02-19-2015
Identity Theft Red Flags Rule: A Small Entity Compliance GuideLink02-19-2015
SEC Chair Mary Jo White, “Opening Statement at SEC Roundtable on Cybersecurity”Link02-19-2015
SEC Commissioner Luis A. Aguilar: The Commission’s Role in Addressing the Growing Cyber-Threat
SEC Commissioner Luis A. Aguilar, “The Commission’s Role in Addressing the Growing Cyber-Threat,” Statement at SEC Roundtable on Cybersecurity
Link02-19-2015
SEC Office of Compliance Inspections and Examinations (OCIE) Cybersecurity InitiativeLink02-19-2015
Tips from US-CERTLink02-19-2015
Federal Financial Institutions Examination Council's (FFIEC) Guidance on Authentication in Internet Banking EnvironmentLink02-19-2015
FTC Guide for Businesses on Protecting Personal InformationLink02-18-2015
FTC Data SecurityLink02-18-2015
Regulation S-PLink02-18-2015
U.K. Financial Conduct Authority (FCA) Data Security PageLink02-18-2015
U.K. FCA Data Security and Consumer CommunicationsLink02-18-2015
FTC Model Consumer Privacy Notice Online Form BuilderLink02-18-2015
FFIEC Supplement to Authentication in an Internet Banking EnvironmentLink02-18-2015
Financial Services- Information Sharing and Analysis CenterLink02-18-2015
FTC Identity Theft SiteLink02-18-2015
National Cyber-Forensics & Training AllianceLink02-18-2015
SEC Identity Theft Red Flags Rule TemplateTool / Resource07-21-2014
Regulatory Notice 14-10Notices03-19-2014
Sweeps Letter- CybersecurityIndustry01-01-2014
Regulatory Notice 12-05Notices01-26-2012
Regulatory Notice 07-36Notices08-13-2007
Notice to Members 05-49Notices07-28-2005
Firm Identity ProtectionIndustry07-28-2005

Pages