Matters Reflect FINRA’s Focus on Cybersecurity
WASHINGTON — The Financial Industry Regulatory Authority (FINRA) announced today that it has fined 12 firms a total of $14.4 million for significant deficiencies relating to the preservation of broker-dealer and customer records in a format that prevents alteration. FINRA found that at various times, and in most cases for prolonged periods, the firms failed to maintain electronic records in “write once, read many,” or WORM, format, which prevents the alteration or destruction of records stored electronically.
FINRA imposed sanctions against the following firms:
- Wells Fargo Securities, LLC and Wells Fargo Prime Services, LLC were jointly fined $4 million.
- RBC Capital Markets LLC and RBC Capital Markets Arbitrage S.A. were jointly fined $3.5 million.
- RBS Securities, Inc. was fined $2 million.
- Wells Fargo Advisors, LLC, Wells Fargo Advisors Financial Network, LLC and First Clearing, LLC were jointly fined $1.5 million.
- SunTrust Robinson Humphrey, Inc. was fined $1.5 million.
- LPL Financial LLC was fined $750,000.
- Georgeson Securities Corporation was fined $650,000.
- PNC Capital Markets LLC was fined $500,000.
Federal securities laws and FINRA rules require that business-related electronic records be kept in WORM format to prevent alteration. The SEC has stated that these requirements are an essential part of the investor protection function because a firm's books and records are the "primary means of monitoring compliance with applicable securities laws, including antifraud provisions and financial responsibility standards.” Over the past decade, the volume of sensitive financial data stored electronically has risen exponentially and there have been increasingly aggressive attempts to hack into electronic data repositories, posing a threat to inadequately protected records, further emphasizing the need to maintain records in WORM format.
FINRA found that each of these 12 firms had WORM deficiencies that affected millions, and in some cases, hundreds of millions, of records pivotal to the firms’ brokerage businesses, spanning multiple systems and categories of records.
Brad Bennett, FINRA's Executive Vice President and Chief of Enforcement, said, “These disciplinary actions are a result of FINRA’s focus on ensuring that firms maintain accurate, complete and adequately protected electronic records. Ensuring the integrity of these records is critical to the investor protection function because they are a primary means by which regulators examine for misconduct in the securities industry.”
FINRA also found that each of the firms had related procedural and supervisory deficiencies affecting their ability to adequately retain and preserve broker-dealer records stored electronically. In addition, FINRA found that three of the firms failed to retain certain broker-dealer records the firms were required to keep under applicable record retention rules.
In settling this matter, the firms neither admitted nor denied the charges, but consented to the entry of FINRA's findings.
Investors can obtain more information about, and the disciplinary record of, any FINRA-registered broker or brokerage firm by using FINRA's BrokerCheck. FINRA makes BrokerCheck available at no charge. In 2015, members of the public used this service to conduct 71 million reviews of broker or firm records. Investors can access BrokerCheck at www.finra.org/brokercheck or by calling (800) 289-9999. Investors may find copies of this disciplinary action as well as other disciplinary documents in FINRA's Disciplinary Actions Online database. Investors can also call FINRA's Securities Helpline for Seniors at (844) 57-HELPS for assistance or to raise concerns about issues they have with their brokerage accounts and investments.
FINRA, the Financial Industry Regulatory Authority, regulates all securities firms doing business in the United States. FINRA is dedicated to investor protection and market integrity through effective and efficient regulation and complementary compliance and technology-based services. FINRA touches virtually every aspect of the securities business – from registering and educating all industry participants to examining securities firms, writing rules, enforcing those rules and the federal securities laws, and informing and educating the investing public. In addition, FINRA provides surveillance and other regulatory services for equities and options markets, as well as trade reporting and other industry utilities. FINRA also administers the largest dispute resolution forum for investors and firms. For more information, please visit www.finra.org.