The Financial Industry Regulatory Authority (FINRA) yesterday said it imposed fines of $450,000 against Lincoln Financial Securities, Inc. (LFS) and $150,000 against an affiliated firm, Lincoln Financial Advisors Corporation (LFA), for failure to adequately protect non-public customer information. In addition, LFS failed to require brokers working remotely to install security application software on their own personal computers used to conduct the firm’s securities business.
Securities and Exchange Commission (SEC) and FINRA rules require every broker-dealer to adopt written policies and procedures that address safeguards for the protection of customer records and information. FINRA found that for extended periods of time – seven years for LFS and approximately two years for LFA – certain current and former employees were able to access customer account records through any Internet browser by using shared login credentials.
The Web-based system both firms used combined non-public customer account information from various sources and allowed employees to view the customer account information within a single site, FINRA said.
Home office personnel from both firms could access the system either by clicking on a link on the firm’s website or could gain access through any Internet browser by going directly to the system’s website and logging in with one of the shared user names and passwords, according to the press release.
Why should RIAs pay attention?
Because the chairman of the SEC, Mary Schapiro, has said she wants to harmonize rules for registered representatives and RIAs, and the effort to mae this happen seems unstoppable and has gathered strength in recent weeks.
If FINRA is issuing large fines and examining broker/dealers for such infractions, then RIAs should expect the SEC and state regulators will follow suit.