FINRA fined twelve of its largest member firms a combined $14.4 million for violation of its Rule 4511 and SEC Rule 17a-4(f) for their failure to keep hundreds of millions of electronic documents in a WORM or “write once, read many” format.  The WORM format is designed to ensure that important firm records including customer records containing Personally Identifiable Information are not altered after they are written.

The firms included Wells Fargo & Co., RBC Capital Markets, LPL Financial, RBS Securities, SunTrust Robinson Humphrey, Georgeson Securities Corp and PNC Capital Markets.  FINRA also found that these firms violated its Rule 3110, Supervision, and several other SEC recordkeeping provisions, Securities Exchange Act Section 17(a) and Rules 17a-4 (b) and (c), thereunder.

FINRA noted that such records must be maintained in order to ensure member firm compliance with investor protection rules and that over the last decade the volume of such data being stored electronically has risen exponentially.  In a cybersecurity warning, FINRA stated:

there have been increasingly aggressive attempts to hack into electronic data repositories, posing a threat to inadequately protected records, further emphasizing the need to maintain records in WORM format.

P&D is pleased to note that its newest partner, John R. “Jack” Hewitt is one of the country’s foremost cybersecurity authorities, and a major part of his practice is advising broker-dealers, RIAs and banks on their adherence to SEC, FINRA, CFTC and state cybesecurity requirements.  Among other things, he advises firms on information security programs, guides them through cyber-incidents and represents them in the event of a regulatory inquiry.  Mr. Hewitt regularly conducts cybersecurity audits for broker-dealers and investment advisers, and was the SEC appointed independent outside consultant in the first major SEC cybersecurity enforcement action.  He is the author of Cybersecurity in the Federal Securities Markets, a BloombergBNA publication, and Securities Practice & Electronic Technology, an ALM treatise. Mr. Hewitt is the Co-Chair of the American Bar Association, Business Section, White Collar Crime Subcommittee on Cybersecurity.

Click here to read FINRA’s official announcement.


Tags: Cybersecurity, Securities