US Financial Industry Regulatory Authority fines totaling $650,000 against Lincoln Financial Network for failure to protect confidential customer information

November 16, 2016 |

The contrast between the way Australian regulators approach privacy breaches and those in other jurisdictions is stark.  In Australia when the Privacy Commissioner takes action, rarely, the impact is minimal.  The awards from determinations are risable, the terms of the enforceable undertakings are weak and not once has the Privacy Commissioner used the very strong injunction powers under the Privacy Act.  As such the privacy culture of Australian organisations remains poor. There is no real incentive to improve.

By contrast the Information Commissioner has imposed monetary penalty notices of tens of thousands of pounds with such regulatory as to not warrant comment.  In the United States the Federal Trade Commission has imposed rigorous enforceable undertakings on organisations who mislead their customers about privacy protection.  The Financial Industry Regulatory Authority has imposed very significant fines on organisations who have breached or exposed their customers’ personal information.  As it did on 14 November 2016 when Lincolm Financial Securities Corporation was fined $650,000 and required to implement tighter security protocols after hackers in mid-2012 accessed its cloud server and stole the confidential records of roughly 5,400 customers. 

This enforcement action is reported in Finra fines Lincoln Financial broker-dealer $650,000 for failing to protect client data which provides:

One of Lincoln Financial Network‘s independent broker-dealers was fined $650,000 by the Financial Industry Regulatory Authority Inc. for failing to reasonably safeguard confidential customer data and exposing thousands of clients’ records to foreign hackers.

Finra also found that the firm, Lincoln Financial Securities Corp., failed to reasonably retain reports of client account information and assets, known as consolidated reports in the industry.

From at least 2011 to 2015, Lincoln Financial Securities failed to maintain and enforce a supervisory system reasonably designed to ensure the security of confidential customer information stored on electronic systems at the firm’s branch offices, according to the Finra settlement released Monday.

For example, “hackers with foreign internet protocol addresses were able to access a cloud server” at a branch of the firm, “exposing the confidential records and information of approximately 5,400 customers,” according to the settlement.

And from the end of 2010 through the end of 2013, the firm failed to maintain and enforce a supervisory system reasonably designed to ensure the preservation, retention and review of consolidated reports produced by registered representatives and provided to clients, according to the settlement.

As part of the settlement, the firm neither admitted nor denied the allegations, noted spokesman Michael Arcaro.

“We are unaware of any misuse of customer information or harm to customers related to these issues,” he said. “Protecting our customers is of utmost importance to us, and we have enhanced, and are in the process of further enhancing, the firm’s supervisory processes and procedures.”

According to the most recent survey of independent broker-dealers by InvestmentNews, Lincoln Financial Network at the end of last year had 8,523 producing reps and total revenues of $854.6 million. Lincoln Financial Securities has more than 1,100 advisers.

In the settlement, Finra noted that Lincoln Financial Securities in 2011 had similar problems with failing to establish adequate procedures to protect confidential customer information that was stored on its web-based electronic portfolio management system, along with other security-related violations. The firm at the time entered into a settlement that neither admitted nor denied Finra’s findings and agreed to a $450,000 fine.

One Response to “US Financial Industry Regulatory Authority fines totaling $650,000 against Lincoln Financial Network for failure to protect confidential customer information”

  1. US Financial Industry Regulatory Authority fines totaling $650,000 against Lincoln Financial Network for failure to protect confidential customer information | Australian Law Blogs

    […] US Financial Industry Regulatory Authority fines totaling $650,000 against Lincoln Financial Network… […]

Leave a Reply





Verified by MonsterInsights