Monday, April 11, 2011

Firms Must Protect Customer Information - Always

Regulation S-P prohibits financial institutions from disclosing private personal information about their customers to third parties, without the customer's authorization, and is designed to protect consumers against unauthorized access to their personal information.

While the regulation has a noble goal, it is also a trap for the unwary brokerage firm, and I frequently see firms get caught in a Reg S-P violation without ever intending to do so. One example is in discovery. I handle a fair amount of employment litigation, representing firms and brokers in their employment disputes. Those cases often involve the exchange of customer records during discovery, and every so often I come across a firm which thinks nothing of producing customer account information in the litigation. That is a violation of Regulation S-P, regardless of the fact that the production is required in litigation. The information has to be redacted before production.

The SEC has provided another example of an unintentional violation, and charged three former brokerage executives for failing to protect confidential information about their customers. According to the Commission, when GunnAllen Financial Inc. was winding down its business operations last year, its former president and former national sales manager violated customer privacy rules by improperly transferring customer records to another firm. The SEC also accused the firm's compliance director with failing to enforce the supervisory procedures in an unrelated incident.

According to the settlement agreements, the president allowed 16,000 annuity and mutual fund account applications to be transfered to the Sales Manager's new firm. It appears that what actually happened is that the Sales Manager downloaded the applications, and once at his new firm, sent a letter to those customers, advising them that GunnAllen could no longer service their accounts, and that he and his new partners were going to service the accounts, and offering to let the customers opt out of the transfer of their account to the new firm.

While there is undoubtedly a proper motive behind these actions, and those customers do need to have someone handle their accounts, the procedure is backwards, and the letter should have been sent before the transfer, and should have been sent by GunnAllen, not the new firm. Customers would have been given the opportunity to opt out before the disclosure of their information, and the conduct would have been in compliance with Regulation S-P.

According to the settlement, GunnAllen did exactly that, sending a letter to the customers notifying them of the closing of the firm and providing them with information and choices as to how they wanted their accounts handled. But the Sales Manager jumped the gun, and two days after the letter was sent, arranged for the transfer of the accounts.

The individuals settled the charges with the SEC. The President and the Sales Manager each received a censure and a $20,000 fine. More...

Enhanced by Zemanta