July 16, 2019
Another day. Another FINRA fine and suspension because some registered rep still doesn't understand why it's not okay (as in also being dangerous) to email customers' confidential information to a personal email account. Making matters worse, one enterprising rep also downloaded customer info onto a portable hard drive.
Case In Point
For the purpose of proposing a settlement of rule violations alleged by the Financial Industry Regulatory Authority ("FINRA"), without admitting or denying the findings, prior to a regulatory hearing, and without an adjudication of any issue, Samuel K. Van Allen, submitted a Letter of Acceptance, Waiver and Consent ("AWC"), which FINRA accepted. In the Matter of Samuel K. Van Allen Respondent (FINRA AWC 2017053705201, July 15, 2019)
http://www.finra.org/sites/default/files/fda_documents/2017053705201
%20Samuel%20K.%20Van%20Allen%20CRD%204464706%20AWC%20sl.pdf
The AWC asserts that Van Allen entered the securities industry in 2002, and by2010, he was associated with FINRA member firm Westport Resources Investment Services, Inc., where he remained until his termination in March 2017. The AWC asserts that "Van Allen has no relevant formal disciplinary history with the Securities and Exchange Commission, any self-regulatory organization, or any state securities regulator."
Movin' On
The AWC alleges that in March 2017, Van Allen was preparing to leave Westport Resources Investment Services for another FINRA member firm. In anticipation of his resignation and new job, Van Allen:
sent two emails containing customers' nonpublic personal
information, including social security numbers, account numbers, and account
details, from his Westport email account to his personal email account. In
addition, Van Allen downloaded customers' nonpublic personal information from
a Westport computer to a portable hard drive, and removed the information from
the Firm.
Reg S-P
The AWC states in part that:
Regulation S-P generally prohibits disclosure of nonpublic personal information about a customer unless the customer receives proper notice and an opportunity to opt out.
Information is considered to be "non-public personal information" if it contains personally identifiable financial intonation about one or more consumers, including: (1) information a consumer provides to a broker-dealer to obtain a financial product or service, (2) information about a consumer resulting from any transaction involving a financial product or service between a broker-dealer and a consumer, or (3) information a broker-dealer otherwise obtains about a consumer in connection with providing a financial product or service to that consumer. "Non-public personal information" includes names, addresses, telephone and social security numbers, birth dates, and account balances that are derived in whole or in part from information provided to a financial institution by a customer.
Unaware?
Online FINRA BrokerCheck records as of July 16, 2019, disclose that Westport had permitted Van Allen to resign on March 23, 2017, and the firm reported that he had:
Resigned while under investigation for violating internal company policies in with
[sic] connection confidential customer information .
In response to Westport's disclosure, Van Allen submitted a "Broker Statement":
RR asserts that he is unaware of where this allegation stems from since the only confidential customer information he had access to was for his own clients. RR asserts he has always been stringent about maintaining the privacy of confidential information.
The AWC alleges that Van Allen improperly removed information pertaining to at least 270 customers without their knowledge or consent (and without Westport's). FINRA deemed Van Allen's conduct to constitute violations of Regulation S-P and FINRA Rule 2010. In accordance with the terms of the AWC, FINRA imposed upon Van Allen a $7,500 fine and a 15-business-day suspension in any and all capacities with any FINRA member firm.
Bill Singer's Comment
As a former Series 7/63 registered rep myself, it's going to be quite a task to find anyone (particularly an industry lawyer such as me) to be more sympathetic to the plight of the industry's registered representatives when it comes to who owns the customer. I've written extensively about that topic and am a critic of FINRA's member firm bias. See, for example, "Who Owns The Customer? Open Letter To FINRA Board From Bill Singer Esq / January 8, 2018" http://www.brokeandbroker.com/3761/who-owns-customer/
Notwithstanding my ardent advocacy for fairer access to customer data on behalf of registered representatives, I have no sympathy whatsoever for Van Allen, and, frankly, he's damn lucky that his suspension was set at a very moderate 15 business days. In this day and age, you just can't be so cavalier as to attach confidential financial information to an email or download a ton of customer data onto a portable hard drive. That's both irresponsible and idiotic.
On the other hand, FINRA is not a mere bystander in the recurrence of such stupidity. The self-regulator's lop-sided and unfair rules pertaining to access to customer data continues to instigate such dangerous activity. I have long argued that the customer owns his or her account and should be able to authorize (or deny) the transfer of so-called "confidential" customer information. In truth, FINRA has promulgated rules that are pro-employer/pro-management and designed to protect the member firm's business interest in retaining customers without an appropriate nod to the hard work and energy that many registered reps put in to originating their customers and maintaining their accounts.