Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

FINRA fines financial firms $2.25 million for alleged improper storage of customer data

Financial Crimes Anti-Money Laundering Privacy/Cyber Risk & Data Security FINRA Enforcement

Financial Crimes

On December 6, the Financial Industry Regulatory Authority (FINRA) entered into a Letter of Acceptance, Waiver, and Consent (AWC), which requires two units of a national bank (respondents) to jointly and severally pay a $2.25 million fine for allegedly failing to store customer information in the format required under federal securities regulations, and then taking three years to report the issue after it was discovered. According to FINRA, in 2016, the agency found that the respondents allegedly violated various books and records retention requirements and related supervisory rules when maintaining approximately one million electronic brokerage records. In 2017, the respondents certified that they “had ‘adopted and implemented policies and procedures reasonably designed to achieve compliance with the applicable federal securities laws and FINRA rules’ addressed in the December 2016 AWC.” However, FINRA claimed that from 2003 to August 2020, the respondents allegedly failed to properly store roughly 13 million records related to their customer identification program (CIP) in the required “write once, read many” format (known as “WORM”). This “non-rewritable, non-erasable” format required under federal securities regulations is intended to prevent the alteration or destruction of customer identification information, FINRA explained. The respondents conducted an internal review in 2020, which concluded that the respondents were storing CIP records on a non-WORM compliant system. However, the respondents self-reported the issue to FINRA in April 2020 and migrated the relevant records to a WORM-compliant system by August 2020. The respondents did not admit nor deny the findings as part of the AWC, but have agreed to a censure and will pay the fine.