Wells Fargo, LPL Financial Among 12 Firms Fined $14.4 Million for Cybersecurity, Data Protection Failures

Attorney Advising Disclaimer

FINRA fined 12 member firms a total of $14.4 million for what the regulator deemed "significant deficiencies" related to preservation and protection of electronic brokerage and customer records. Specifically, FINRA said the firms failed to maintain electronic records in a "write once, read many" (WORM) format, which is industry standard to prevent alteration or destruction of important electronically stored records.

Each of the 12 disciplined firms suffered from related procedural and supervisory deficiencies, according to FINRA's news release, which investigators say affected the firms' ability to adequately retain and preserve electronic records, finding that three of the firms failed to retain required records and, in doing so, maintained inaccurate books and records in violation of an additional conduct rule.

For instance, FINRA wrote that Wells Fargo Securities (AWC #2016049784101) failed to implement an audit system concerning electronic records and that LPL Financial (AWC #2014043539001) failed to establish, maintain, and enforce a supervisory system reasonably designed to achieve compliance with the electronic WORM requirement.

The relevant period for FINRA's investigation concluded in 2016 (in Wells Fargo's case, it continued "to the present"), meaning that the misconduct persisted until fairly recently. In LPL's case, FINRA's sanction is the most recent in a history of prior penalization for similar or relevant misconduct.

In 2015, LPL Financial consented to a censure, $10 million fine, and $1.6 million order of restitution for "multiple supervisory failings and other deficiencies, including books and records issues." In 2014, LPL received a $2 million fine from the Illinois Securities Department for documentation and record keeping concerns (related to variable annuities), and in 2013, FINRA fined LPL $7.5 million for failing to review and retain "hundreds of millions" of e-mails, including tens of millions of "doing business as" (DBA) e-mails.

The following 12 firms received sanctions as a result of the aforementioned cybersecurity failures, totaling $14.4 million in fines:

> Wells Fargo Securities, LLC and Wells Fargo Prime Services: $4 million fine, jointly;

> RBC Capital Markets LLC and RBC Capital Markets Arbitrage SA: $3.5 million fine, jointly;

> RBS Securities, Inc.: $2 million fine;

> Wells Fargo Advisors, LLC, Wells Fargo Advisors Financial Network, LLC, First Clearing, LLC: $1.5 million, jointly;

> SunTrust Robinson Humphrey, Inc.: $1.5 million fine;

> LPL Financial LLC: $750,000 fine [Three instances of relevant disciplinary history];

> Georgeson Securities Corporation: $650,000 fine [One instance of relevant disciplinary history];

> PNC Capital Markets, LLC: $500,000 fine.

FINRA Chief of Enforcement Brad Bennett explained the importance of maintaining accurate electronic data: "Ensuring the integrity of these records is critical to the investor protection function because they are a primary means by which regulators examine for misconduct in the securities industry."

If you have invested with any firm, broker, or financial adviser that has proven harmful to your investments or interests, please call The Law Offices of Jonathan W. Evans & Associates at (800) 699-1881 for investigation and consultation.

Related Posts
  • After $13 Million in Penalties for 'Widespread Failure,' Oppenheimer Fined $500,000 for Supervisory and Suitability Gaps Read More
  • FINRA barred former Independent Financial Group (IFG) broker Brett Arthur Hartvigson of San Diego, California for refusing to cooperate with its investigation into allegations that were part of a complaint. In 2021, while associated with IFG, Brett Harvgi Read More
  • Stifel Nicolaus Failed to Detect Unsuitable Recommendations Despite Risk Policy, Says FINRA Read More