Subscribe to our mailing list

* indicates required







We seek to provide information, insights and direction that may enable the Financial Community to effectively and efficiently operate in a regulatory risk-free environment by curating content from all over the web.


Stay Informed with the latest fanancialish news.




Regulatory Sanctions

How FINRA Sanctions Can Differ for Departing Brokers Who 'Steal' Customer Data

July 27, 2017

by Howard Haykin


In 2 separate cases, Registered Reps 'stole' personal customer information from their firms with plans to use that information at new firms. They didn’t get very far, as each was caught before they could make much use of their booty. FINRA hit each with sanctions that basically matched the scope and subsequent use of the stolen information. While stealing customer information is common, it is rare to read about brokers getting caught. 


GENERAL SECURITIES REP ("RR#1") ... agreed to a $10K fine and a 15-day suspension to settle FINRA charges hat he removed customer account records that belonged to his former member firm. 


FINRA Findings.    In May 2016, in anticipation of changing employment to Wells Fargo Clearing Services, RR#1 removed non-public personal customer information belonging to HSBC by printing approximately 328 HSBC customer account records that included, among other things, dates of birth, social security numbers, financial account numbers and account balances for each customer. One month later, after joining Wells Fargo, RR#1 began contacting the customers whose personal confidential information he had removed from HSBC. RR#1 eventually contacted 90 of the 328 customers and solicited their business.


INVESTMENT COMPANY SHARES AND VARIABLE CONTRACTS REP ("RR#2") ... agreed to a $5K fine and a 5-day suspension to settle FINRA charges that she took confidential, nonpublic customer information from a member firm she was leaving.


FINRA Findings.    In July 2016, in anticipation of changing employment to BCG Securities, RR#2 removed non-public customer account records that belonged to AXA Advisors by emailing an electronic file containing confidential account information related to around 90 AXA customers from her AXA email account to a personal email account. RR#2 later later uploaded the database onto a computer at her new firm.


Shortly thereafter, AXA discovered the email with the spreadsheet attachment and reached out to RR#2 to delete the spreadsheet from her computer at her new firm and from her personal email account. RR#2 complied with AXA's request and, at no time did she ever disseminate or use that information.


RULE VIOLATIONS.   Removing non-public personal customer information from a broker-dealer’s custody and control without that Firm's knowledge or consent would be a violation of FINRA Rule 2010 by causing the Firm to violate Regulation S-P. Regulation S-P generally prohibits disclosure of non-public personal information about a customer unless the customer receives proper notice and an opportunity to opt out. Information is considered to be “non-public personal information” if it contains personally identifiable financial information about one or more consumers, including:


  • (i) information a consumer provides to a B/D to obtain a financial product or service;
  • (ii) information about a consumer resulting from any transaction involving a financial product or service between a B/D and a consumer; or,
  • (iii) information a B/D otherwise obtains about a consumer in connection with providing a financial product or service to that consumer.


FINANCIALISH TAKE AWAY.    Apparently, it was standard operating procedures ('SOP') at AXA to review email sent by brokers just prior to their departure from the firm. That is how they discovered RR#2's theft. While most broker-dealers don't have the manpower that AXA has, it nonetheless behooves them to conduct similar checks as a safeguard over its assets - its customer book of business, that is.


It's uncertain how RR#1 was caught photocopying customer records. One theory is that RR#1 confessed after being caught trying to reach out to past customers. Under such a scenario, it would be prudent for any and all broker-dealers to reach out to all customers of a departing broker. [Yes, I can appreciate that many if not most firms already take this precaution.] Each contacted customer should be provided with the name of a newly-assigned broker and advised to contact the firm in the event the old broker tries and contact them.


These cases were reported in FINRA Disciplinary Actions for July 2017.

For details on RR#1 case, go to ...  FINRA Disciplinary Actions Online, and refer to Case #2016050590401.

For details on RR#2 case, go to ...  FINRA Disciplinary Actions Online, and refer to Case #2016051051601.