On April 7, 2011, the Securities and Exchange Commission announced a total of $55,000 in fines against three former executives of a securities broker-dealer for violations of the privacy and safeguard rules in Regulation S-P. The fines mark the first time the SEC has imposed administrative fines for violations of these rules. Copies of the SEC’s announcement and orders can be found here.
The SEC alleged that, in the course of winding down the business operations of GunnAllen Financial, the former president and former national sales manager downloaded customer records, including names and addresses, account numbers, and asset values, and provided the records to the sales manager’s new employer. The SEC found that their actions violated the privacy rule, which obligates broker-dealers to give customers a reasonable opportunity to opt out before customer information is shared with unaffiliated third-parties, and the safeguards rule, which requires broker-dealers to have adequate policies and procedures in place to safeguard customer data. The SEC found that the company’s former chief compliance officer was culpable for violations of the safeguards rule. The SEC also found that the company’s policies and procedures were inadequate because they simply recited Regulation S-P and were not modified over time, even after the company was affected by security breaches.