In February 2011, Lincoln Financial Securities Inc., and affiliate Lincoln Financial Advisors Corp., agreed to pay fines totalling $600,000 for failing to adequately protect confidential customer information. For extended periods of time, current and former employees with each firm were able to access customer accounts from shared login credentials from any Internet browser. The firms did not have policies or procedures for monitoring the distribution of the shared login credentials or to track when employees accessed the customer information. In addition, login credentials were not disabled when an employee left the firm. According to FINRA, “brokers who worked remotely were not required to install security application software on their own personal computers used to conduct the firms’ securities business.” The Securities and Exchange Commission and FINRA rules “require every broker-dealer to adopt written policies and procedures that address safeguards for the protection of customer records and information.” When assessing the sanctions, FINRA considered the firms’ efforts to contact customers whose information may have been exposed, and offered them free services.
TIP: Companies should ensure they have adequate security application software and should consider having procedures to monitor login credentials to protect confidential customer information.