Sensitive private data mishandled by broker watchdogs, whistleblower claims

Personal information like account numbers have been accessible online in material posted by Finra and state regulators, whistleblower claims

Mar 27, 2018 @ 9:00 am

By Bloomberg News

A whistleblower is accusing some key financial regulators of allowing sensitive broker information to become readily accessible, even as industry watchdogs emphasized the need for companies to protect client data.

According to a complaint lodged with the Securities and Exchange Commission, personal data such as brokerage account numbers provided to an industry-funded regulator have long been easily accessible online. Separately, Social Security numbers and other information meant to be kept private also was made publicly accessible by state regulators for years up until 2015, according to the complaint, which was reviewed by Bloomberg News.

At issue is material on brokers and their firms gathered by the Financial Industry Regulatory Authority Inc. and other regulators to help clients keep tabs on the people handling their money. To spot potential red flags, the SEC encourages investors to search the data housed in the sprawling Central Registration Depository of more than 3,700 broker-dealers and hundreds of thousands of people authorized to work in the securities industry.

Some of that information, which is used in Finra's BrokerCheck online portal and passed on to state authorities, has been mishandled, said the whistle-blower who asked not to be identified in discussing the allegations for fear of reprisals.

While both Finra and the North American Securities Administrators Association acknowledged past problems in a response to questions from Bloomberg News, they dispute any contention that they've been negligent in efforts to clean up the disclosures.

The issues shed light on the massive back-office systems maintained by regulators and the difficulty of keeping the sensitive information in them private. There is so much data that Finra has a team of more than 30 people who review filings and runs hundreds of automated queries to look for information that shouldn't be made public.

"They're sitting on top of an even larger amount of private data than the firms they regulate," said Donald Langevoort, a professor at Georgetown University Law Center in Washington. "There is an immense amount of cynicism about the ability of any institution, public or private, to do a good job at safeguarding privacy."

CONGRESSIONAL HEARINGS

Concern over financial regulators' ability to safeguard data led to congressional hearings last year after the SEC revealed that hackers broke into its corporate filing system and accessed two people's names, dates of birth and Social Security numbers. That disclosure followed a massive breach at Equifax Inc. that may have led to the theft of personal data on about 150 million Americans.

Finra notes that unlike the Equifax and SEC intrusions, there's no indication that the posting of broker data resulted from a hack.

"There has been no unauthorized access, hack or breach of BrokerCheck or the registration systems on which it is based," Finra spokesman Ray Pellecchia said in a statement. The organization "is constantly enhancing our controls to better prevent or more rapidly address the isolated incidents where sensitive information is inadvertently entered by a non-Finra filer."

REGISTRATION FORMS

Regulators said the problem stemmed from some firms and brokers including more information than they should have on registration forms. Some sensitive material reached the web because Finra's filters failed to catch it.

As recently as January, dozens of profiles available on websites run by Finra included account numbers and other sensitive data, as well as on one online portal on the SEC's website that lets people look up their investment advisers.

SEC spokesman Chris Carofine declined to comment.

Finra said it sent financial firms and professionals a reminder to enter only requested information after Bloomberg News asked about the issue. The regulator also said it has stepped up reviews of data available through its BrokerCheck system.

The moves appear to have had an impact. Almost all of the sensitive information available in files on brokers and advisers reviewed by Bloomberg since November have been scrubbed.

Some examples of data that were until recently available include: the name, address and account information of a Wisconsin church where a Scottrade broker was acting as treasurer; the account number for a trust on which a Morgan Stanley money manager was supposed to be serving; and the account information, name and address of the widowed mother-in-law of a Prudential Financial Inc. investment adviser.

While only a small fraction of the hundreds of thousands of registered professionals appear to have been affected, there's no easy way to fully search the data available in BrokerCheck. Information available on the web portals is also gathered by the states where brokers and investment advisers are licensed.

Joseph Brady, executive director of the North American Securities Administrators Association, urged filers to include private information only when it's requested.

"We are concerned to hear of current and isolated instances in which some potentially sensitive information, such as account numbers, may be disclosed inadvertently," he said. "NASAA continues its long-standing commitment with Finra and the SEC on efforts to mitigate any such instances."

STATE REGULATORS

In a separate problem, state regulators inadvertently made hundreds of people's Social Security numbers available for multiple years until 2015, according to the whistleblower.

Finra alerted NASAA after learning that the information was made publicly available.

"State securities regulators worked diligently to identify the individuals whose information may have been disclosed inadvertently and sent notification letters to these individuals,'' NASAA's Brady said. "The purpose of this outreach was to encourage the associations to reach out to firms about the importance of reviewing registration forms, to be mindful of how they disclose personal information, and especially not to add unsolicited personal or sensitive information on the forms when it is not required.''

Judging by the personal data that was recently available in online profiles, it appears more than two years later, some brokers and firms still haven't gotten the message.

0
Comments

What do you think?

View comments

Upcoming event

Sep 24

Conference

Diversity & Inclusion Awards

Attend an event celebrating diversity and inclusion as well as recognizing those who are leading the financial services profession in this important endeavor. Join InvestmentNews, as we strive to raise awareness, educate and inspire an... Learn more

Most watched

INTV

Young professionals see lots of opportunity to reinvent the advice experience

Members of the 2019 InvestmentNews class of 40 Under 40 have strategies to overcome the challenges of being young in a mature industry.

INTV

Young advisers envision a radically different business in five years

Fintech and sustainable investing are two factors being watched closely by some of the 2019 class of InvestmentNews' 40 Under 40.

Latest news & opinion

New Jersey fiduciary rule: Pressure leads to public hearing, comment deadline extension

Industry push results in chance to air grievances on July 17 and another month to present objections.

InvestmentNews' 2019 class of 40 Under 40

Our 40 Under 40 project, now in its sixth year, highlights young talent in the financial advice industry. These individuals illustrate the tremendous potential of those coming up in the profession. These stories will surprise, entertain, educate and inspire.

Galvin to propose fiduciary rule for Massachusetts brokers

The secretary of the commonwealth is proposing a fiduciary standard in response to an SEC investment-advice rule he views as too weak.

Summer reading recommendations from financial advisers

Here are some books that will keep you informed and entertained during summer's downtime

4 strategies for Roth conversions

There's never been a better time to do a Roth conversion, and here are several ways to go about it.

X

Hi! Glad you're here and we hope you like all the great work we do here at InvestmentNews. But what we do is expensive and is funded in part by our sponsors. So won't you show our sponsors a little love by whitelisting investmentnews.com? It'll help us continue to serve you.

Yes, show me how to whitelist investmentnews.com

Ad blocker detected. Please whitelist us or give premium a try.

X

Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print