SEC cracks down on insider breach

Ex-GunnAllen employees charged with violating privacy rules.

The SEC has charged three former executives of the now defunct firm GunnAllen Financial for failing to safeguard confidential customer information.

It is the first time the federal regulator has charged individuals solely with violating rules that require financial firms to keep client data away from third parties unless customers grant consent otherwise, the commission says. The fines were slapped on former company president Frederick Kraus, former national sales manager David Levine and former chief compliance officer Mark Ellis.

According to the commission, in April last year Kraus gave Levine the authorization to transfer information on more than 16,000 accounts to his new company, National Securities Corp, which he joined after stepping down from GunnAllen. With that permission, Levine then downloaded names, asset values, addresses and account numbers to a thumb drive and passed the information to the new company.

The SEC says this unethical act was in violation of the agency’s Regulation S-P, commonly referred to as the ‘Safeguard Rule’, which requires financial firms to protect confidential customer information when they are not given notice and a chance to opt out.

Kraus and Levine have each agreed to pay a $20,000 fine while Ellis is set to pay a $15,000 fine after failing to ensure customer data was protected.

‘In the past, such charges have been part of larger cases of alleged wrongdoing,’ says Michael Wolensky, a partner in Atlanta-based law firm Schiff Hardin who specializes in the securities and futures regulation area.

‘For some time, the SEC has focused on these requirements in its examination and enforcement programs. It is no surprise where there are allegations involving a large number of client files that an administrative proceeding of this nature has been initiated.’
 
Gregg Breitbart, a lawyer for Levine, argues that ‘the transfers were approved by GunnAllen, and notices were sent to affected clients’, adding that his client was ‘pleased’ to settle the case.  

The SEC also says that between July 2005 and February 2009, Tampa, Florida-based GunnAllen had ‘several serious security breaches’ including the theft of three laptop computers and the use of stolen passwords by a terminated employee to access company emails.
 
GunnAllen was shut down last year by FINRA for net capital violations.

0 comments

You must be registered to comment.

Please Sign In or Register.

Board portal security: How to keep one step ahead in an ever-evolving game

How can organizations ensure their data maintains its integrity and is secure at the highest level? What safeguards really need to be in place? This white paper discusses the key security challenges organizations need to consider regarding a board portal and the benefits that having an effective security program offers.

Download your copy today.

Thomson Reuters Accelus delivers solutions designed to empower audit, risk and compliance professionals and the boards they serve to reliably achieve business objectives, address uncertainty, and act with integrity. BoardLink, our customizable board management portal, enables you to manage board activities, stay up to date on the latest business news and regulatory changes, manage multiple layers of risk and optimize board performance.