FINRA Fines Osaic Wealth and Securities America for Cybersecurity Failures
From the desk of Jim Eccleston at Eccleston Law
The Financial Industry Regulatory Authority (FINRA) has fined and censured independent broker-dealers Osaic Wealth and Securities America for cybersecurity lapses that exposed the private information of over 32,000 customers. According to InvestmentNews, each firm has agreed to pay $150,000 for failing to establish and maintain adequate written supervisory procedures to protect client records and information.
FINRA's settlement letter, known as an Acceptance, Waiver and Consent (“AWC”), highlights the firms' deficiencies, including the lack of multi-factor authentication for email accounts, inadequate encryption for outbound emails containing customer non-public information, and insufficient maintenance of email access logs. Between January 2021 and March 2023, unauthorized third parties accessed sensitive information—such as social security numbers, bank account details, and driver's license numbers—of approximately 28,000 Osaic customers and 4,640 Securities America clients.
FINRA noted that its examiners had previously warned both firms about their inadequate cybersecurity controls at branch offices. The broker-dealers, owned by a parent company also using the Osaic name, had relied on an enterprise-wide cybersecurity policy provided by the parent. This policy allowed each branch to develop its own cybersecurity and data loss prevention programs, leading to inconsistencies.
The firms self-reported the incidents to FINRA and have accepted the penalties without admitting or denying the allegations. Following the breaches, Osaic and Securities America informed affected customers and engaged outside consultants to assist with their response. Since March 2023, both firms have strengthened their multi-factor authentication requirements for all business-related email accounts, according to InvestmentNews.
Eccleston Law LLC represents investors and financial advisors nationwide in securities, employment, transition, regulatory, and disciplinary matters.
Tags: eccleston, eccleston law, finra