As compliance officer for my firm, I’m becoming concerned with the fact that we have confidential client information stored in various locations: Client management software, laptops, backup services, etc. All employees have their own login credentials for these various systems and our policies and procedures require them to change their passwords periodically but I feel like we should be doing more. What are your thoughts?

You’re right to be concerned. On June 8, Morgan Stanley was fined $1,000,000 by the SEC for "failure to adopt written policies and procedures reasonably designed to protect customer information” in violation of Regulation S-P. Morgan Stanley stored sensitive client information in various locations and an employee was able to access information on approximately 730,000 customer accounts.

Register or login for access to this item and much more

All On Wall Street content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access