The Financial Industry Regulatory Authority levied a $500,000 fine against Raymond James earlier this week, alleging the St. Petersburg, Fla.-based firm violated customer privacy.
In a settlement agreement filed Tuesday, FINRA claimed Raymond James’ transition support staff helped newly recruited brokers set up accounts by pre-populating forms with client information taken from their old broker/dealer, including nonpublic information like addresses, phone numbers and account details, without obtaining the customer’s consent. That violates Regulation S-P, which is meant to protect customer privacy.
In several cases, customers had opted out of sharing their information or the customer resided in a state that required affirmative consent to share personal information, according to the regulator.
“In a desperate rush to get more assets under management and the accounts, many firms are looking the other way on this,” said Bill Singer, a securities attorney representing firms, advisors and customers and author of the BrokeAndBroker.com blog.
Singer says brokerage firms routinely allow employees to violate consumer privacy, yet there’s no outcry because the public usually doesn’t know it’s happening. That stands in sharp contrast to the very vocal debate over privacy that has engulfed Apple as it seeks to avoid being required to access customer data stored on a phone belonging to one of the shooters in the recent San Bernardino shooting.
“Isn’t it shocking that we have this huge outcry over an attempt to get confidential information off the phone of dead terrorist, but on Wall Street, when we’re confronted with a similar privacy and confidentiality issue, it’s a half-million-dollar cost of doing business,” Singer said. “You can’t put a price tag on customer privacy."
“FINRA knows this is going on,” he said, adding that it's common for advisors to take client information with them when they change firms, even though most know it violates industry regulations.
“FINRA needs to stop being so hypocritical and decide that it’s going to take Regulation S-P seriously, as opposed to currently where they view it as a speed trap where they can generate fines,” Singer said.
While Raymond James was fined in this case, Singer called the practice “a cultural failure, a failure by the brokers and a failure by the former firms to inculcate their employees with the sense that this information is sacrosanct.” All parties have a responsibility to protect the industry’s reputation in regards to consumer privacy, he said.
Raymond James agreed to settle the case without admitting or denying the allegations. The fine was first reported by AdvisorHUB.
The firm said in a statement Thursday it takes the privacy of clients’ personal information seriously. It noted that the action was not related to a data breach or other security event and that the client information was only shared between companies for business-related purposes as advisors transitioned from one firm to another.
“No information was compromised in a way that would allow for illegal use,” the company said.
This is not the first time the firm has been fined for Regulation S-P violations. In September 2012, FINRA fined Raymond James $250,000 after an employee built a document management system for customer records. But FINRA claimed the firm failed to provide clients with the opportunity to opt out and failed to monitor the dissemination of the client information, which eventually made it online.
“We're talking about confidential customer information which is entrusted to our industry,” Singer said. “It takes years for a brokerage firm to build up the confidence of a client; it takes minutes to lose it. And every time a report gets out about privacy violations, it frightens the investing public and makes it harder for Wall Street to continue to flourish.”