SEC Charges CCO with Regulation S-P Violations
The SEC has entered a Cease and Desist Order against the Chief Compliance Officer of a broker-dealer for failing to implement policies and procedures to make her employer compliant with Regulation S-P’s Safeguards Rule, which requires policies and procedures reasonably designed to safeguard customer records and information. As alleged by the SEC, her failure allowed records of over 5,000 customers to sit for nearly 2 weeks outside the home of a registered rep who had placed them at curbside awaiting trash removal. According to the SEC, the firm had no policies and procedures addressing administrative, technical, or physical safeguards. The SEC noted that none of the customers has become a victim of identity theft or other financial crime. The Respondent has agreed to cooperate with the SEC in further investigations.
OUR TAKE: It was the complete lack of any policies and procedures addressing the protection of customer information that led to this action against the CCO. We have previously said that decent policies and procedures coupled with a reasonable effort to enforce them will usually protect a CCO against these types of regulatory actions. This may be the first action against a CCO under the Safeguards Rule.