FINRA Fines BD $600,000 for Allowing Shared Login Credentials
FINRA has fined a large broker-dealer $600,000 because it allowed brokers to use shared user names and passwords to access non-public customer information via a web interface. Because the firm did not have policies and procedures monitoring distribution of the shared credentials, the firm could not monitor access to private client information. Additionally, FINRA alleges the firm did not have procedures to disable and change credentials, so even terminated employees had access to customer information. FINRA also alleges that the firm failed to require remote brokers to install security application software.
OUR TAKE: FINRA imposed this fine even though it did not allege that any customer was harmed or that any unauthorized person actually accessed nonpublic customer information.