Jacko Law Group, PC
Call Today for a Consultation
San Diego 619-298-2880 San Francisco 415-766-3599 Los Angeles 213-631-2549

WORM Deficiencies: Are Your Electronic Records Safe?

Cybersecurity As part of FINRA's ongoing efforts to crackdown on cybersecurity failures, the brokerage industry's self-regulatory organization issued $14.4 million in fines to a dozen firms - including companies in the Wells Fargo & Co. and RBC Capital networks, RBS Securities Inc., SunTrust Robinson Humphrey Inc., LPL Financial, Georgeson Securities Corp. and PNC Capital Markets - for deficiencies related to their cybersecurity programs.

According to FINRA, the aforementioned firms did not use the appropriate storage format to retain broker-dealers' and customers' electronic records. Per Federal securities laws and FINRA rules, business-related electronic records must be kept in WORM format. WORM - write once, read many - is designed to prevent the modification and destruction of data. As a result of their failure to maintain electronic records in WORM format, the following firms received sanctions by the organization:

  • Wells Fargo Securities, LLC and Wells Fargo Prime Services, LLC were jointly fined $4 million.
  • RBC Capital Markets LLC and RBC Capital Markets Arbitrage S.A. were jointly fined $3.5 million.
  • RBS Securities, Inc. was fined $2 million.
  • Wells Fargo Advisors, LLC, Wells Fargo Advisors Financial Network, LLC and First Clearing, LLC were jointly fined $1.5 million.
  • SunTrust Robinson Humphrey, Inc. was fined $1.5 million.
  • LPL Financial LLC was fined $750,000.
  • Georgeson Securities Corporation was fined $650,000.
  • PNC Capital Markets LLC was fined $500,000.

Brad Bennett, FINRA's Executive Vice President and Chief of Enforcement, said, "These disciplinary actions are a result of FINRA's focus on ensuring that firms maintain accurate, complete and adequately protected electronic records. Ensuring the integrity of these records is critical to the investor protection function because they are a primary means by which regulators examine for misconduct in the securities industry." The firms neither admitted nor denied the charges by FINRA, but accepted the entry of the organization's findings. It is essential for financial firms to evaluate their cybersecurity controls.  For more information, review Jacko Law Group's Legal Risk Management Tip on "Legal Considerations for Your Cybersecurity Program." If you have questions or would like additional guidance on how to protect your securities data from cybersecurity breaches, contact us at 619.298.2880 or [email protected].

1 Comment

We are seeing a good number of smaller firms that think SEC and FINRA are only cracking down on the big shops. However, with Ransomware on the rise I think we will see them fining shops of all sizes in the future. Good point on the Legal considerations as it is something we always bring up as well. Hoping you won't have an incident is not a sound legal strategy.

Leave a comment
Comment Information
Email Us For A Response

How Can We Help?

Email us to request more information or to schedule an appointment.

Bold labels are required.

Contact Information

The use of the Internet or this form for communication with the firm or any individual member of the firm does not establish an attorney-client relationship. Confidential or time-sensitive information should not be sent through this form.


Privacy Policy

San Diego Office
1350 Columbia Street
Suite 300
San Diego, CA 92101

Toll Free: 866-497-2298
Phone: 213-631-2549
Phone: 619-298-2880
Fax: 619-298-2882
Map & Directions

San Francisco Office
Four Embarcadero Center
Suite 1400
San Francisco, CA 94111

Phone: 213-631-2549
Phone: 415-766-3599
Fax: 619-298-2882
Map & Directions

Los Angeles Office
535 N. Brand Boulevard
Suite 279
Glendale, CA 91203

Phone: 213-631-2549
Fax: 619-298-2882
Map & Directions