Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.


Status message

Start your free, no obligation 5-day trial to continue exploring with full access.

SEC Enforcement Hits Morgan Stanley for Cybersecurity Failure

Bruce Carton | June 8, 2016

The SEC brought its latest cybersecurity case under Regulation S-P today, announcing a settled administrative proceeding against Morgan Stanley Smith Barney LLC. Morgan Stanley agreed to pay a $1 million penalty to settle the agency's charges that it failed to protect customer data, some of which was hacked and offered for sale online.

Rule 30(a) of Regulation S-P under the Securities Act of 1933 (also known as the “Safeguards Rule”) lays out procedures regulated entities must follow to safeguard customer records and information. According to the SEC's Order

Morgan Stanley failed to adopt written policies and procedures reasonably designed to protect customer data.  As a result of these failures, from 2011 to 2014, a then-employee impermissibly accessed and transferred the data regarding approximately 730,000 accounts to...

Read this single article for $49, or click the subscribe button below to review subscription options.

Enjoy unlimited access to thousands of articles, browse five years of digital magazines, qualify for reduced admission to events, and more.