Skip to main content
Skip to navigation

Regulatory Enforcement

Morgan Stanley unit fined $35M for mishandling customer data

By Adrianne Appel2022-09-20T18:40:00

Morgan Stanley Smith Barney (MSSB) agreed to pay $35 million to settle Securities and Exchange Commission (SEC) charges it repeatedly disregarded the safeguarding of clients’ personal data.

The personally identifiable information of approximately 15 million MSSB customers was made vulnerable over a five-year period, beginning in 2015, because of failures by the firm to protect it, the SEC said in a press release Tuesday. MSSB is a wholly owned subsidiary of Morgan Stanley.

The trouble began when MSSB did not encrypt the personal data of customers stored on computer servers and hard drives, the SEC alleged. In 2016, the firm decommissioned two data centers and didn’t properly dispose of its computer servers and hard drives, the agency said.

THIS IS MEMBERS-ONLY CONTENT

cw-membership

You are not logged in and do not have access to members-only content.

If you are already a registered user or a member, SIGN IN now.

Related articles

News Brief
FINRA fines Morgan Stanley $1M for alleged documentation failures

2024-11-06T21:36:00Z By Jeff Dale

The Financial Industry Regulatory Authority fined broker-dealer Morgan Stanley $1 million over alleged documentation failures related to risk management controls and supervisory procedures involving violations of the Market Access Rule.
News Brief
SEC amends Reg S-P to require data breach notification within 30 days

2024-05-16T19:10:00Z By Aaron Nicodemus

The Securities and Exchange Commission will require broker-dealers and registered investment advisers to adopt written policies and procedures for handling data breaches of customer data and notify affected customers within 30 days.
News Brief
Morgan Stanley settles with states for $6.5M over mishandled data

2023-11-17T21:10:00Z By Adrianne Appel

Morgan Stanley agreed to pay $6.5 million as part of a settlement with six states requiring the firm to strengthen its data security after actions it took compromised the personal data of millions of customers.

More from Regulatory Enforcement

Article
False Claims Act enforcement themes for 2026

2026-02-26T21:32:00Z By Jaclyn Jaeger

The U.S. Department of Justice touted a record $6.8 billion in False Claims Act (FCA) recoveries in fiscal year 2025, much of that total stems from prior years’ cases and does not necessarily reflect the administration’s current enforcement direction.
Article
Federal jury convicts former coal executive in Egypt-linked coal FCPA case

2026-02-24T21:38:00Z By Oscar Gonzalez

A former vice president of an American coal company was convicted by a federal jury for his part in an international bribery and money laundering scheme. The conviction represents an anomoly in the Trump administration’s handling of Foreign Corrupt Practices Act (FCPA) cases launched under former President Joe Biden.
Article
U.K. financial regulator cuts cases to focus on investigations that achieve results

2026-02-20T15:52:00Z By Ruth Prickett

The U.K. financial regulator has dropped 100 investigations without action over the past three years, but compliance should expect a refocus of resources rather than a retreat from enforcement.