NEW YORK (Legal Newsline) – Morgan Stanley Smith Barney LLC
will pay $1 million to settle allegations it failed to protect customer
information, the Securities and Exchange Commission (SEC) announced.
Morgan Stanley purportedly failed to adopt sufficient policies
to protect consumer data. The SEC believes that from 2011 to 2014, this alleged
failure led to 730,000 accounts being transferred to an employee’s personal
server, which was then ultimately hacked by third parties.
“Given the dangers and impact of cyber breaches, data
security is a critically important aspect of investor protection,” Andrew
Ceresney, director of the SEC Enforcement Division, said. “We expect SEC registrants
of all sizes to have policies and procedures that are reasonably designed to
protect customer information.”
Morgan Stanley allegedly violated Rule 30(a) of the
Regulation S-P, also known as the Safegaurds Rule. The company agreed to the
settlement but would not admit any wrongdoing.
William Martin and Simona Suh of the Enforcement Division’s
Market Abuse Unit handled the case for the SEC, under the supervision of Joseph
G. Sansone, co-chief of the unit. The New York Field Office of the Federal
Bureau of Investigation and the U.S. Attorney’s Office for the Southern
District of New York also helped in the matter.