Whistleblower Accuses Securities Watchdogs of Failing to Protect Data
A whistleblower has accused Finra and state regulators of leaking personal information to the public, Bloomberg reports.
In a complaint registered with the SEC and reviewed by the news service, the whistleblower says data used in Finra’s BrokerCheck platform and transferred to state regulators has been mishandled.
Finra is accused of making brokerage account numbers accessible online, according to Bloomberg. The whistleblower, who asked not to be identified for fear of reprisals, also accuses state regulators of making hundreds of Social Security numbers publicly accessible for years until 2015, the news service writes.
Finra’s Central Registration Depository has data on more than 3,700 broker-dealers as well as hundreds of thousands of peopleregistered in the securities industry, according to Bloomberg. The industry’s self-regulator has a staff of more than 30 people who review filings to the depository but also uses hundreds of automated searches on sensitive private data, the news service writes.
Regulators say the cause of the problem were companies and brokers who put down more information than necessary on registrations, resulting in some personal data going online without Finra’s filters being able to stop it, Bloomberg writes. Dozens of profiles that included account numbers and other personal information were available on Finra-run websites as recently as January, according to the news service. This data was also available on an SEC portal searchable by people looking up advisors, Bloomberg writes. An SEC spokesman declined comment to the news service.
Donald Langevoort, a professor at Georgetown University Law Center in Washington, tells Bloomberg that Finra has more private data than the member companies under its purview. And a regulator’s capacity for protecting that data has been brought into question following last year’s revelations that the SEC had been hacked, with two people’s private information getting accessed — right after the Equifax Inc. hack affecting around 150 million Americans, the news service writes.
Finra and the North American Securities Administrators Association both acknowledge to Bloomberg that they’ve faced problems with handling data but deny allegations of negligence in cleaning up disclosures. The news service confirms that “almost all of the sensitive information available in files on brokers and advisers” has been removed. Finra also says that unlike in the SEC and Equifax cases, there’s no evidence of a hack, according to the news service.
“There has been no unauthorized access, hack or breach of BrokerCheck or the registration systems on which it is based,” Finra spokesman Ray Pellecchia tells Bloomberg in a statement. Joseph Brady, NASAA’s executive director, meanwhile, says filers must only supply private information when asked, according to the news service.
Bloomberg doesn’t say what actions the whistleblower is seeking.