Regulation and Compliance Federal Regulation SEC

LPL Hit With Reg S-P Fine Over Hacking Incidents

September 11, 2008 at 08:00 PM
Share & Print

LPL has become the latest victim of the SEC's Reg S-P crackdown. The SEC announced September 11 that it had brought an enforcement action against LPL Financial Corp., saying the largest independent broker/dealer had failed to adopt policies and procedures to safeguard its customers' personal information, leaving at least 10,000 customers vulnerable to identity theft following a series of hacking incidents involving LPL's online trading platform.

Reg S-P requires broker/dealers and SEC registered investment advisors like LPL to adopt policies and procedures reasonably designed to safeguard customer information. The SEC says LPL agreed to pay a $275,000 penalty to settle the SEC's enforcement action without admitting or denying the findings.

The SEC's administrative order against LPL finds that the firm conducted an internal audit in mid-2006 that identified inadequate security controls to safeguard customer information at its branch offices. "LPL's audit specifically identified the risk from hacking. The SEC's order finds that LPL failed to take timely corrective action because, by the time that hacking incidents began in July 2007, the firm had not implemented increased security measures in response to the identified weaknesses," the SEC said in a release announcing the enforcement action.

According to the SEC's order, "LPL experienced multiple hacking incidents between July 2007 and early 2008, and unauthorized persons gained access to the online trading platform LPL provided for its registered representatives. Once logged onto LPL's trading platform, the perpetrators placed or attempted to place 209 unauthorized securities trades worth more than $700,000 combined in 68 customer accounts."

The SEC ordered LPL to cease and desist from committing future violations of the Safeguards Rule, censured it for its conduct, and ordered it to pay the $275,000 penalty. The SEC says that "LPL further agreed to undertake certain remedial actions including retaining an independent consultant to review LPL's policies and procedures required by the Safeguards Rule, and to devise and implement a policy and set of procedures for training its employees and all registered representatives regarding safeguarding customer records and information. LPL consented to the entry of the SEC's order without admitting or denying the SEC's findings."

NOT FOR REPRINT

© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Related Stories

RIA to Pay $115K Fine Over Custody Rule Violations Wells Fargo and LPL to Pay $1.8M to Settle SEC Charges 10 Worst Financial Advisor Cases of 2025 FINRA Awards $4.8M to Baird in Raymond James Poaching Dispute Senators Delay Crenshaw Vote, Increasing Odds of All-GOP SEC Cantor Fitzgerald Pays SEC $6.75M for Alleged SPAC Abuses

Resource Center

7 Ways to Take Your Practice to the Next Level link

White Paper

7 Ways to Take Your Practice to the Next Level

The Innovative RIA: Why Automation Is The Key To Sustainable Growth link

eBook

The Innovative RIA: Why Automation Is The Key To Sustainable Growth

What's Missing From Passive Municipal Bond ETFs? link

White Paper

What's Missing From Passive Municipal Bond ETFs?