LPL has become the latest victim of the SEC’s Reg S-P crackdown. The SEC announced September 11 that it had brought an enforcement action against LPL Financial Corp., saying the largest independent broker/dealer had failed to adopt policies and procedures to safeguard its customers’ personal information, leaving at least 10,000 customers vulnerable to identity theft following a series of hacking incidents involving LPL’s online trading platform.
Reg S-P requires broker/dealers and SEC registered investment advisors like LPL to adopt policies and procedures reasonably designed to safeguard customer information. The SEC says LPL agreed to pay a $275,000 penalty to settle the SEC’s enforcement action without admitting or denying the findings.
The SEC’s administrative order against LPL finds that the firm conducted an internal audit in mid-2006 that identified inadequate security controls to safeguard customer information at its branch offices. “LPL’s audit specifically identified the risk from hacking. The SEC’s order finds that LPL failed to take timely corrective action because, by the time that hacking incidents began in July 2007, the firm had not implemented increased security measures in response to the identified weaknesses,” the SEC said in a release announcing the enforcement action.