The Financial Industry Regulatory Authority (FINRA) has imposed fine of $60,000 on two Lincoln National Corp units for failing to adequately protect non-public customer information.
The units fined include New Hampshire-based Lincoln Financial Securities(LFS) with $450,000 and its affiliate Indiana-based Lincoln Financial Advisors Corporation (LFA) with $150,000.
FINRA said LFS failed to require brokers working remotely to install security application software on their own personal computers used to conduct the firm’s securities business.
The regulator found that seven years for LFS and approximately two years for LFA, certain current and former employees were able to access customer account records through any internet browser by using shared login credentials.
It has also noted that both the firms failed to adopt the proper procedures to disable or change the shared user names and passwords on a recurring basis to restrict the access.
According to the FINRA, during 2002 through 2009, between the two firms, over one million customer account records were accessed through the use of shared user names and passwords.
The regulator said confidential customer records including names, addresses, social security numbers, account numbers, account balances, birth dates, email addresses and transaction details were at risk due to the weakness in accessing the customer details.
Securities and Exchange Commission (SEC) and FINRA rules require every broker-dealer to adopt written policies and procedures that address safeguards for the protection of customer records and information.