SEC Settles Client Data Breach with Gunnallen Execs
The former executives of defunct GunnAllen Financial Incorporated have reached an agreement with the Securities and Exchange Commission (SEC) to settle allegations that they failed to protect confidential customer information while the firm was going under, according to the Investment News. The $55,000 settlement marks the first time the SEC has charged individuals solely with violating Regulation S-P requiring firms to keep client data from third parties unless customers have given their consent.
The allegation by the SEC was that GunnAllen’s former president, Frederick Kraus, allowed David Levine, the firm’s former national sales manager, to take client information from 16,000 accounts worth $850 million to his new employer National Securities of Boca Raton, Florida. This all was during April 2010 when GunnAllen was in the “winding down” phase as they were going under. Mark Ellis, GunnAllen’s former Chief Compliance Officer, failed to make certain the customer information was properly safeguarded and ignored red flags about security breaches, according to the allegations. The customers were told about the record transfer after the fact, without having the opportunity to consent. GunnAllen went out of business in March 2010, as it faced massive legal after violating net capital rules.
Kraus and Levine agreed to pay $20,000 each and Ellis agreed to pay $15,000.