How Morgan Stanley lost track of its old hard drives
Euromoney, is part of the Delinian Group, Delinian Limited, 4 Bouverie Street, London, EC4Y 8AX, Registered in England & Wales, Company number 00954730
Copyright © Delinian Limited and its affiliated companies 2024
Accessibility | Terms of Use | Privacy Policy | Modern Slavery Statement

How Morgan Stanley lost track of its old hard drives

An extraordinary series of data protection failures at Morgan Stanley’s wealth management business has seen the SEC fine the company $35 million.


Banks spend a fortune every year on technology and processes designed to keep customer data safe from prying eyes. But what happens when the equipment that data is stored on reaches the end of its life?

Bad things, sometimes, to judge by the findings of an investigation into Morgan Stanley’s wealth management business by the SEC, announced on September 20.

SEC chair Gary Gensler has made no secret of the fact that the Commission is on the warpath when it comes to record-keeping and device management in financial services – many firms have now provisioned for possible fines relating to staff using personal devices after JPMorgan was fined $200 million for record-keeping failures in December 2021.

Throughout its report, the SEC named the unit at fault as Morgan Stanley Smith Barney (MSSB), although the bank rebranded it as Morgan Stanley Wealth Management in 2012, after completing the buyout of Smith Barney from Citigroup. But whatever its name, so egregious were the unit’s shortcomings that the SEC seems to have surprised even itself with the results of its investigation.

“MSSB’s failures in this case are astonishing,” says Gurbir Grewal, director of the SEC’s enforcement division.

Gift this article