How Morgan Stanley lost track of its old hard drives
An extraordinary series of data protection failures at Morgan Stanley’s wealth management business has seen the SEC fine the company $35 million.
Banks spend a fortune every year on technology and processes designed to keep customer data safe from prying eyes. But what happens when the equipment that data is stored on reaches the end of its life?
Bad things, sometimes, to judge by the findings of an investigation into Morgan Stanley’s wealth management business by the SEC, announced on September 20.
SEC chair Gary Gensler has made no secret of the fact that the Commission is on the warpath when it comes to record-keeping and device management in financial services – many firms have now provisioned for possible fines relating to staff using personal devices after JPMorgan was fined $200 million for record-keeping failures in December 2021.
Throughout its report, the SEC named the unit at fault as Morgan Stanley Smith Barney (MSSB), although the bank rebranded it as Morgan Stanley Wealth Management in 2012, after completing the buyout of Smith Barney from Citigroup. But whatever its name, so egregious were the unit’s shortcomings that the SEC seems to have surprised even itself with the results of its investigation.
“MSSB’s failures in this case are astonishing,” says Gurbir Grewal, director of the SEC’s enforcement division.