FINRA fines MML Investors Services for violations of rules for safeguarding personal info
From March 2017 through March 2018, MML failed to prevent certain registered and associated persons who had been terminated from the firm from continuing to access customer records and information.
MML Investors Services, LLC has agreed to pay a fine of $75,000 as a part of a settlement with the United States Financial Industry Regulatory Authority (FINRA).
The settlement refers to the firm’s conduct during the period from March 2017 through March 2018 (the “Relevant Period”). During this period, MML failed to prevent certain registered and associated persons who had been terminated from the firm from continuing to access customer records and information, including nonpublic personal information, in violation of the SEC’s Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information (“Regulation S-P”) and FINRA Rule 2010.
On July 1, 2016, MML’s parent company entered into an agreement and acquired MetLife Securities, Inc. (MSI) from its parent insurance company. Subsequently, MSI was merged into MML, and its associated persons became associated with MML.
The parties to the deal agreed that certain former representatives of MSI would continue to have access to the insurance company’s proprietary system for storing customer information, which stored nonpublic personal information about MML customers who held insurance and annuity products through the insurance company (the “Third-Party System”). The parties agreed to allow certain registered representatives of MSI to maintain access to the Third-Party System through September 2017 so that they could continue to service their customer accounts after becoming registered through MML.
During the Relevant Period, MML had written policies and procedures which required MML to immediately disable system access for all associated persons when they ceased to be associated with the firm. However, MML failed to implement those policies and procedures during the Relevant Period. Specifically, MML failed to ensure that access to the Third-Party System was limited to only those former registered representatives of MSI for whom access was agreed to be given.
As a result, additional former MSI registered representatives and associated persons had access to the Third-Party System after the acquisition. Because MML was unaware that these additional registered representatives and associated persons had access to the Third-Party System after the acquisition, MML did not notify the insurance company when those registered representatives and associated persons ceased to be associated with MML. Due to this, the insurance company did not timely shut off these former MML registered representatives’ and associated persons’ access to the Third-Party System.
During the Relevant Period, at least five such registered representatives and associated persons accessed the Third-Party System after they were no longer associated with MML. At least one former MML registered representative downloaded and printed nonpublic personal information about an MML customer after he left MML.
As a result of the above-mentioned conduct, MML violated Regulation S-P and FINRA Rule 2010.
On top of the fine of $75,000, the firm has agreed to a censure.
MML has been a FINRA member since March 1982. The firm, which is headquartered in Springfield, Massachusetts, has more than 1,500 branch offices and over 8,400 registered persons. It conducts a general securities business.
