Financial services firm Raymond James Financial Services Inc. (Raymond James) has agreed to settle an investigation by the Financial Industry Regulatory Authority (FINRA) for $500,000. The investigation stems from allegations that Raymond James requested that new financial advisers disclose and bring confidential customer information to Raymond James when joining the firm from other brokerage firms, without getting the customers’ permission or providing an opt-out from the disclosure to the new firm. FINRA further alleged that in some cases, financial advisers who were being recruited by Raymond James gave customer information to Raymond James even when the customer opted out from the disclosure. Finally, FINRA alleged that Raymond James recruits didn’t get affirmative consent when the customer lived in a state that required opt-in consent. FINRA noted that Raymond James did not have proper processes in place to determine whether consent had been obtained appropriately.

FINRA alleged that bringing private customer information to Raymond James without customers’ permission to do so violates Rule 10 of the Securities and Exchange Commission’s Regulation S-P.

Raymond James agreed to pay the $500,000 fine and a censure from FINRA, as well as a review of its internal controls to ensure compliance going forward.

Enforcement actions by FINRA for data privacy and security issues are few and far between and valuable lessons can be learned from this one. Financial services firms would do well to take a look at their processes for disclosure of customer information and the opt-in and opt-out requirements of state and federal law and regulations, as applicable.