Defendant Name: Morgan Stanley Smith Barney LLC

Defendant Type: Subsidiary of Public Company
Public Company Parent: Morgan Stanley
SIC Code: 6211
CUSIP: 61744644

Initial Case Details

Legal Case Name In the Matter of Morgan Stanley Smith Barney LLC
First Document Date 08-Jun-2016
Initial Filing Format Administrative Action
File Number 3-17280
Allegation Type Broker Dealer

Violations Alleged

Rule 30(a) Regulation S-P


First Resolution Date 08-Jun-2016
Headline Total Penalty and Disgorgement

See Related Documents

Related Documents:

2016-112 08-Jun-2016 Press Release--Administrative Proceeding
SEC: Morgan Stanley Failed to Safeguard Customer Data
On June 8, 2016, the SEC announced that "Morgan Stanley Smith Barney LLC has agreed to pay a $1 million penalty to settle charges related to its failures to protect customer information, some of which was hacked and offered for sale online."
34-78021 08-Jun-2016 Administrative Proceeding
Order Instituting Administrative and Cease-and-Desist Proceedings, Pursuant to Sections 15(b) and 21C of the Securities Exchange Act of 1934, and Sections 203(e) and 203(k) of the Investment Advisers Act of 1940, Making Findings, and Imposing Remedial Sanctions and a Cease-and-Desist Order
On June 8, 2016, the SEC instituted settled administrative and cease-and-desist proceedings against Morgan Stanley Smith Barney LLC ("MSSB"). According to the SEC: "This proceeding arises out of MSSB's failure to adopt written policies and procedures reasonably designed to protect customer records and information, in violation of Rule 30(a) of Regulation S-P (17 C.F.R. § 248.30(a)) (the 'Safeguards Rule'). From at least August 2001 through December 2014, MSSB stored sensitive personally identifiable information ('PII') of individuals to whom MSSB provided brokerage and investment advisory services (referred to herein as "customers") on two of the firm's applications: the Business Information System ("BIS") Portal and the Fixed Income Division Select ('FID Select') Portal (collectively, 'the Portals'). Galen Marsh ('Marsh'), then an MSSB employee, misappropriated data regarding approximately 730,000 customer accounts, associated with approximately 330,000 different households, by accessing the Portals between 2011 and 2014. The misappropriated data included PII, such as customers' full names, phone numbers, street addresses, account numbers, account balances and securities holdings."

Related Actions:

In the Matter of Galen J. Marsh