Skip to main content
Apr 10, 2011

SEC cracks down on insider breach

Ex-GunnAllen employees charged with violating privacy rules.

The SEC has charged three former executives of the now defunct firm GunnAllen Financial for failing to safeguard confidential customer information.

It is the first time the federal regulator has charged individuals solely with violating rules that require financial firms to keep client data away from third parties unless customers grant consent otherwise, the commission says. The fines were slapped on former company president Frederick Kraus, former national sales manager David Levine and former chief compliance officer Mark Ellis.

According to the commission, in April last year Kraus gave Levine the authorization to transfer information on more than 16,000 accounts to his new company, National Securities Corp, which he joined after stepping down from GunnAllen. With that permission, Levine then downloaded names, asset values, addresses and account numbers to a thumb drive and passed the information to the new company.

The SEC says this unethical act was in violation of the agency’s Regulation S-P, commonly referred to as the ‘Safeguard Rule’, which requires financial firms to protect confidential customer information when they are not given notice and a chance to opt out.

Kraus and Levine have each agreed to pay a $20,000 fine while Ellis is set to pay a $15,000 fine after failing to ensure customer data was protected.

‘In the past, such charges have been part of larger cases of alleged wrongdoing,’ says Michael Wolensky, a partner in Atlanta-based law firm Schiff Hardin who specializes in the securities and futures regulation area.

‘For some time, the SEC has focused on these requirements in its examination and enforcement programs. It is no surprise where there are allegations involving a large number of client files that an administrative proceeding of this nature has been initiated.’
 
Gregg Breitbart, a lawyer for Levine, argues that ‘the transfers were approved by GunnAllen, and notices were sent to affected clients’, adding that his client was ‘pleased’ to settle the case.  

The SEC also says that between July 2005 and February 2009, Tampa, Florida-based GunnAllen had ‘several serious security breaches’ including the theft of three laptop computers and the use of stolen passwords by a terminated employee to access company emails.
 
GunnAllen was shut down last year by FINRA for net capital violations.

Aarti Maharaj

Aarti is deputy editor at Corporate Secretary magazine