Compliance Bits and Pieces for February 25

Here are some compliance-related stories that caught my eye:

A Blank Check for Cleaning Up Madoff’s Mess by Floyd Norris in the New York Times

But the Bernard L. Madoff fraud is proving to be different, and not just because Mr. Madoff ran by far the largest Ponzi scheme ever encountered. … SIPC (pronounced SIP-ick), a Congressionally chartered company that finances itself from assessments levied against brokerage industry revenue, estimates that it will spend a further $1.1 billion on the case. That is equal to the entire annual budget of the Securities and Exchange Commission.

Sean McKessy Tapped To Head SEC Whistleblower Office by Joe Palazzolo in’s Corruption Currents

Sean McKessy, former corporate secretary at AOL Inc. and Altria Group Inc., will head the Securities and Exchange Commission’s new whistleblower office, the agency said Friday.

FINRA Imposes Fines Totaling $600,000 Against Lincoln Financial Securities and Lincoln Financial Advisors for Failure to Protect Confidential Customer Information

Securities and Exchange Commission (SEC) and FINRA rules require every broker-dealer to adopt written policies and procedures that address safeguards for the protection of customer records and information. FINRA found that for extended periods of time – seven years for LFS and approximately two years for LFA – certain current and former employees were able to access customer account records through any Internet browser by using shared login credentials. From 2002 through 2009, between the two firms, more than 1 million customer account records were accessed through the use of shared user names and passwords. Since neither firm had policies or procedures to monitor the distribution of the shared user names and passwords, they were not able to track how many or which employees gained access to the site during this period of time. As a result of the weaknesses in access controls to the firms’ system, confidential customer records including names, addresses, social security numbers, account numbers, account balances, birth dates, email addresses and transaction details were at risk.

Does Your Company Know What It Knows? by Andrew McAfee

During times of great business change, two fundamental questions are: what kinds of companies are able to make the transition, and what happens when they do?