Before leaving the Firm to build his own outside retirement-planning business, de Franco generated spreadsheets from IRC's database that contained confidential information, including names, dates of birth, and account balances for 1,696 plan participants, including participants with whom de Franco had no prior relationship. Without the authority of the participants, the Firm or IRC, he emailed the spreadsheets from his RC Services email account to an email account that his outside business maintained and to which his wife, who was not affiliated with IRC or the Firm, had access. Neither the email nor the spreadsheets were encrypted, risking the possibility that if misdirected personal information of plan participants would fall into the hands of third parties. De Franco emailed the spreadsheets so that he could contact a subset of the plan participants on the spreadsheets for the purpose of selling them retirement-planning services through his outside business. The Firm discovered the April 4, 2017 email through routine surveillance, and terminated de Franco's registration. De Franco never used the information for any purpose.
Once you have decided to move on from your current firm, be aware that the whole "before leaving" period of time will come under scrutiny. The key point here is that you have decided to leave, as in you no longer have any intention of remaining at your current employer. That changed state of mind is a critical distinction, and one that a veteran industry lawyer will latch on to whether that lawyer is in the service of your former firm or part of a regulator's staff. Consequently, once you have decided that you're leaving, you have to be careful about accessing your current' firm's confidential databases. Careful as in the fact that you will inevitably leave a digital footprint of the date and time you logged on to the database and performed the data dump. In de Franco's case, his generation of spreadsheets from IRC's database became all the more troubling because he not only had decided to leave RC Services but he also was pursuing "his own outside retirement-planning business." On top of that, it gets messy trying to distinguish between what de Franco did wrong at or to his FINRA member firm employer RC Services versus non-member-firm-affiliate IRC.
If de Franco had merely used the confidential information of plan participants with whom he had a prior, ongoing relationship, that still would not have been okay -- but it would have been less bad than what he did by accessing the confidential data of 1,696 plan participants, "including participants with whom de Franco had no prior relationship." It doesn't look right a couple of years later and it likely rankled IRC when the conduct was of a more contemporaneous vintage. You may be thinking that if de Franco had asked for permission to download the data that the BD and RIA might both have declined the request. You may be right. You may be wrong. Regardless, he didn't ask -- and that's the only thing that matters at this point.
It's easy to see in hindsight how de Franco's simple decision to create spreadsheets and then email them to his outside business was a huge mistake. At the time, as is often the case, it likely seemed harmless (or perhaps a "who's gonna find out?"). It may well have been that de Franco felt that he had invested some seven years at RC Services and IRC and, well, you know how these things get rationalized, he may have figured it was "his" business and he had access to the data anyway as part of his job and . . . and . . . and. The problem with de Franco's conduct is that he sent confidential customer information away from his firm, which was entrusted with securing that information and protecting the participants. Worse, by transmitting the confidential files without encryption and to "his outside business," de Franco created a troubling scenario that invited his former firm's Form U5 narrative and the scrutiny of FINRA. Yes, I know, we all send all sorts of stuff by email. On the other hand, how did that work out for de Franco?
As an industry lawyer, among the more common things I hear from clients is how they never, ever thought that those idiots in Compliance would ever find out that they had logged on to the firm's computer system and downloaded X or copied Y or altered the contact information for their clients. Did you notice how RC Services fired de Franco after the firm "discovered the April 4, 2017 email through routine surveillance?" So, maybe those folks in Compliance ain't the dumb shits that you think they are? And, while we're doing some soul searching, maybe you're not as clever as you think you are?
The fact that "De Franco never used the information for any purpose," may have moved FINRA's regulatory needle from a multi-week or multi-month suspension to a more temperate 10-business-days. Keep that in mind should you find yourself under FINRA's scrutiny for similar misconduct. For whatever reason de Franco didn't exacerbate a bad situation by actually using the data to solicit customers or to harm his former firm. If he had pursued such actions, I'm certain that his suspension wold have been for a more lengthy period.curated by veteran Wall Street lawyer Bill Singer http://www.rrbdlaw.com/4514/securities-industry-commentator/U.S. Attorney's Office Settles Disability Discrimination Allegations Related to the CPA Exam (DOJ Release)FINRA Fines and Suspends Rep for Emailing Confidential Info Of 1,696 Plan Participants(BrokeAndBroker.com Blog)SEC Charges Former CEO of Silicon Valley Startup With Defrauding Investors (SEC Release)The Founder and Chairman of a Multinational Investment Company, a Company Consultant and Two North Carolina Political Figures are Charged with Public Corruption and Bribery (DOJ Release)FIH, LLC, Plaintiff/Appellant, v. Foundation Capital Parnters LLC, FKA Foundation Managing Member LLC, Dean Barr, Joseph Meehan, Thomas Ward, and Joseph Elmlinger, Defendants/Appellees (Opinion, 18-CV-357, United States Court of Appeals for the Second Circuit)SEC Charges College Official for Fraudulently Concealing Financial Troubles from Municipal Bond Investors (SEC Release)SEC Obtains Final Judgment Against New York Broker Charged with Stealing from Investors (SEC Release)