May 1, 2008
Comments with regard to proposed amendments to Regulation S-P, File Number S7-06-08:
I am a securities licensed registered representative and own my own broker dealer firm. I have been in the securities business for over 24 years.
Here the SEC is proposing that firms adopt a written comprehensive information security program for protecting personal information and for responding to unauthorized access to or use of personal information. This sounds eerily similar to the regulations requiring an anti-money laundering program and a customer identification program. Are we doomed as broker dealers to a regulatory environment whereby all of our functions must be managed within the framework of a comprehensive program. Programs appear to be the new fashion in regulation with the SEC, requiring the appointment of an individual responsible for the program, identification and assessment of the risks associated and development of written policies and procedures for the program, training staff the program, testing of the program , reporting the results of testing the program, changing or modifying the program as noted from the results of the test and finally, ongoing review of the entire program including the results of the test.
Once again, the proposed rules do not have any exceptions for small broker dealers, such as me. Or an exception for a broker dealer that utilizes the services of a clearing firm to carry customer accounts on a fully disclosed basis, such as me. I will be held to the same standards in adopting a comprehensive information security program as the largest broker dealers that carry their own customer accounts. This is going to be a costly and time-consuming endeavor for very little return or protection to my customers. The current regulations are adequate to protect my customers, so why should I be subjected to the creation of a comprehensive information security program that will do nothing to protect the privacy and security of my customers information, but will cost me lots of money to comply with the new regulations.