Application security

Merrill Lynch fined 2.5M for lax email backups

The Securities and Exchange Commission has ordered brokerage firm Merrill Lynch to pay $2.5 million for not providing email records in a timely manner, the agency announced this week.

The SEC found that between October 2003 and February 2005, Merrill Lynch "repeatedly failed to promptly furnish to the (agency) staff certain emails related to its business as a broker, dealer or member of an exchange."

In doing so, Merrill Lynch violated self-proclaimed statements that its email retention systems were in compliance with federal regulations and that its systems were filing more emails than the law required.

The firm admitted to the wrongdoing.

"We have acknowledged that our email retrieval systems need to be improved, and we have done so," Merrill Lynch spokesman Mark Herr said today in a statement. "We believe we now have the capacity to respond to regulatory requests in a timely fashion."

In addition to the fine, the SEC ordered Merrill Lynch to hire an independent consultant to ensure the company's email retention systems and procedures comply with federal regulations.

This week has not been kind to the firm. On Wednesday, the NASD, formerly the National Association of Securities Dealers, fined Merrill Lynch $5 million for improper practices at two of its call centers.

The two offices – in Hopewell, N.J. and Jacksonville, Fla. – employed unqualified supervisors, conducted illegal sales contests and misrepresented facts to customers about Merrill Lynch mutual funds, the NASD said.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds