The Office of the Comptroller of the Currency (OCC) today assessed a $60 million civil money penalty against Morgan Stanley Bank, N.A., and Morgan Stanley Private Bank, N.A. (“the banks”)
The OCC took these actions based on the banks’ failure to exercise proper oversight of the 2016 decommissioning of two Wealth Management business data centers located in the U.S. Among other things, the banks failed to effectively assess or address risks associated with decommissioning its hardware; failed to adequately assess the risk of subcontracting the decommissioning work, including exercising adequate due diligence in selecting a vendor and monitoring its performance; and failed to maintain appropriate inventory of customer data stored on the decommissioned hardware devices.
OCC Assesses $60 Million Civil Money Penalty Against Morgan Stanley https://t.co/MtDjv93zqc
— OCC (@USOCC) October 8, 2020
In 2019, the banks experienced similar vendor management control deficiencies in connection with decommissioning other network devices that also stored customer data. The OCC found the noted deficiencies constitute unsafe or unsound practices and resulted in noncompliance with 12 CFR Part 30, Appendix B, “Interagency Guidelines Establishing Information Security Standards.”
The OCC penalty will be paid to the U.S. Treasury.
Source: OCC
NEWSLETTER SIGN UP
And receive exclusive articles on securities markets
As Technology Evolves, Asset Managers Adapt and Innovate
Citi Changes Organizational Structure
SEC Charges Virtu for Disclosures Relating to Information Barriers
ICE Futures Singapore Partners with CoinDesk Indices
Related articles
-
Rich Handler said he does not intend to sell any further shares.
-
Glasgow is one of the bank’s 23 global technology centres.
-
Zodia Markets has been successful in executing FX with crypto trades.
-
HQLAX optimises liquidity management and collateral management.
-
Sell-side veteran cites settlement risk as the number one challenge for market participants.