trending Market Intelligence /marketintelligence/en/news-insights/trending/TTSjDFUIhUmCNh4rz9DBDw2 content esgSubNav
In This List

Craig Scott Capital settles with SEC over client information security issue

Blog

Banking Essentials Newsletter: July Edition - Part 2

Blog

Anticipate the Unknown Go Beyond Fundamentals to Uncover Early Signs of Private Company Credit Deterioration

Blog

Taking Loss Given Default Estimation to the Next Level: An Aspiration for All Creditors, Not Just Banks

Blog

Anticipate the Unknown A Fundamentals Approach to Detect Early Signs of Private Company Credit Deterioration


Craig Scott Capital settles with SEC over client information security issue

Craig Scott CapitalLLC and its co-founders and co-owners, Craig Taddonio and Brent Porges,have agreed to settle the SEC's allegations that the company failed to adopt writtenpolicies and procedures reasonably designed to insure the security and confidentialityof customer records and information, and to make and keep certain communicationsrelating to its business.

According to an order instituting administrative and cease-and-desistproceedings dated April 12, the SEC found that from Jan. 20, 2012, until approximatelyJune 2014, the company used email addresses other than those with its domain nameto electronically receive more than 4,000 faxes from customers and other third parties.The faxes routinely included sensitive customer records and information, such ascustomer names, addresses, social security numbers, bank and brokerage account numbers,copies of driver's licenses and passports, and other customer financial information.Taddonio, Porges, the company's other employees and registered representatives alsoused their personal email addresses for matters relating to the business of thecompany. Additionally, the company did not maintain and preserve either these faxesor this email correspondence as required by the Securities Exchange Act.

Although the company had written supervisory procedures duringthe relevant period, these were not reasonably designed to protect customer recordsand information. The procedures failed to designate the responsible supervisor,failed to address how customer records and information transmitted through the electronicfax system were to be handled, contained blanks as to how the company was to complywith certain rules, and were not tailored to the actual practices at the company,the SEC said.

The company, Taddonio and Porges consented to the entry of theSEC order without admitting or denying the findings. The respondents also agreedto cease and desist from committing or causing any violations and any future violationsof the relevant rules. Further, the company agreed to pay a civil money penaltyof $100,000, and Taddonio and Porges each agreed to pay $25,000 in penalties.