In a world where digital communication reigns supreme, even the most well-intentioned financial firms can find themselves in hot water. Just ask Ceros Financial Services, who recently found themselves on the receiving end of a $75,000 fine from the Financial Industry Regulatory Authority (FINRA) for a series of email-related infractions. 
The Charges 
According to FINRA’s order, from January 2018 through June 2021, the Rockville, Maryland-based Ceros had a few issues with their email practices:
- Reps using personal emails to conduct business
- Failing to review emails from employees’ personal addresses
- Not safeguarding customer information
The Email Escapades 
Despite Ceros’ written policies prohibiting reps from using personal email for business, at least one rep decided to go rogue and regularly communicate with customers from their personal account. When FINRA caught wind of this, Ceros tried to remedy the situation by creating a list of employee personal email addresses and sending automated warning emails when incoming emails to the firm’s system came from those addresses.However, there were a few holes in this plan:
- If an email was sent from the firm system to a personal email address, no warning was sent.
- The firm didn’t review communications sent to or from personal emails unless they happened to meet other supervisory criteria.
- The firm didn’t treat these communications as red flags that other external business-related emails might be slipping through the cracks.
The Consequences 
As a result of these email escapades, several business-related emails were not preserved and retained by Ceros. Since these emails didn’t include a Ceros email address recipient, the firm can’t even quantify how many emails were lost in the digital abyss. 
To make matters worse, Ceros also failed to adopt policies and procedures to safeguard customer information and develop an identity theft program, as required by Regulation S-P and the Identity Theft Red Flags Rule. 
The Resolution 
After this email fiasco, Ceros has now implemented a firm-wide list of personal email addresses and blocks all communications to or from emails on the list. They’ve also agreed to pay the $75,000 fine and hopefully learned a valuable lesson about the importance of proper email practices. 
So, let this be a cautionary tale for all you financial firms out there: keep a close eye on those emails, or you might just find yourself in the same boat as Ceros! 