On Wednesday, an SEC judge ordered NEXT Financial Group to pay a $125,000 penalty and prohibited the independent b/d from using recruiting tactics that violate client privacy laws.

In August, the SEC issued an Order Instituting Cease-and-Desist Proceedings against the Houston-based b/d, saying there are 22 instances where investors’ private information was allegedly mishandled, consequently violating Regulation S-P—the SEC’s adoption of client privacy laws under the Gramm-Leach-Bliley Act of 2000. The instances center around the methods used by NEXT’s “transition team” to help bring on new reps. (Read Registered Rep.’s September cover story about how Regulation S-P is affecting independent b/ds.)

In his decision, Judge James T. Kelly wrote, “I conclude that the proven misconduct is very serious. Until the Commission’s staff began its investigation, NEXT’s program of pre-populating account transfer documents was frequently out of control. NEXT’s transition team solicited and received thousands, if not tens of thousands, of pieces of customer non-public personal information. Some of the information concerned customers of representatives who had no intention of transferring to NEXT, whom NEXT had not approved to join the firm, or who did not actually join the firm. The misconduct was not isolated.”

“As to outbound NEXT representatives, this misconduct continued for several years and ended only in February 2006. As to inbound recruits, the misconduct continues today. NEXT acted negligently with respect to its outbound representatives; it acted extremely recklessly with respect to its inbound recruits,” he added.

The SEC says that until February 2007, the customer information called for in the Excel document for each customer account included the name of the primary account owner, brokerage account numbers, “direct” account numbers, such as mutual fund account numbers, and variable annuity account numbers. The firm also requested social security or tax ID numbers, account types, individuals’ net worth, annual income, years of investment experience, mailing address, home telephone number, date of birth, bank name, passport number, driver’s license number, occupation and employment information. According to the SEC, such material is non-public personal information and cannot be shared with unaffiliated third parties.

In March, the SEC proposed amendments for Regulation S-P, which restricts financial institutions from sharing clients' non-public personal information (or “personally identifiable financial information,” including investment details) about its customers with non-affiliated third-party firms without clients' explicit consent. The SEC's proposed changes would, among other things, allow departing reps to take limited client data—the customer's name, address, telephone number and e-mail—and to provide general descriptions of accounts and products held by those clients to a new firm. (The proposed changes would also require firms to create more comprehensive information-security programs.)