Morgan Stanley has agreed to pay a fine of $15 million for incorrectly storing e-mails, as well as adopt IT security policies and training procedures concerning the retention of correspondence under the supervision of an independent consultant. According to InfoWatch experts, the company’s losses could have been avoided by spending considerably less on an ordinary e-mail archive and an IT security policy.
The Securities and Exchange Commission (SEC) lawsuit against Morgan Stanley, which resulted in a fine of $15 million for the brokerage firm’s failure to store e-mail correspondence properly, now appears to be coming to a close. Morgan Stanley has agreed to pay the penalty and introduce a number of security and administrative measures in the near future.
For over four years Morgan Stanley failed to supply e-mails that were requested by the SEC in December 2000. The correspondence had been lost after back-up tapes were overwritten and it wasn’t until July 2005 that Morgan Stanley really started to look for them.
As a regulated broker, Morgan Stanley is required to abide by SEC rules, which include the archiving of e-mail correspondence for several years. As well as paying $15 million, the firm has also agreed to adopt approved security policies and training courses on the retention of e-mails, all under the review of an independent consultant. As a result, Morgan Stanley is going to end up spending much more than just the sum of the fine.
“Morgan Stanley has needlessly lost $15 million. The company could have made a one-off investment to install an ordinary e-mail archive and the relevant storage policy to retain corporate correspondence. It would have meant making fewer back-up copies, and any existing tapes would have been stored more reliably,” says Denis Zenkin, marketing director at InfoWatch.
Source: IT Compliance Institute