{"id":29658,"date":"2023-05-05T16:44:00","date_gmt":"2023-05-05T16:44:00","guid":{"rendered":"https:\/\/www.dinsmore.com\/?post_type=publications&#038;p=29658"},"modified":"2025-10-03T16:45:34","modified_gmt":"2025-10-03T16:45:34","slug":"safeguarding-customer-records-and-information-at-branch-offices","status":"publish","type":"publications","link":"https:\/\/www.dinsmore.com\/publications\/safeguarding-customer-records-and-information-at-branch-offices\/","title":{"rendered":"Safeguarding Customer Records and Information at Branch Offices"},"content":{"rendered":"\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.dinsmore.com\/wp-content\/uploads\/2023\/05\/dcs-header.jpg\" alt=\"Safeguarding Customer Records and Information at Branch Offices\"\/><\/figure>\n\n\n\n<p>The SEC Division of Examinations (\u201cExaminations\u201d) issued a Risk Alert on April 26, 2023 to highlight the importance of establishing written policies and procedures for safeguarding customer records and information at branch offices.&nbsp; Examinations provides that a branch office includes any location other than a firm\u2019s main office, including offices of any independent contractors through which a firm may offer investment products and services.&nbsp;<\/p>\n\n\n\n<p>The Risk Alert notes that some firms failed to adopt or implement written policies and procedures that address information security for their branch offices, even though such offices have access to technology systems that contain customer records and information.<\/p>\n\n\n\n<p>Regulation S-P requires firms to adopt written policies and procedures that address administrative, technical and physical safeguards for the protection of customer records and information.&nbsp; In assessing compliance with the requirements of Regulation S-P relating to branch office locations, Examinations highlights the following compliance issues:<\/p>\n\n\n\n<p><strong>Vendor Management<\/strong><\/p>\n\n\n\n<p>Examinations notes instances of firms not ensuring that their branch offices performed proper due diligence and oversight of their vendors as required by the firms\u2019 policies and procedures.&nbsp; This includes instances of firms not providing any guidance or recommendations to assist branch offices in the selection of vendors.&nbsp; These failures may result in weak or incorrect security settings and applications relating to implemented vendor systems.<\/p>\n\n\n\n<p><strong>Email Configuration<\/strong><\/p>\n\n\n\n<p>While firms generally manage email for all offices from the main office location, Examinations notes instances of firms not managing email accounts for branch offices.&nbsp; In addition, some firms lacked policies and procedures addressing branch office email configurations and permitted branch offices to obtain their own email services from vendors.&nbsp; Often in such situations, the branch office email services were configured incorrectly and subject to compromise.&nbsp; In addition, in various instances, the email configuration failed to capture account activity.&nbsp;<\/p>\n\n\n\n<p><strong>Data Classification<\/strong><\/p>\n\n\n\n<p>Examinations notes that firms did not consistently apply data classification policies and procedures to branch offices.&nbsp; Data classification generally refers to procedures to identify where customer records and information are stored electronically.&nbsp; In these instances, firms failed to identify and control customer records and information.<\/p>\n\n\n\n<p><strong>Access Management<\/strong><\/p>\n\n\n\n<p>Examinations notes firms that maintained password complexity, two factor authentication and related requirements for the main office, but not for branch offices.&nbsp; As a result, branch office systems became susceptible to breaches.<\/p>\n\n\n\n<p><strong>Technology Risk<\/strong><\/p>\n\n\n\n<p>The Risk Alert notes firms that implemented policies and procedures for inventory management, patch management and vulnerability management, but did not apply these policies and procedures to branch offices.&nbsp; As a result, branch offices were not up to date with system patching, and in some instances were running end of life systems.&nbsp; Also, Examinations notes firms not being aware of systems running on branch office networks.<\/p>\n\n\n\n<p>For additional information regarding compliance policies, procedures and issues relating to branch offices, please refer to DCS\u2019 Alert regarding the November 9, 2020 OCIE\/Division of Examinations Risk Alert:&nbsp; <a href=\"https:\/\/dinsmorecomplianceservices.com\/alerts\/ocie-risk-alert-supervision-compliance-and-multiple-branch-offices\/\">Supervision, Compliance and Multiple Branch Offices<\/a>.<\/p>\n\n\n\n<p>Here is the link to the Risk Alert:&nbsp; <a href=\"https:\/\/www.sec.gov\/exams\/announcement\/safeguarding-customer-records-and-information-branch-offices\">https:\/\/www.sec.gov\/exams\/announcement\/safeguarding-customer-records-and-information-branch-offices<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The SEC Division of Examinations (\u201cExaminations\u201d) issued a Risk Alert on April 26, 2023 to highlight the importance of establishing written policies and procedures for safeguarding customer records and information at branch offices.&nbsp; Examinations provides that a branch office includes any location other than a firm\u2019s main office, including offices of any independent contractors through\u2026<\/p>\n","protected":false},"author":8,"featured_media":0,"menu_order":0,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"tags":[],"publication-type":[7],"class_list":["post-29658","publications","type-publications","status-publish","format-standard","hentry","publication-type-analysis"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.5 (Yoast SEO v26.9) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Safeguarding Customer Records and Information at Branch Offices - Dinsmore &amp; Shohl<\/title>\n<meta name=\"description\" content=\"Safeguarding Customer Records and Information at Branch Offices Read insights and legal analysis from attorneys at Dinsmore &amp; Shohl LLP.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dinsmore.com\/publications\/safeguarding-customer-records-and-information-at-branch-offices\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Safeguarding Customer Records and Information at Branch Offices\" \/>\n<meta property=\"og:description\" content=\"Safeguarding Customer Records and Information at Branch Offices Read insights and legal analysis from attorneys at Dinsmore &amp; Shohl LLP.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dinsmore.com\/publications\/safeguarding-customer-records-and-information-at-branch-offices\/\" \/>\n<meta property=\"og:site_name\" content=\"Dinsmore &amp; Shohl\" \/>\n<meta property=\"article:modified_time\" content=\"2025-10-03T16:45:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.dinsmore.com\/wp-content\/uploads\/2023\/05\/dcs-header.jpg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.dinsmore.com\/publications\/safeguarding-customer-records-and-information-at-branch-offices\/\",\"url\":\"https:\/\/www.dinsmore.com\/publications\/safeguarding-customer-records-and-information-at-branch-offices\/\",\"name\":\"Safeguarding Customer Records and Information at Branch Offices - Dinsmore &amp; Shohl\",\"isPartOf\":{\"@id\":\"https:\/\/www.dinsmore.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.dinsmore.com\/publications\/safeguarding-customer-records-and-information-at-branch-offices\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.dinsmore.com\/publications\/safeguarding-customer-records-and-information-at-branch-offices\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.dinsmore.com\/wp-content\/uploads\/2023\/05\/dcs-header.jpg\",\"datePublished\":\"2023-05-05T16:44:00+00:00\",\"dateModified\":\"2025-10-03T16:45:34+00:00\",\"description\":\"Safeguarding Customer Records and Information at Branch Offices Read insights and legal analysis from attorneys at Dinsmore & Shohl LLP.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.dinsmore.com\/publications\/safeguarding-customer-records-and-information-at-branch-offices\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.dinsmore.com\/publications\/safeguarding-customer-records-and-information-at-branch-offices\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.dinsmore.com\/publications\/safeguarding-customer-records-and-information-at-branch-offices\/#primaryimage\",\"url\":\"https:\/\/www.dinsmore.com\/wp-content\/uploads\/2023\/05\/dcs-header.jpg\",\"contentUrl\":\"https:\/\/www.dinsmore.com\/wp-content\/uploads\/2023\/05\/dcs-header.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.dinsmore.com\/publications\/safeguarding-customer-records-and-information-at-branch-offices\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.dinsmore.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Safeguarding Customer Records and Information at Branch Offices\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.dinsmore.com\/#website\",\"url\":\"https:\/\/www.dinsmore.com\/\",\"name\":\"Dinsmore & Shohl\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.dinsmore.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.dinsmore.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.dinsmore.com\/#organization\",\"name\":\"Dinsmore & Shohl\",\"url\":\"https:\/\/www.dinsmore.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.dinsmore.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.dinsmore.com\/wp-content\/uploads\/2025\/12\/Dinsmore-Final-Logo-Navy.svg\",\"contentUrl\":\"https:\/\/www.dinsmore.com\/wp-content\/uploads\/2025\/12\/Dinsmore-Final-Logo-Navy.svg\",\"width\":413,\"height\":54,\"caption\":\"Dinsmore & Shohl\"},\"image\":{\"@id\":\"https:\/\/www.dinsmore.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Safeguarding Customer Records and Information at Branch Offices - Dinsmore &amp; Shohl","description":"Safeguarding Customer Records and Information at Branch Offices Read insights and legal analysis from attorneys at Dinsmore & Shohl LLP.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dinsmore.com\/publications\/safeguarding-customer-records-and-information-at-branch-offices\/","og_locale":"en_US","og_type":"article","og_title":"Safeguarding Customer Records and Information at Branch Offices","og_description":"Safeguarding Customer Records and Information at Branch Offices Read insights and legal analysis from attorneys at Dinsmore & Shohl LLP.","og_url":"https:\/\/www.dinsmore.com\/publications\/safeguarding-customer-records-and-information-at-branch-offices\/","og_site_name":"Dinsmore &amp; Shohl","article_modified_time":"2025-10-03T16:45:34+00:00","og_image":[{"url":"https:\/\/www.dinsmore.com\/wp-content\/uploads\/2023\/05\/dcs-header.jpg","type":"","width":"","height":""}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.dinsmore.com\/publications\/safeguarding-customer-records-and-information-at-branch-offices\/","url":"https:\/\/www.dinsmore.com\/publications\/safeguarding-customer-records-and-information-at-branch-offices\/","name":"Safeguarding Customer Records and Information at Branch Offices - Dinsmore &amp; Shohl","isPartOf":{"@id":"https:\/\/www.dinsmore.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.dinsmore.com\/publications\/safeguarding-customer-records-and-information-at-branch-offices\/#primaryimage"},"image":{"@id":"https:\/\/www.dinsmore.com\/publications\/safeguarding-customer-records-and-information-at-branch-offices\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dinsmore.com\/wp-content\/uploads\/2023\/05\/dcs-header.jpg","datePublished":"2023-05-05T16:44:00+00:00","dateModified":"2025-10-03T16:45:34+00:00","description":"Safeguarding Customer Records and Information at Branch Offices Read insights and legal analysis from attorneys at Dinsmore & Shohl LLP.","breadcrumb":{"@id":"https:\/\/www.dinsmore.com\/publications\/safeguarding-customer-records-and-information-at-branch-offices\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dinsmore.com\/publications\/safeguarding-customer-records-and-information-at-branch-offices\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.dinsmore.com\/publications\/safeguarding-customer-records-and-information-at-branch-offices\/#primaryimage","url":"https:\/\/www.dinsmore.com\/wp-content\/uploads\/2023\/05\/dcs-header.jpg","contentUrl":"https:\/\/www.dinsmore.com\/wp-content\/uploads\/2023\/05\/dcs-header.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.dinsmore.com\/publications\/safeguarding-customer-records-and-information-at-branch-offices\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.dinsmore.com\/"},{"@type":"ListItem","position":2,"name":"Safeguarding Customer Records and Information at Branch Offices"}]},{"@type":"WebSite","@id":"https:\/\/www.dinsmore.com\/#website","url":"https:\/\/www.dinsmore.com\/","name":"Dinsmore & Shohl","description":"","publisher":{"@id":"https:\/\/www.dinsmore.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dinsmore.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.dinsmore.com\/#organization","name":"Dinsmore & Shohl","url":"https:\/\/www.dinsmore.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.dinsmore.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.dinsmore.com\/wp-content\/uploads\/2025\/12\/Dinsmore-Final-Logo-Navy.svg","contentUrl":"https:\/\/www.dinsmore.com\/wp-content\/uploads\/2025\/12\/Dinsmore-Final-Logo-Navy.svg","width":413,"height":54,"caption":"Dinsmore & Shohl"},"image":{"@id":"https:\/\/www.dinsmore.com\/#\/schema\/logo\/image\/"}}]}},"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.dinsmore.com\/wp-json\/wp\/v2\/publications\/29658","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dinsmore.com\/wp-json\/wp\/v2\/publications"}],"about":[{"href":"https:\/\/www.dinsmore.com\/wp-json\/wp\/v2\/types\/publications"}],"author":[{"embeddable":true,"href":"https:\/\/www.dinsmore.com\/wp-json\/wp\/v2\/users\/8"}],"version-history":[{"count":2,"href":"https:\/\/www.dinsmore.com\/wp-json\/wp\/v2\/publications\/29658\/revisions"}],"predecessor-version":[{"id":29672,"href":"https:\/\/www.dinsmore.com\/wp-json\/wp\/v2\/publications\/29658\/revisions\/29672"}],"wp:attachment":[{"href":"https:\/\/www.dinsmore.com\/wp-json\/wp\/v2\/media?parent=29658"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dinsmore.com\/wp-json\/wp\/v2\/tags?post=29658"},{"taxonomy":"publication-type","embeddable":true,"href":"https:\/\/www.dinsmore.com\/wp-json\/wp\/v2\/publication-type?post=29658"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}