In the bigger picture, it’s unclear where the SEC was during all of this activity. It’s not clear if FINRA or the SEC ever audited GunnAllen’s policies before they began their enforcement actions. FINRA’s publicly accessible records for GunnAllen make no mention of the agency having audited or examined the company before evidence of the Ponzi scheme emerged. In 2008, the SEC proposed amendments to Regulation S-P, also known as the Safeguard Rule, to increase customer data protection requirements.”]
Source: https://www.darkreading.com/attacks-breaches/exclusive-anatomy-of-a-brokerage-it-meltdown