According to FINRA, Guy Patrick Young was assessed a deferred fine of $5,000 and suspended from association with any FINRA member in all capacities for one month for improperly sharing photos of confidential customer data with individuals not affiliated with his member firm.
Young took photos of confidential data on his personal cell phone and sent text messages to friends that showed customers' nonpublic personal information. The information shared included client names, account balances, account numbers, dates of birth, employer information, and other background information. Young disclosed this sensitive information without the knowledge or consent of the customers or the firm and in direct violation of the firm's policies and procedures.
The unauthorized disclosure of customer information raises serious privacy and security concerns. Customer information, particularly account numbers and balances, could potentially be used for identity theft, account fraud, or other harmful purposes. Even when such information is shared with friends who may not have malicious intent, it creates risks that the information could be further disseminated or misused.
Financial institutions have legal obligations to protect customer information under Regulation S-P, which implements provisions of the Gramm-Leach-Bliley Act. Regulation S-P requires broker-dealers to adopt policies and procedures to protect customer information from unauthorized access or use. The regulation also requires firms to provide customers with privacy notices explaining how their information will be used and shared.
When registered representatives improperly disclose customer information, they undermine these regulatory protections and violate customers' reasonable expectations of privacy. Customers entrust financial institutions and their representatives with sensitive personal and financial information with the expectation that this information will be kept confidential and used only for legitimate business purposes.
The use of personal cell phones to photograph customer information creates additional security risks. Unlike firm systems that typically have security controls, encryption, and monitoring, personal devices may lack adequate security measures. Photos stored on personal phones could potentially be accessed if the phone is lost, stolen, or hacked. Text messages containing customer information may be stored on both the sender's and recipient's devices, multiplying potential points of vulnerability.
Young's actions violated his firm's policies and procedures, which undoubtedly prohibited unauthorized disclosure of customer information. The violation of firm policies regarding customer confidentiality is itself a FINRA violation, as FINRA rules require representatives to comply with firm policies and to observe high standards of commercial honor and just and equitable principles of trade.
The suspension was in effect from January 5, 2026, through February 4, 2026. The deferred fine means Young will not have to pay the $5,000 fine if he complies with all terms of the settlement during a specified period.
For investors, this case highlights the importance of firms and their representatives safeguarding customer information. Investors should be aware that their personal and account information should be kept confidential and not shared inappropriately. If you become aware that a representative has improperly disclosed your information, you should report it to the firm and to regulators.
