Safeguarding Your Personal Information
Financial advisors are required by law to affiliate with a broker/dealer to process investment transactions on your behalf, and your advisor has chosen Commonwealth Financial Network® for this purpose.
Commonwealth, like all broker/dealers, is responsible for ensuring compliance with federal and state regulations in a number of key areas—among them protecting investors' personal and nonpublic financial information.
To that end, Commonwealth has implemented a robust Information Security program that includes information security controls, processes, and policies for properly handling your data and safeguarding it from misuse, unauthorized access or disclosure, loss, alteration, or destruction.
This program, which complies with current state and federal regulations, is designed to create a culture in which sensitive information is willingly and enthusiastically protected. We believe the administrative, technical, and physical safeguards that have been implemented are appropriate to the size and complexity of our operation and the nature and scope of our activities.
Compliance with Regulatory Bodies
Commonwealth complies with regulations set forth by the SEC, FINRA, as well as those at the state level, such as the New York Department of Financial Services (NYDFS). The SEC mandates strict measures to protect investor information and uphold market integrity; FINRA focuses on regulating brokerage firms to ensure the security and confidentiality of customer data. NYDFS imposes comprehensive cybersecurity requirements on financial institutions operating in New York, aiming to prevent data breaches and enhance consumer trust. Additionally, state regulations complement federal oversight by addressing regional concerns and promoting uniform data protection standards across the industry. At Commonwealth, we follow a risk-based approach to identify improvement opportunities and, accordingly, implement security controls and uphold regulatory standards to ensure that data is protected.
Proactively aiming for the highest standard
Commonwealth adheres to industry standards that serve as a cornerstone for effective risk management and protecting data. Leveraging the NIST Cybersecurity Framework (CSF) provides Commonwealth with a structured methodology for identifying, assessing, and prioritizing risks, enabling informed decision-making in control implementation. This risk-based approach empowers Commonwealth to proactively address emerging threats and vulnerabilities, enhancing resilience to cyberattacks, along with tailoring control implementation strategies to our unique risk profile and operational requirements.
Our program mandates a myriad of administrative, technical, and physical protections, and compliance with them is required of all advisors, advisor support staff, and Commonwealth home office employees. These measures include, but are not limited to:
Physical safeguards
These include auto-locking doors and maintaining controlled keycard access to Commonwealth facilities, providing for the secure destruction and disposal of paper and media containing personal information, and procedures for identifying and managing visitors to Commonwealth facilities.
Technology safeguards
In addition to the continuous monitoring of our home office systems and data centers for threats, Commonwealth policies require up-to-date antivirus and malware protection on all computers, multiple layers of firewall protection, email data encryption, encryption of laptops and portable media, data loss prevention, secure and environmentally safe disposal and sanitization of retired computer equipment, multifactor authentication (MFA), and the required, frequent resetting of strong network passwords.
Organizational safeguards
Through ongoing training and awareness programs on security and privacy, we aim to ensure that home office employees and advisors understand the importance of and means by which they must protect customer personal information, along with the privacy policies and standards that govern how Commonwealth handles personal information.
Restricted access
Commonwealth authorizes access to your nonpublic personal information only to Commonwealth employees and other third parties who need that information to serve you or to assist us in conducting our operations.
Assessments
Commonwealth performs internal home office and third-party assessments of our Information Security program to ensure that our program remains effective and that safeguards designed to protect customer information are in place, effective, and adhered to.
An Active And Ongoing Program
Commonwealth is committed to complying with all laws and regulations designed to protect the information entrusted to us. We continue to monitor changes to data security regulations at both the federal and state levels, as well as the evolving technology and threat landscape, to ensure that we are proactively improving and evolving our program to address the threats of tomorrow.