Jesse Hamilton (Bloomberg) -- Morgan Stanley agreed to pay $60 million to settle claims that the bank didn’t properly handle decommissioning of data centers tied to its wealth-management business, the Office of the Comptroller of the Currency said Thursday.
The Wall Street firm “failed to effectively assess or address risks associated with decommissioning its hardware,” including improper assessment of the risks of subcontracting the work and failing to keep appropriate tabs on customer data stored on obsolete devices, the regulator said in a statement. The agency’s consent order came without additional business restrictions.
The OCC detailed two instances -- one in 2016 and another in 2019 -- in which Morgan Stanley didn’t meet expectations for overseeing contractors, though no breach of customer information was implied. Four years ago, the lender decommissioned two data centers associated with its U.S. wealth-management operations, and it failed to properly oversee the contractor’s handling of the hardware, according to the consent order. A similar issue arose in 2019 regarding the decommissioning of other hardware.
“We have continuously monitored the situation and we do not believe that any of our clients’ information has been accessed or misused,” Morgan Stanley said in a statement. “Moreover, we have instituted enhanced security procedures, including continuous fraud monitoring, and will continue to strengthen the controls that we have in place to protect our clients’ information.”
The company said it notified clients about the technology lapses in July.
Earlier Thursday, Morgan Stanley announced that it plans to expand its wealth-management business through a $7 billion acquisition of Eaton Vance Corp. Last week, the bank got Federal Reserve approval to acquire E*Trade Financial Corp in a deal that adds a broad new base of retail customers to its brokerage business.