Mizuho Securities USA, a US investment-banking subsidiary of the Mizuho Financial Group (NYSE: MFG), has agreed to pay $1.25 million to settle U.S. Securities and Exchange Commission charges that it failed to protect customer information.

In an order issued today, Mizuho Securities agreed to settle charges – without admitting or denying them – that its employees accessed and transferred “material nonpublic customer buyback information to other traders and Mizuho’s hedge fund clients.”

Join the iFX EXPO Asia and discover your gateway to the Asian Markets

The SEC order states that over the course of around two years, Mizuho did not have proper controls to prevent the misuse of insider information and failed to implement barriers between different trading desks.

Specifically, software restrictions allowing employees to view only data for clients they work with failed when it came to several types of reports available in the company’s systems, according to the settlement.

The misuse of such information

To make matters worse, the leaked information included the identity of the party placing the order, the order size, limit price, and indications that the orders were buyback orders. Mizuho Securities did not restrict employee access to its customer’s information based on legitimate business need although over 99.8 percent of all buyback orders were handled by algorithms, “rather than through trader-negotiated open market trades.”

The company also failed to test its authorization practices, or monitor and analyze employees’ access to customer information, the SEC said.

In 2016, Japanese parent firm, Mizuho Financial Group launched Mizuho Americas, which has since grown as a North American banking holding entity. The group comprises a host of legal entities, aggregating segments in the corporate and investment banking, financing, securities, treasury services, asset management, and research services spaces for clients in North America.

Antonia Chion, Associate Director of the SEC Division of Enforcement, took the settlement as an opportunity to stress the need for data security compliance.

He commented: “Confidential information concerning issuer stock buybacks can be material to institutional investors, particularly when such trading comprises a significant portion of the daily trading volume in the stock being repurchased. Broker-dealers must be attentive to their responsibilities to maintain and enforce policies and procedures to prevent the misuse of such information.”