Securing Your Information

 

LPL Financial Cybersecurity recognizes the importance of protecting what matters most – your personal information and assets critical to your continued success. At our core, our dedicated security teams advocate secure-by-design principles on our client-facing platforms, and partner with various business units throughout LPL to enforce rigorous security, reporting, and compliance standards based on industry frameworks so advisors and their clients can feel secure, well-informed, and protected.

Through incident response measures, proactive training initiatives, and risk management ownership, we remain committed to data security, privacy, technology, and enterprise resiliency.

To demonstrate that our cybersecurity measures meet or exceed adherence to secure framework standards, LPL systems are verified by internal or external auditors, and regulatory exams.

How we protect our advisors and their clients

 

As threats evolve, we aim to proactively educate financial professionals and their clients, providing resources that help them understand risks and make informed, security-focused decisions.

Security Awareness Training

Annual Cybersecurity training and attestation is required for all employees, advisors, and temporary workers. The training covers topics encompassing cybersecurity requirements, data security risks, artificial intelligence use, social engineering, and incident response. Additionally, financial professionals receive phishing simulations aimed at increasing awareness of emerging threats and reporting suspicious activity.

Support Of Experienced Professionals

Our dedicated security teams are comprised of executive and senior leaders who oversee core functions such as identity and access management, threat response, compliance, and M&A security. Governance frameworks are in place to support data, systems, networks, and affiliate partners across the business. Additionally, we work with risk partners to remain resilient, so that assets are up to date and stable.

How we protect data

 

Protecting client data is a critical part of our success as a company. Our systems do not react; they anticipate, adopt, and evolve to stay ahead of threats. Internal teams are regularly reviewing potential threats, and once a threat has been identified, we act or offer proactive feedback to impacted parties. Safe data handling policies and procedures define how sensitive data is protected, handled, stored, and shared to safeguard sensitive information, maintain trust, and reduce risk.

Vulnerability Management

LPL Financial is focused on maintaining system security by implementing a patch management strategy that includes regular vulnerability assessments, automated monthly updates, emergency responses for critical vulnerabilities, and prompt action on Zero-Day threats. In addition, LPL hosts a bug bounty program that invites ethical hackers and researchers to find vulnerabilities in our public facing systems, which helps validate the appropriate controls are in place. LPL Financial also conducts internal penetration testing on its tools to ensure it is abiding by secure-by-design practices and industry standards.

Data Protection

LPL Financial applies data protection measures based on data criticality and classification to safeguard sensitive information. These controls may include automatic encryption for cloud data, tokenization and masking for sensitive personally identifiable information (PII), and storage-level encryption using Self-Encrypting Drives (SEDs) for on-premises databases. We use modern technology to streamline operations, strengthen access controls, and enhance security with a Single Sign-On (SSO) experience for critical platforms.

Infrastructure and resiliency

 

Our approach to security involves Governance, Risk, and Compliance best practices, proactive risk management, and continuous monitoring and reporting. We maintain an incident response framework to quickly address threats and minimize impact.

Enterprise Resiliency Program

The Enterprise Resiliency Program at LPL Financial is designed to support business continuity and disaster recovery by incorporating Business Impact Analysis (BIA) and prioritizing the safety of employees and clients.

Technology Resiliency Program

The Technology Resiliency Program at LPL Financial focuses on the availability and recoverability of critical technologies through disaster recovery planning, routine assessments, and regular testing.

Governance and Compliance

LPL Financial adheres to the National Institute of Standards and Technology (NIST) framework and industry best practices. LPL attests and/or undergoes regular examinations by regulators such as the Financial Industry Regulatory Authority (FINRA) to demonstrate that our cybersecurity measures meet established standards. Additionally, LPL obtains a SOC2 Type 2 annually from independent auditors to validate the effectiveness of our controls.

Risk Management

LPL Financial conducts an annual NIST Cybersecurity Framework (CSF) assessment to evaluate and align the organization’s cybersecurity program against industry standards.

Incident Response

LPL Financials’ Security Incident Response Plan includes incident reviews, adherence to breach notification laws, and consideration for evolving threats. Cybersecurity training and education initiatives are conducted regularly for employees.

Monitoring and reporting

 

LPL Financial applies measures to protect advisor and client information, acknowledging its significance in maintaining trust and business operations. The Cybersecurity program is structured around continuous monitoring, routine vulnerability scans, and annual independent third-party penetration testing to assess system integrity. Identified risks are assessed, categorized, and tracked under the Vulnerability and Patch Management Standard and Enterprise Risk Management Policy. In alignment with industry best practices, specific security measures and testing methods are not disclosed.

SOC1/SOC2 Compliant

LPL partners with an independent third-party annually to produce SOC 1 and SOC 2 Reports. These reports aim to provide independent verification that controls operated effectively within the past audit period.

  • SOC 1 Reports focus on internal controls over financial reporting (ICFR).
  • SOC 2 Reports focus on controls related to trust services criteria.

LPL Cyber Fraud Guarantee

LPL Financial remains dedicated to data security, protecting assets, and recognizes the critical role cybersecurity plays in maintaining client confidence and driving business success.

Our commitment to advisors and their clients:

LPL will reimburse you for 100% of realized losses in your impacted LPL accounts, which were incurred directly as a result of unauthorized access to an LPL system.

We encourage you to explore the LPL Cyber Fraud Guarantee for terms and customer obligations.

Review the LPL Sustainability Report and LPL Privacy Policy for a detailed overview of the strategic steps we take to protect sensitive information and assets, reinforcing our dedication to security and sustainability.

Contact Us

This material is for general information only and is not intended to provide specific advice or recommendations for any individual. This material was prepared by LPL Financial, LLC

Tracking #1077416

Exp 03/2028