Investment Adviser Regulation

Consistent with the ongoing guidance/requirements from the SEC and FINRA, all firms must have and enforce data security policies and procedures.  Even the best policies and procedures may, however, not protect the firm in every instance.  So what do you do if there is a breach?19196909_s

One of the most important things to determine is what law governs.  In other words, if you have clients in all 50 states, it is possible that there are 50 different data breach laws that may be implicated.  Fox Rothschild LLP has a free app, Data Breach 411, which provides an overview of state data breach laws.

Knowing what you need to know is imperative when assessing a data breach.

 

 

In the hectic world of financial services, registered representatives and investment adviser representatives are always looking to increase their assets under management. At what cost? Are there situations where you would be better off just saying no to accepting that one additional client?

In my many years of defending representatives and advisers from customer complaints, the unqualified answer is yes; there are situations when you are better off just saying no. Any good risk avoidance program will provide for the proper screening/selection of prospective clients. I have addressed this very issue in a risk avoidance handbook.whistle

The key to this screening process is being able to sniff out the types of clients that you do not want to accept. For example, are you the fourth adviser that this client has come to in the last four years? Does the client profile not fit your personal/company investment philosophy? Does the client have unrealistic expectations on what she is expecting you to deliver?

If the answer to any of these questions is in the affirmative, there should be a huge stoplight in front of you flashing red. Any client who fits any of these descriptions is also the client most likely to bring a claim against an adviser.

So before you take on any client with a little money, be cautious. Are there red flags coming into the relationship? If so, just say no.

That is the question that the SEC has essentially posed for registered investment advisers in a National Exam Program Risk Alert. In doing so, the SEC has stated that it will be “examining compliance oversight and controls of registered investment advisers that have employed or employ individuals with a history of disciplinary events . . . .”

The SEC will essentially be examining the investment advisers business and compliance practices, particularly focused on higher risk individuals. Does this mean that you should not hire or retain someone who may have a disciplinary past?Core Values

Of course, not. Instead, this alert should be telling you that such people, if you do decide to hire (or retain) them, should come under some form of heightened supervision for a period of time, if not forever. But be forewarned that the SEC is going to check up on you by reviewing certain information, including the following:

  1. Your compliance program , including the practices surrounding the hiring and ongoing reporting obligations of investment adviser representatives.
  2. The firm’s disclosures (i.e., Form ADV) that it makes to its customers to ensure that they are accurate.
  3. The conflict of interest that the firm discloses.
  4. The firm’s marketing.

By reviewing these areas, the SEC believes that it can better understand how firms are handling and representing advisers with a past to their customers. If you decide to hire or retain such advisers, you should focus on what you are saying to the public about them through your words and actions before you are in the SEC doghouse following an examination.

 

The SEC has repeatedly included issues around social media in its annual exam priorities for investment advisers. With the SEC’s recent release of a final rule on the subject, the SEC has taken that “exam priority” to the next level.

Under this new rule, investment advisers will have to complete an additional component to their annual Form ADV filed with the SEC. In doing so, investment advisers will have to disclose their addresses for Twitter, Facebook and LinkedIn. So what’s the point?

By requiring this disclosure, the SEC can better focus on each examined firm’s use of social media. Undoubtedly, the SEC will use this information when framing its examination of individual firms.

The SEC can also use this information on an ongoing basis to assess what firms are putting out there on social media. The industry has to assume that the SEC will be doing more with this information than just tucking it away for examination purposes.Core Values

This new rule should incentivize you to review your social media policy, assuming that you have one. If you do not have one, you need to have one prepared.

You should also monitor the information that your firm is putting out there on social media. Does it confirm with SEC rules? Rest assured. If you are not minding the store, the SEC will.

It was great speaking at the May 17 New York NSCP regional conference on risk issues facing firms where Ernie Badway and I discussed cyber-security, risk issues, regulatory matters, issues involving elder clients and ways compliance personnel can protect themselves.  For those of you who could not make the conference, these topics are frequently discussed in our various publications.  Feel free to access them here and use them as you see fit.  Core Values

Client relationships and expectations can be the source of success and liability at the same time.  Ernie Badway and I will be speaking on May 17 in New York City at a regional conference of the National Society of Compliance Professionals.  We will be speaking about risk avoidance techniques that you can use in the everyday world, as well as highlighting issues and challenges that you face managing risk.  For more information about the conference, go to NSCP.org.  We hope to see you there.

With the exception of those of you who have literally been asleep for the last few years, you are well-versed in the attention FINRA and the SEC are giving to issues surrounding elder investors. Among other things, there is a real focus on elder abuse.

Some commentators believe that all of this attention may inevitably lead to additional regulations regarding how you handle older investors. Like most things from a regulatory/legislative standpoint, the loudest wheel will get the most oil.confusion.jpg

With the graying of the baby boomers, this section of society will undoubtedly have a large voice in whatever regulations or laws may come to pass. It seems as though most of the claims I have defended over the last 20 years have involved investors over the age of 60 such that I can say there is a real issue with how firms handle older clients.

Is there anything that can be done to avoid this potential regulatory headache? I think that there are things that can be done on both a macro and micro level.

The macro solution requires firms to take a big picture view of its customer composition. Assuming that there is a graying component to your customer base, you should have specific firm-wide policies and procedures that address elder issues; i.e., heightened supervision, alternate decision-makers, a committee that addresses elder issues, etc.

The micro solution is tied to the macro and can be addressed by a simple question. What are you as a firm doing to ensure your policies and procedures pertaining to elder investors are being carried through as written by your advisors/representatives? If you cannot answer this question, you might as well be signing off on those regulations.

Avoiding elder client regulations may still be in your hands. Are you doing enough to address the issue at your firm? Only time will tell.

  • photo from freedigitalphotos.net

Those famous words of the immortal Yogi Berra hold true when it comes to the SEC exam priorities for 2016. Among those at the top of the list are two familiar friends; protecting retail investors and investors saving for retirement.

It is clear that the SEC is looking in particular toward how retail firms are dealing with their older clientele since it is fair to assume that older client are those most likely preparing for retirement. So what does the SEC want to know?whistle

The SEC is looking at retirement services being offered, focusing on whether there is a reasonable basis for recommendations, conflicts of interest, supervision and compliance controls, as well as marketing and disclosure practices. If you compare these priorities to FINRA’s exam priorities, you will see the overlap.

The overlap of these priorities should sound alarms bells off in your head. The SEC and FINRA have told you twice what your regulators will analyze during your next exam. You have a choice.
You can ignore these areas and not take prophylactic measures to make sure that your policies and procedures in these are consistent with current industry standards, or you can take a serious look at what your firm is doing for your clients who are focused on retirement investing. Something tells me that taking the path of least resistance will not win you any awards with your regulators.

So take affirmative steps and give your policies and procedures in these areas will deep thought. Do you have any policies and procedures in place? If so, do they go far enough and are they consistent with current industry trends and practices? FINRA and the SEC are doing some of your work for you, don’t miss out on the free advice they are giving you.

     The SEC is conducting an exam sweep that focuses on retirement advice being given to clients of investment advisors and broker-dealers. Some commentators see this as a turf war between the SEC and the Department of Labor (DOL) because the sweep focuses on things that may come under the DOL’s jurisdiction.
Whether the exam sweep intrudes upon the DOL’s purview is really not the point. The real take away as I see it is the general subject matter and those clients who would be most implicated.money and calculator
This past year, the SEC and FINRA issued a joint report with their findings from an exam sweep focused on elder clients. This current SEC sweep can, at least in part, be seen as an extension of that work; elder clients may be the ones most impacted by retirement account advice.
So what does this mean for you? If your firm is not razor focused on what it is doing with elder clients and retirement accounts, you may be in for a rude awakening during your next regulatory exam.
As the year ends, dust off your WSPs and take a hard look at it for elder and retirement account issues. Are you addressing prior findings of the SEC and FINRA that they have made available in various reports? Has anything changed this year with the way you are running your business that may warrant a different approach? Do you need to do things differently because of changes to your business model?
Ask these questions internally now and maybe you can avoid answering the same to your regulator. You may not like the response you get from the regulator.

The SEC recently issued an investor bulletin regarding one of our favorite topics; data security of customer accounts. The primary areas of the SEC’s focus were:

  1. Have a strong password, keep it secure and change it often.
  2. Use a two-step verification process if the firm offers it.
  3. Use different passwords for different on-line accounts.
  4. Avoid using public computers to access on-line accounts.
  5. Cautiously use wireless access to on-line accounts.
  6. Check and double check any links that are sent to you via email purporting to come from your advisory firm.
  7. Secure your mobile devices.
  8. Regularly check your account statements and confirmations for unusual activity.

In my view, the above guidance offers you opportunities with your clients. For example, you should offer a two-step verification process for on-line account access. By doing so, you are telling your clients that you value their business and the protection of their confidential information.

Similarly, you should consider providing similar guidance as an investor alert or the like t27782265_so all of your clients who have on-line access. First, this gives you another opportunity to be in front of your clients. Second, it demonstrates that your firm takes the issue of data security very seriously.

Although the prospects of suffering a data breach may be ominous, you can do something to educate your clients so that they do not become unwitting targets. Providing this type of client service can only strengthen your client relationships. There is no time like the present to take this affirmative step. Make yourself a valued resource for your clients.