Compliance Solutions for Investment Advisers

Category Archives: Privacy & Data Security

SEC Cybersecurity Exam Requests

Cybersecurity seems to be all the rage with both SEC and state regulators. However, advisers have been flying blind as to what the regulators may actually request during a cybersecurity exam. Thanks to our contacts in the industry, we were able to obtain a list of cybersecurity-related information requested by the SEC during a recent exam of

Top 4 Regulatory Filing Deficiencies

As stated in the recent SEC Risk Alert, the 4 most frequent regulatory filing issues identified in examinations of investment advisers are as follows:

Some Tips for Safeguarding Client Info

Six good safeguarding tips: Shred financial documents and other printed personal material before discarding. Do not leave your laptop computer, iPad, iPhone or Blackberry in your car (or Starbucks) unattended. Do not leave a computer you are logged on to unattended or unprotected. Do not share your passwords with other persons (and do not post

Cybersecurity and Regulatory Enforcement

No one wants to be a victim of a cybersecurity attack. But if you are an investment adviser and your clients’ personally identifiable information (PII) is hacked, you will be a victim and, in the view of the regulators, you might just be treated as a perpetrator as well. Just ask R.T. Jones Capital Equities Management, the firm that

Do You Have a Mobile Device Policy?

With the proliferation of smart phones, iPads and table computers in the advisory business, I would suggest that all advisers probably would benefit from developing and implementing policies and procedures regarding their use. Here are some issues you should consider: What are employees permitted to access from their mobile devices? If employees have the capability

Alert – Information Security

The purpose of this compliance training material is to familiarize you with key issues regarding information security. Overview One of the most pressing compliance issues for investment advisers is how to satisfy SEC requirements in the area of information security. The following checklist will allow you to take measure of your advisory firm’s existing information

Alert – Cybersecurity

Dear Compliance Professional, On April 15, 2014, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert as part of its 2014 initiative to assess Cybersecurity preparedness.  OCIE’s cybersecurity initiative is designed to assess cybersecurity preparedness in the securities industry and to obtain information about the industry’s recent experiences with certain types

Year-End Compliance Checklist

Dear Compliance Professional, There are a few compliance actions that all investment advisers can benefit from undertaking at this time of year. Some obvious, some not so obvious. All important. So, without further ado, here is our end-of-the year checklist: 1. Pay Renewal Fees Hopefully, most of you have already logged on to your IARD

The SEC Speaks (and Speaks)

Dear Compliance Professional, In recent weeks SEC officials have been quite chatty. What differentiates these recent pronouncements from the SEC’s usual speechifying is that the recent stuff contains a trove of useful compliance insights. This Compliance Newsletter summarizes what advisers should take away from this flurry of activity. If you are thinking that all of

Federal Regulators Issue Guidance on Reporting Financial Abuse of Older Adults

Seven federal regulatory agencies today issued guidance to clarify that the privacy provisions of the Gramm-Leach-Bliley Act generally permit financial institutions to report suspected elder financial abuse to appropriate authorities. The Gramm-Leach-Bliley Act generally requires that a financial institution notify consumers and give them an opportunity to opt out before providing nonpublic personal information to

Identity Theft Red Flags Rules

Frequently Asked Questions regarding the Identity Theft Red Flags Rules have just been added to our resources page.

Identity Theft Red Flag Rules

On April 10th, the Securities and Exchange Commission (“SEC”) and the Commodity Futures Trading Commission (“CFTC”) jointly approved a final rule requiring broker-dealers, mutual funds, federally registered investment advisers, and certain other regulated entities to adopt programs designed to detect and address identity theft. The final rule release is available online by clicking here. These rules

States Requiring Identify Theft Notification

With the recent passage of the Identity Theft Red Flags Rules by the SEC (in effect, applying existing rules specifically to investment advisers), the topic of identity theft has once again moved front and center. However, whatever their obligations on a federal level, advisers cannot lose sight of the fact that they also have obligations

SEC Adopts Rules to Help Protect Investors from Identity Theft

The Securities and Exchange Commission today voted unanimously to adopt rules requiring broker-dealers, mutual funds, investment advisers, and certain other entities regulated by the agency to adopt programs to detect red flags and prevent identity theft. FACT SHEET Preventing and Detecting Identity Theft SEC Open MeetingApril 10, 2013 Background The development and expansion of information

SEC Proposes Rules To Help Prevent And Detect Identity Theft

From the SEC’s alert: Washington, D.C., Feb. 28, 2012 – The Securities and Exchange Commission today announced a rule proposal to help protect investors from identity theft by ensuring that broker-dealers, mutual funds, and other SEC-regulated entities create programs to detect and respond appropriately to red flags. The SEC issued the proposal jointly with the

Massachusetts Data Privacy Act

Please note by March 1, 2012, advisers must ensure their agreements with third-party service providers with which they share personal information meet Massachusetts Data Privacy Act (201 CMR 17) requirements. http://www.mass.gov/ocabr/docs/idtheft/201cmr1700reg.pdf

Compliance Alert! Data Security

Dear Compliance Professional, The protection of a client’s non-public personal information is one of the most important tasks entrusted to an investment adviser. Unfortunately, it is also one of the most vexing issues confronting compliance professionals. Any time an adviser stores non-public personal information on a computer that is connected to the Internet, transmits such

line