Compliance Solutions for Investment Advisers

FAQs — Privacy Notices

 

Introductory Note

We recognize that the customer – consumer designation is confusing and not one typically used by investment advisers. For almost all intents and purposes, a “customer” is what an investment adviser calls a “client.” Therefore, in this set of Frequently Asked Questions, we will use the designation “customer/client” so that it is clear to investment advisers that the particular issue or requirement being discussed is most likely applicable to the majority of their clients.

 

Definitions and Basic Information

Who is a consumer?

A consumer is an individual who obtains or has obtained a financial product or service from the investment adviser that is to be used primarily for personal, family, or household purposes.

Who is a customer/client?

A customer/client is a consumer who has a customer/client relationship with the investment adviser.

What is a customer/client relationship?

A customer/client relationship is a continuing relationship between a consumer and the investment adviser under which the investment adviser provides one or more financial products or services to the consumer that are to be used primarily for personal, family, or household purposes. A customer/client relationship is established if the consumer has an investment advisory contract with the adviser (whether written or oral) or if the investment adviser regularly effects or engages in securities transactions with or for a consumer even if the adviser does not hold any assets of the consumer.

What is nonpublic personal information?

Nonpublic personal information includes:

  • Personally identifiable financial information; and
  • Any list, description, or other grouping of consumers (and publicly available information pertaining to them) that is derived using any personally identifiable financial information that is not publicly available information.

What is personally identifiable information?

Personally identifiable financial information means any information:

  • A consumer provides to an adviser to obtain a financial product or service from such adviser;
  • About a consumer resulting from any transaction involving a financial product or service between an adviser and a consumer; or
  • An adviser otherwise obtains about a consumer in connection with providing a financial product or service to that consumer.

What type of information is included in personally identifiable financial information?

Personally identifiable financial information includes:

  • Information a consumer provides to an adviser on an application to obtain a loan, credit card, or other financial product or service;
  • Account balance information, payment history, overdraft history, and credit or debit card purchase information;
  • The fact that an individual is or has been one of the adviser’s customers/clients or has obtained a financial product or service from the adviser;
  • Any information about the consumer if it is disclosed in a manner that indicates that the individual is or has been the adviser’s consumer;
  • Any information that a consumer provides to an adviser or that an adviser or its agent otherwise obtain in connection with collecting on a loan or servicing a loan;
  • Any information an adviser collects through an Internet “cookie”; and
  • Information from a consumer report.

What type of information is excluded from personally identifiable information?

Personally identifiable financial information does not include:

  • A list of names and addresses of customers/clients of an entity that is not a financial institution; or
  • Information that does not identify a consumer, such as aggregate information or blind data that does not contain personal identifiers such as account numbers, names, or addresses.

Who is an affiliate of an investment adviser?

An affiliate is any company that controls, is controlled by, or is under common control with the investment adviser.

Who is a non-affiliated third party?

A non-affiliated third party is any person or entity other than your firm, your employee or an affiliate.

What is an opt-out?

An opt-out is a concept requiring an investment adviser to give consumers and customers/client notice that nonpublic personal information may be disclosed to nonaffiliated third parties. It gives them a chance to “opt-out” of such disclosure and telling them how to exercise that right.

What is clear and conspicuous?

Clear and conspicuous means that a notice is reasonably understandable and designed to call attention to the nature and significance of the information in the notice.

 

Delivery Requirements

When does the privacy notice have to be provided to a customer/client?

For customers/clients, the privacy notice must be provided at the time of establishing a customer/client relationship.

When does the privacy notice have to be provided to a consumer?

For consumers, the privacy notice must be provided before disclosing nonpublic personal information about the consumer to a nonaffiliated third party.

After an adviser provides the initial privacy notice, are there any further delivery requirements?

An investment adviser must provide notices of its privacy policies and practices at least annually to its customers/clients “during the continuation” of a customer/client relationship.

Does an investment adviser have to provide a privacy notice to each accountholder in a joint account?

No. One privacy notice may be sent in connection with a joint account.

Does an investment adviser have to provide a privacy notice to institutional clients?

No. Investment advisers are only required to provide privacy notices to individuals.

Can an investment adviser satisfy the initial or annual delivery requirement by posting the privacy notice on its web site?

No.  The rule requires that privacy notices are provided so that each customer/client can reasonably be expected to receive actual notice in writing or, if the person agrees, electronically. An adviser cannot reasonably expect that all customer/clients will receive actual notice in writing of a privacy notice that is posted at a particular location, whether that location is the investment adviser’s office or the investment adviser’s web site.

Can an initial or annual privacy notice be incorporated into another document (such as an account statement or Form ADV Part 2A)?

Yes. Investment advisers may combine the privacy notice with another document. Any privacy notice, however, must be clear and conspicuous. Therefore a privacy notice that is combined with another document must be distinct from and not hidden in other information in the document.

Are there any exceptions to the privacy notice requirement?

Yes.  There are two types of exceptions to the delivery requirement. One exception applies to various types of nonpublic personal information sharing that is necessary for processing or administering a financial transaction requested or authorized by a consumer. This disclosure must be necessary to effect, administer or enforce a transaction that consumer requests or authorizes. The other exception applies to certain types of nonpublic personal information sharing, including disclosures:

  • Authorized by the consumer.
  • To protect the confidentiality or security of records.
  • To protect against or prevent actual or potential fraud.
  • For required institutional risk control or for resolving consumer disputes or inquiries.
  • To persons holding a legal or beneficial interest relating to the consumer.
  • To persons acting in a fiduciary or representative capacity on behalf of the consumer (e.g., attorney or accountant).
  • To provide information to insurance rate advisory organizations, persons assessing compliance with industry standards, the investment adviser’s attorneys, accountants or auditors.
  • To law enforcement entities or self-regulatory groups (to the extent permitted or required by law).
  • To comply with federal, state or local laws.
  • To comply with subpoena or other judicial process.
  • To respond to summons or other requests from authorized government authorities.
  • Pursuant to the Fair Credit Reporting Act, to a consumer reporting agency or from a consumer report reported by consumer reporting agency.
  • In connection with a proposed or actual sale, merger, transfer or exchange of all or a portion of a business or operating unit.

 

Content Requirements

What must be included in the initial and annual privacy notice?

The privacy notice must include the following information (as applicable):

  • The categories of nonpublic personal information that the adviser collects;
  • The categories of nonpublic personal information that the adviser may disclose;
  • The categories of affiliates and nonaffiliated third parties to whom the adviser may disclose nonpublic personal information (other than those to whom the information is disclosed pursuant to an exception);
  • The adviser’s policies with respect to sharing nonpublic personal information about former customers/clients and the categories of affiliates and nonaffiliated third parties to whom the adviser discloses nonpublic personal information about its former customers/clients;
  • The categories of nonpublic personal information that are disclosed under agreement with third party service providers and joint marketers;
  • An explanation of a consumer’s rights to opt-out of the adviser’s disclosure of their nonpublic personal information to nonaffiliated third parties;
  • The method by which consumers may exercise their opt-out right;
  • Any disclosures the adviser may be required to make under the Fair Credit Reporting Act;
  • The adviser’s policies and practices with respect to protecting the confidentiality of nonpublic personal information; and
  • If disclosures are made to third parties pursuant to certain exceptions, a statement that “disclosures are made to other non-affiliated third-parties as permitted by law.”

 

Opt-Out

When must an investment adviser provide an opt-out?

If an investment adviser shares nonpublic personal information with nonaffiliated third parties outside of certain exceptions, the investment adviser must give customers/clients and consumers a right to opt-out.

What are the exceptions that would allow disclosure of nonpublic personal information to non-affiliated third parties without providing the right to opt-out?

Disclosures made in connection with (i) servicing or processing financial products or services requested by the consumer or (ii) maintaining or servicing a customer/client account would not trigger the opt-out requirement.  Disclosure must be necessary to effect, administer or enforce a transaction that the consumer requests or authorizes. For example, disclosing nonpublic personal information to service providers who help mail account statements, who process products and services authorized by the customer/client or who maintain and service customer/client accounts.

Are there other exceptions to the opt-out requirement?

Yes. An adviser may share information with a nonaffiliated third party without providing the consumer a right to opt-out if the third party is to perform services for (or functions on behalf of) the investment adviser, including marketing the adviser’s own products or services, or financial products or services offered under a joint agreement between the adviser and another financial institution.

What is required for the joint agreement?

The contract must guarantee the confidentiality of the nonpublic personal information by prohibiting third parties from using or disclosing the information for any purpose other than the one for which it was received.

What must be included in the opt-out notice?

The opt-out notice should:

  • State that the investment adviser reserves the right to disclose nonpublic personal information to nonaffiliated third parties.
  • State that the consumer or customer/client has the right to opt-out of the disclosure.
  • Provide a reasonable means and opportunity by which the consumer or customer/client may exercise the opt-out right.

What are the requirements for the format of the opt-out notice?

The opt-out must be clear and conspicuous.  Clear and conspicuous means that a notice is (i) reasonably understandable and (ii) designed to call attention to the nature and significance of the information in the notice.

What makes an opt-out notice reasonably understandable?

The opt-out notice would be considered reasonably understandable if it:

  • Presented the information in the notice in clear, concise sentences, paragraphs and sections;
  • Used short explanatory sentences or bullet lists whenever possible;
  • Used definite, concrete, everyday words and active voice whenever possible;
  • Avoided double negatives;
  • Avoided legal and highly technical business terminology whenever possible; and
  • Avoided explanations that are imprecise and readily subject to different interpretations.

How can an adviser call attention to the nature and significance of the information in the notice opt-out?

An adviser can call attention to the nature and significance of the information in the opt-out notice if the opt-out:

  • Uses a plain-language heading to call attention to the notice;
  • Uses a typeface and type size that are easy to read;
  • Provides wise margins and ample line spacing;
  • Uses boldface or italics for key words; and
  • In a form that combines the opt-out notice with other information, uses distinctive type, size, style and graphic devices, such as shading or sidebars, when combining the opt-out notice with other information.

What is a reasonable means by which a consumer or customer/client may exercise the opt-out right?

Reasonable means includes:

  • Mailing a detachable form with a check-off box;
  • Providing a toll-free number; or
  • Providing no less than 30 days to exercise the opt-out right.

It is not reasonable to make the consumer or customer/client write an opt-out letter.

 

Important Information

The information contained in this Frequently Asked Questions is only a summary and is not intended to be a comprehensive analysis of the rules and regulations applicable to registered investment advisers. It is not intended to constitute legal or compliance consulting advice or apply to any one investment adviser’s particular situation. For more information, please see our Terms of Use.

line