Articles Tagged with Record Keeping

Investment advisers’ use of clients’ usernames and passwords to access their clients’ accounts to observe the accounts’ performance has come under scrutiny in recent years.  In February 2017, the SEC Office of Compliance Inspections and Examinations (“OCIE”) disclosed in a Risk Alert that investment advisers’ use of client usernames and passwords can create compliance issues with the Custody Rule.  According to OCIE, an investment adviser’s “online access to client accounts may meet the definition of custody when such access provides the adviser with the ability to withdraw funds and securities from the client accounts.”  Accessing a client’s account using a client’s username and password often results in an investment adviser being able to withdraw funds and securities.

The North American Securities Administrators Association (“NASAA”) has also observed in recent years that if an investment adviser logs into a client’s account using the client’s personal information, “the investment adviser is in effect impersonating this client and has the same access to the account as the client.”  As a result, a number of issues arise when investment advisers use their clients’ personal information to gain access to online accounts, including custody, recordkeeping obligations, and potential violations of user agreements. Continue reading

As the use of social media becomes more prevalent and popular, businesses and financial institutions have begun to utilize the new methods of communication that social media can provide. Many businesses already maintain blogs or interactive accounts like Twitter, Facebook, and Instagram as a method of marketing and interacting with clients or prospective customers. However, social media is a relatively new and constantly changing technology that can create unique and unforeseen risks to a businesses image and regulatory compliance policies. These risks are particularly acute for registered investment advisers.

In the broker-dealer world, FINRA has already adopted rules and issued regulatory notices designed to protect investors from false or misleading claims and representations and guide member firms on how to appropriately monitor their social media participation. Although not strictly applicable to pure RIAs, these rules should be viewed as best practices:

  • FINRA Rule 2210 and NASD Rule 3010 govern the supervision of a firm’s social media communications;
  • FINRA Rule 2111 requires that social media communications, if recommending a security, must be considered suitable for the targeted investors; and
  • Record keeping of all social media communications is required under FINRA Rule 4510.

Continue reading

The Securities and Exchange Commission (SEC) recently issued a National Examination Risk Alert to investment advisers discussing the use of social media. Social media is becoming more widely used as a means to communicate with investors, and advisers need to ensure they are meeting their compliance requirements. The purpose of the alert is to inform advisers of ways they can improve and maintain sufficient compliance practices in using social media websites.

The SEC listed a number of issues for firms to consider as they evaluate the effectiveness of their compliance programs. Among all of the guidelines, some areas firms are encouraged to consider include:

  • Whether they want to create usage guidelines to address which social media networks are appropriate for use and restrictions which may be appropriate for each network;
  • Whether to create content standards to prohibit specific content or impose other restrictions in relation to their social media networks;
  • How their compliance or supervisory personnel can adequately monitor the sites, and how frequently they should be monitored;
  • Whether content must be pre-approved before posting to a site;
  • Whether there are adequate resources dedicated to monitor the activity adequately on the social media sites;
  • Developing criteria for allowing participation by third parties ;
  • Implementing training related to social media-related compliance practices;
  • Whether certification should be required to ensure that those individuals using the social media sites understand and are complying with the firm’s internal policies;
  • Whether to adopt policies distinguishing between personal and professional sites, possibly specifying the types of communication about the firm which are acceptable on a site not maintained by the firm; and
  • How to maintain information security.

Continue reading