SEC Initiates Cease-and-Desist Proceeding over Regulation S-P

August 29, 2007

The United States Securities and Exchange Commission (“SEC”) recently announced the issuance of an Order Instituting Administrative Cease-and-Desist Proceedings against Next Financial Group, Inc. (“Next”) for alleged violations of Regulation S-P (Privacy of Consumer Financial Information).

According to SEC Release No. 56316 (August 24, 2007), the SEC alleges that Next violated Regulation S-P by allowing its “registered representatives to take customer nonpublic personal information with them when leaving Next’s employment” without allowing the customer to opt out of such disclosure. Moreover, the SEC alleges that Next aided and abetted the violation of the privacy policies of other firms by encouraging registered representatives leaving other broker-dealers and joining Next to bring nonpublic, personal customer information without proper notice to the client and a reasonable opportunity to opt out of such a disclosure.

In light of this cease-and-desist proceeding, the following precautions are worthy of consideration by a registered representative planning to depart from his or her broker-dealer. (Since registered investment advisers are subject to Regulation S-P, the following suggestions may also be applicable to an investment adviser representative in similar circumstances.)

  • Prior to any intentions to depart, a registered representative of an independent broker-dealer (“IBD”) or investment adviser representative (“IAR”) of an investment adviser firm should urge his or her IBD or investment adviser to amend its privacy policy so as to allow a departing registered representative or IAR to take nonpublic, personal customer information unless the client opts out.
  • Similarly, a registered representative of an IBD, who also operates or serves as an IAR of an independent investment adviser firm unaffiliated with the IBD, should urge the IBD to amend its privacy policy in order to permit the sharing of nonpublic, personal customer information with the registered representative’s independent investment adviser firm unless the client exercise the right to opt out of a disclosure.
  • In the event that a registered representative’s broker-dealer or IAR of an investment adviser firm has not amended its privacy policy as described above, a registered representative or IAR will need to either obtain authorization from each customer to take such nonpublic, personal customer information, or refrain from taking or utilizing any nonpublic, personal customer information when departing his or her current broker-dealer or preparing the paperwork necessary to transfer his or her accounts.

It should be recognized that if a registered representative or IAR is affiliated with an existing broker-dealer or investment adviser firm that claims a proprietary interest in the clients served by the registered representative or IAR, the solicitation of clients to release non-public, personal customer information while the registered representative or IAR is affiliated with the existing broker-dealer or investment adviser firm could violate a common law duty of loyalty to an employer/principal or restrictive employment covenants previously agreed to by the registered representative or IAR. A departing registered representative or IAR should consult with an attorney.

With respect to broker-dealers and investment adviser firms, the following are a few of the strategies that should be considered in the context of this cease-and-desist proceeding involving Regulation S-P:

  • Include a covenant within the agreement between registered representative or IAR and the new broker-dealer or investment adviser firm whereby the registered representative or IAR represents that he or she has not and will not in the future utilize nonpublic, personal customer information in violation of the privacy policy of his or her previous firm while transferring accounts to the new broker-dealer or investment adviser firm.
  • Establish a written policy prohibiting registered representatives or IARs from taking or utilizing nonpublic, personal customer information in violation of a previous firm’s privacy policy.
  • Train recruiters, transition specialists and operations support staff of the broker-dealer or investment adviser firm’s policy prohibiting such use as described as above.
  • Instruct incoming registered representatives or IARs of the new firm’s policy. This training should be documented by the broker-dealer or investment adviser firm in a contemporaneous note or checklist.
  • Refrain from taking electronic files with customer data and populating new account paperwork on behalf of a new registered representative or IAR unless the firm has reasonable assurances that such information wasn’t obtained in violation of a previous firm’s privacy policy.
  • Amend its privacy policy to allow, after an opportunity for the client to opt out, a departing registered representative to take nonpublic, personal customer information and/or disclose such information to an unaffiliated investment adviser firm operated by a registered representative of the broker-dealer.

Finally, it’s important to recognize that trade secrets, confidentiality obligations and non-solicit restrictions also should be factored in establishing a policy for the broker-dealer or investment adviser firm or determining the permissible activities for a departing registered representative or IAR.

If you or your firm needs assistance analyzing, preparing or amending your firm’s privacy policy, please call RIA Compliance Consultants at 877-345-4034.

Posted by Bryan Hill
Labels: Enforcement, Privacy