Investment Advisers must have Procedures in Place to Safeguard Client Records and Information

August 22, 2012


Reading time : 2 minutes

Pursuant to Rule 30 of Regulation S-P (“Regulation S-P”), investment advisers registered with the U.S. Securities and Exchange Commission (“SEC”) “…must adopt policies and procedures that address administrative, technical, and physical safeguards for the protection of customer records and information. These policies and procedures must be reasonably designed to:

(a)    Insure the security and confidentiality of customer records and information;

(b)   Protect against any anticipated threats or hazards to the security or integrity of customer records and information; and

(c)    Protect against unauthorized access to or use of customer records or information that could result in substantial harm or inconvenience to any customer.”

Although state registered investment adviser firms are not subject to Regulation S-P, the Federal Trade Commission (“FTC”) has enacted Safeguard Rules (under the Gramm-Leach-Bliley Act) which are similar to Regulation S-P and apply to state registered investment adviser firms. Additionally, several states have enacted their own requirements for client information security, including, but not limited to, California, Nevada and Massachusetts.  To remain compliant with Regulation S-P, the Gramm-Leach-Bliley Act, as well as any state-specific requirements, it is necessary to implement comprehensive practices to safeguard client information.

An investment adviser’s information security plan should ensure that the client’s personal information is secure and confidential while protecting against any anticipated threats or hazards to the security of client information. To further educate investment advisers about matters pertaining to information security, RIA Compliance Consultants is hosting a webinar, “Establishing Information Security Programs for Registered Investment Advisers.” During this webinar our consultants will discuss the importance of establishing and implementing a written information security program designed to protect confidential client information. To register for this event, click here.

If your investment adviser firm would like help, RIA Compliance Consultants can help you develop a written information security plan or review an existing plan.  If you would like assistance and you are an existing client, contact your consultant.  If you have not previously worked with RIA Compliance Consultants, click here to schedule a time to speak with one of our compliance consultants.

Posted by Bryan Hill
Labels: Compliance Program, Information Security, Privacy