There is good news for investment adviser firms located in the United Kingdom (“UK”) desiring to register as an investment adviser firm with the United States Securities and Exchange Commission (“SEC”).
Category Archives: Privacy
SEC Risk Alert – Compliance Issues Related to Regulation S-P – Privacy Notices and Safeguard Policies
May 07, 2019
On April 16, 2019, the United States Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) issued a risk alert about “Compliance Issues Related to Regulation S-P – Privacy Notices and Safeguard Policies” to encourage investment adviser firms to review their written policies and procedures to, “ensure compliance with the relevant regulatory requirements.”
On August 7, 2017, the Office of Compliance Inspections and Examinations (“OCIE”) of U.S. Securities and Exchange Commission (“SEC”) released a Risk Alert which details its examination of the cybersecurity preparedness of 75 broker-dealers, investment advisers and investment companies in the U.S. In comparison to prior cybersecurity examinations, this exam involved more active testing and validation of the firms’ procedures and controls related to cybersecurity. Click here to read the Risk Alert.
Congress Amends GLBA so an Investment Adviser Is No Longer Required to Provide Annual Privacy Disclosure if No Changes Were Made
December 10, 2015
On Dec. 4, 2015 President Obama signed a piece of legislation, Fixing America’s Surface Transportation Act or “Fast Act”, which features an amendment to the Gramm-Leach-Bliley Act (GLBA). The amendment provides an exception to GLBA’s annual privacy policy notice requirement. Section 75001 of the Fast Act states:
Investment Advisers must have Procedures in Place to Safeguard Client Records and Information
August 22, 2012
Pursuant to Rule 30 of Regulation S-P (“Regulation S-P”), investment advisers registered with the U.S. Securities and Exchange Commission (“SEC”) “…must adopt policies and procedures that address administrative, technical, and physical safeguards for the protection of customer records and information. These policies and procedures must be reasonably designed to:
Recently, Maryland and Illinois have passed employment privacy laws that could potentially have an effect on investment advisers and their recordkeeping requirements under both state and SEC rules. Delaware passed a similar privacy law that protects students from infringement by educational institutions. Maryland was the first state to pass a law of this kind in May 2012. Illinois followed a couple months later in July 2012. Several other states have similar bills on the docket for their state legislatures and members of Congress also have a bill to deliberate.
Illinois Becomes Third State to Pass Privacy Law Conflicting with SEC Social Media Compliance Regulations for Investment Advisers
August 01, 2012
Today Illinois Governor Pat Quinn signed a new law that makes it unlawful for employers to request passwords to social media accounts or from demanding access to social media accounts from potential and current employees. Illinois became the third state to pass such legislation after Maryland and Delaware recently adopted similar laws in May and July. After signing the law Governor Quinn said, “Members of the workforce should not be punished for information their employers don’t legally have the right to have. As use of social media continues to expand, this new law will protect workers and their right to personal privacy.”
Annual Delivery of Form ADV Part 2A and Privacy Policy
April 26, 2012
Under Rule 204-3 of the Investment Advisers Act of 1940, the U.S. Securities and Exchange Commission (“SEC”) requires registered investment advisers (“investment adviser”) to deliver to each client, annually within 120 days after the end of the investment adviser’s fiscal year and without charge, if there are material changes to the investment adviser’s brochure since the investment adviser’s last annual updating amendment:
Based upon the formal and informal expectations of state and federal securities regulators, every investment adviser should consider developing a written information security plan. Rule 30 of Regulation S-P issued by the U.S. Securities and Exchange Commission (“SEC”) requires SEC registered investment advisers to adopt written policies and procedures designed to ensure the security and confidentiality of client information. The enforcement of Rule 30 was highlighted by a recent SEC enforcement action against an investment adviser who had their trading system hacked. A year before the hacking occurred, an internal audit showed that the adviser did not utilize strong passwords. When the hacking occurred a year later, the investment adviser had taken no action to increase password security. Thus, the adviser was fined $275,000 for failing to safeguard customer information.
Has your registered investment adviser firm gone beyond developing a privacy policy under Regulation S-P and established internal controls to protect confidential client information?
