The U.S. Securities and Exchange Commission (SEC) continues to promote the importance of cybersecurity and protecting confidential investor information. On September 22, 2015 the SEC’s Office of Investor Education and Advocacy issued an Investor Alert regarding investment accounts if they become victims of identity theft or a data breach. This Investor Alert came one week after the SEC issued a Risk Alert on the topic of its Cybersecurity Exam Initiative (September 15, 2015).
When cybersecurity is covered in the industry press these days, there often is discussion about its importance but unfortunately a lack of specificity in what steps an investment adviser can take to improve information security and IT practices. Even the recent cybersecurity exam sweep results of the Office of Compliance Inspections and Examinations (OCIE) of the U.S. Securities and Exchange Commission (“SEC”) are somewhat difficult for investment advisers to interpret and translate into an information security plan; however, the SEC’s Office of Investor Education and Advocacy recently issued a bulletin giving investors tips on protecting their online accounts. These recommendations to help protect an investor’s online account from fraud appear to RIA Compliance just as applicable to an investment adviser devising its cybersecurity policies and practices.
November 19, 2013
The compliance date, November 20, 2013, for the SEC’s Regulation S-ID: Identity Theft Red Flags Rule is quickly approaching. If your investment adviser is required to comply with these new rule requirements, you must have policies and procedures in place to address risks of identity theft by the November 20, 2013, compliance date. Every investment adviser should take the appropriate steps to protect its clients from identity theft and wire order fraud, even if it is not required to comply with Regulation S-ID.
Investment Advisers Must Take Steps to Protect Their Clients from Identity Theft and Third-Party Wire or Check Fraud
October 15, 2013
On April 10, 2013, the U.S. Securities and Exchange Commission (“SEC”) jointly with the Commodity Futures Trading Commission issued final rules and guidelines to require certain regulated entities to establish programs to address risks of identity theft. The compliance date, November 20, 2013, for the SEC’s Regulation S-ID: Identity Theft Red Flags Rule is quickly approaching and investment advisers meeting the definition under the new rules of a “financial institution” or a “creditor” that offer or maintain one or more “covered accounts” will need to make sure that they meeting the new regulatory requirements by the compliance date. (Click here to view our previous article on Regulation S-ID or click here to purchase our previously recorded webinar on this topic.) Many investment advisers may determine that Regulation S-ID does not apply to them, but this does not mean that these investment advisers do not need to have any policies and procedures relating to identity theft and protecting the clients’ assets.
A Registered Investment Adviser Needs to Ensure that Power of Attorney Over Client’s Account is Limited
May 08, 2013
In order to trade or otherwise access a client’s account held by a custodian, a registered investment adviser must be granted written authorization by the client. Such authorization is generally granted in the form of a power of attorney. Although a power of attorney over a client’s account is necessary for a registered investment adviser to manage the client’s account, it is important for an investment adviser to ensure that the power of attorney is limited to only the functions actually intended by the client and the investment adviser.
The U.S. Securities and Exchange Commission (“SEC”) recently released the final rules and guidelines for Identity Theft Red Flags Rules. Some investment advisers will be affected by the new Identity Theft Red Flags Rules and will be required to develop and implement a written identity theft prevention program.
SEC Releases New Identity Theft Red Flag Rules that Will Affect Certain Registered Investment Advisers
April 16, 2013
As information technology and electronic communication continue to expand, identity theft poses an increasingly common threat to individuals. On April 10, 2013, the U.S. Securities and Exchange Commission (“SEC”) voted unanimously to adopt rules requiring broker-dealers, mutual funds, investment advisers, and certain other entities regulated by the SEC to adopt programs to detect red flags and prevent identity theft. These rules, jointly adopted with the Commodity Futures Trading Commission (“CFTC”), were adopted in accordance with the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (“Dodd-Frank Act”), which amended the Fair Credit Reporting Act of 1970 (“FCRA”) to add the SEC to the list of federal agencies that must jointly adopt and individually enforce identity theft red flags rules.