On April 16, 2019, the United States Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) issued a risk alert about “Compliance Issues Related to Regulation S-P – Privacy Notices and Safeguard Policies” to encourage investment adviser firms to review their written policies and procedures to, “ensure compliance with the relevant regulatory requirements.”
On August 7, 2017, the Office of Compliance Inspections and Examinations (“OCIE”) of U.S. Securities and Exchange Commission (“SEC”) released a Risk Alert which details its examination of the cybersecurity preparedness of 75 broker-dealers, investment advisers and investment companies in the U.S. In comparison to prior cybersecurity examinations, this exam involved more active testing and validation of the firms’ procedures and controls related to cybersecurity. Click here to read the Risk Alert.
Congress Amends GLBA so an Investment Adviser Is No Longer Required to Provide Annual Privacy Disclosure if No Changes Were Made
December 10, 2015
August 22, 2012
Pursuant to Rule 30 of Regulation S-P (“Regulation S-P”), investment advisers registered with the U.S. Securities and Exchange Commission (“SEC”) “…must adopt policies and procedures that address administrative, technical, and physical safeguards for the protection of customer records and information. These policies and procedures must be reasonably designed to:
Recently, Maryland and Illinois have passed employment privacy laws that could potentially have an effect on investment advisers and their recordkeeping requirements under both state and SEC rules. Delaware passed a similar privacy law that protects students from infringement by educational institutions. Maryland was the first state to pass a law of this kind in May 2012. Illinois followed a couple months later in July 2012. Several other states have similar bills on the docket for their state legislatures and members of Congress also have a bill to deliberate.
Illinois Becomes Third State to Pass Privacy Law Conflicting with SEC Social Media Compliance Regulations for Investment Advisers
August 01, 2012
Today Illinois Governor Pat Quinn signed a new law that makes it unlawful for employers to request passwords to social media accounts or from demanding access to social media accounts from potential and current employees. Illinois became the third state to pass such legislation after Maryland and Delaware recently adopted similar laws in May and July. After signing the law Governor Quinn said, “Members of the workforce should not be punished for information their employers don’t legally have the right to have. As use of social media continues to expand, this new law will protect workers and their right to personal privacy.”
April 26, 2012
Under Rule 204-3 of the Investment Advisers Act of 1940, the U.S. Securities and Exchange Commission (“SEC”) requires registered investment advisers (“investment adviser”) to deliver to each client, annually within 120 days after the end of the investment adviser’s fiscal year and without charge, if there are material changes to the investment adviser’s brochure since the investment adviser’s last annual updating amendment:
Based upon the formal and informal expectations of state and federal securities regulators, every investment adviser should consider developing a written information security plan. Rule 30 of Regulation S-P issued by the U.S. Securities and Exchange Commission (“SEC”) requires SEC registered investment advisers to adopt written policies and procedures designed to ensure the security and confidentiality of client information. The enforcement of Rule 30 was highlighted by a recent SEC enforcement action against an investment adviser who had their trading system hacked. A year before the hacking occurred, an internal audit showed that the adviser did not utilize strong passwords. When the hacking occurred a year later, the investment adviser had taken no action to increase password security. Thus, the adviser was fined $275,000 for failing to safeguard customer information.
The U.S. Securities and Commission (“SEC”) released today a proposed rule amending Regulation S-P, which includes an exception from the privacy notice and opt-out requirements so as to permit the release of certain customer contact information to the customer’s representative when departing his or her current SEC registered investment adviser or broker-dealer and joining a new firm.