Category Archives: Privacy

SEC Risk Alert – Compliance Issues Related to Regulation S-P – Privacy Notices and Safeguard Policies

May 07, 2019

On April 16, 2019, the United States Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) issued a risk alert about “Compliance Issues Related to Regulation S-P – Privacy Notices and Safeguard Policies” to encourage investment adviser firms to review their written policies and procedures to, “ensure compliance with the relevant regulatory requirements.”

Continue Reading

SEC Risk Alert: Observations from Cybersecurity Examinations of Investment Advisers

August 14, 2017

On August 7, 2017, the Office of Compliance Inspections and Examinations (“OCIE”) of U.S. Securities and Exchange Commission (“SEC”) released a Risk Alert which details its examination of the cybersecurity preparedness of 75 broker-dealers, investment advisers and investment companies in the U.S.  In comparison to prior cybersecurity examinations, this exam involved more active testing and validation of the firms’ procedures and controls related to cybersecurity. Click here to read the Risk Alert.

Continue Reading

Investment Advisers must have Procedures in Place to Safeguard Client Records and Information

August 22, 2012

Pursuant to Rule 30 of Regulation S-P (“Regulation S-P”), investment advisers registered with the U.S. Securities and Exchange Commission (“SEC”) “…must adopt policies and procedures that address administrative, technical, and physical safeguards for the protection of customer records and information. These policies and procedures must be reasonably designed to:

Continue Reading

State Privacy Laws and Investment Advisers’ Recordkeeping Requirements

August 16, 2012

Recently, Maryland and Illinois have passed employment privacy laws that could potentially have an effect on investment advisers and their recordkeeping requirements under both state and SEC rules. Delaware passed a similar privacy law that protects students from infringement by educational institutions. Maryland was the first state to pass a law of this kind in May 2012. Illinois followed a couple months later in July 2012. Several other states have similar bills on the docket for their state legislatures and members of Congress also have a bill to deliberate.

Continue Reading

Illinois Becomes Third State to Pass Privacy Law Conflicting with SEC Social Media Compliance Regulations for Investment Advisers

August 01, 2012

Today Illinois Governor Pat Quinn signed a new law that makes it unlawful for employers to request passwords to social media accounts or from demanding access to social media accounts from potential and current employees. Illinois became the third state to pass such legislation after Maryland and Delaware recently adopted similar laws in May and July. After signing the law Governor Quinn said, “Members of the workforce should not be punished for information their employers don’t legally have the right to have. As use of social media continues to expand, this new law will protect workers and their right to personal privacy.”

Continue Reading

Annual Delivery of Form ADV Part 2A and Privacy Policy

April 26, 2012

Under Rule 204-3 of the Investment Advisers Act of 1940, the U.S. Securities and Exchange Commission (“SEC”) requires registered investment advisers (“investment adviser”) to deliver to each client, annually within 120 days after the end of the investment adviser’s fiscal year and without charge, if there are material changes to the investment adviser’s brochure since the investment adviser’s last annual updating amendment:

Continue Reading

Does Your Investment Adviser Firm Have a Written Information Security Plan?

August 11, 2011

Based upon the formal and informal expectations of state and federal securities regulators, every investment adviser should consider developing a written information security plan.  Rule 30 of Regulation S-P issued by the U.S. Securities and Exchange Commission (“SEC”) requires SEC registered investment advisers to adopt written policies and procedures designed to ensure the security and confidentiality of client information.  The enforcement of Rule 30 was highlighted by a recent SEC enforcement action against an investment adviser who had their trading system hacked.  A year before the hacking occurred, an internal audit showed that the adviser did not utilize strong passwords.  When the hacking occurred a year later, the investment adviser had taken no action to increase password security.  Thus, the adviser was fined $275,000 for failing to safeguard customer information.

Continue Reading