Investment Advisor Policy and Procedures. On April 16, the Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert related to compliance issues with Regulation S-P as identified in recent examinations of SEC registered investment advisors and broker dealer firms.
Regulation S-P requires firms to initially and annually, provide notice to customers that accurately reflects your firm’s privacy policy and practices regarding safeguarding and use of your customers private non-public personal information. An opt-out notice is also required that explains the customer’s right to opt out of some disclosures of non-public personal information to nonaffiliated third parties.
The Risk Alert outlines these common deficiencies or weaknesses:
- Failure to provide Initial Privacy Notice, Annual Privacy Notice and Opt-Out Notices;
- Inadequate Privacy Notices not reflecting the firm’s current policies and procedures;
- Privacy Notices that did not provide customers with an opt-out provision;
- No written investment advisor policy and procedures to address the administrative, technical and physical safeguards in place to protect customer information;
- Inadequate policies that did not ensure the security and confidentiality of customer records and information; protect against anticipated threats or hazards to the security or integrity of customer records and information; and, protect against unauthorized access to or use of customer records or information that could result in substantial harm or inconvenience to customers.
OCIE strongly recommends that RIA firms review and strengthen their data privacy policies, update their data privacy notification and ensure adherence to SEC data privacy regulations.
Recommended actions:
- Confirm initial and annual Privacy Notices have been provided to your customers;
- Review and update (as needed) your Privacy Notice and procedures and Opt-Out notice;
- Review and update (as needed) your investment advisor policy and procedures for how you safeguard customer’s records and information;
- Provide trading to all staff regarding data privacy regulations and your investment advisor policy and procedures.
Contact Registered Advisor Services today for assistance with your investment advisor policy and procedures!