Common Regulation S-P compliance issues uncovered by the OCIE

When it comes to securities, compliance is key for your company. We understand that even for those who make their living in this arena, keeping track of all the rules and regulations and following them to the letter can be a challenge. 

The SEC provides notice of the following Regulation S-P compliance issues that the Office of Compliance Inspections and Examinations identified when examining investment advisers and broker-dealers. This particular regulation refers to privacy notices and safeguard policies. 

Privacy and opt-out notices 

Often, registrants are not providing initial and annual privacy notices or opt-out notices to their customers. In this case, customers are consumers who have a brokerage account or advisory contract with a financial institution or investment adviser. 

Registrants that sent out the notices often left out or misrepresented their policies and procedures, or failed to notify customers that they can choose to keep their personal information private and thereby prevent the registrant from sharing it with nonaffiliated third parties. 

Safeguards Rule-related policies and procedures missing 

You cannot simply restate the Safeguards Rule to fulfill the regulations regarding policies and procedures. Registrants must have policies and procedures for physical, technical and administrative safeguards. Common mistakes included leaving spaces on the documents blank and failing to complete the forms. 

Failure to design and implement policies safeguarding customer information 

Because there are so many ways for advisers, broker-dealers and other professionals to access customer records and communicate with customers, registrants need policies for safeguards for each of these. For example, registrants may access customer records on smartphones, tablets and personal laptops, and the OCIE discovered that many had no policies for safeguarding the customer information stored on these devices. 

Unencrypted emails, unsecured networks and physical locations, and shared login credentials were all common issues. More information about securities compliance issues and solutions is available on our webpage. 

Posted in