More On Legal & Compliancefrom The Advisor's Professional Library
- Privacy Policies and Rules Whether an RIA is SEC or state-registered, the firm must have policies and procedures in effect to protect clients privacy. Policies and procedures should explicitly require an RIA to send out its privacy notice each year.
- Trading Practices and Errors When SEC-registered investment advisors conduct annual audits of firm policies and procedures, they should pay close attention to trading practices. Though usually not required to, state-registered advisors should look at their trading practices and revise policies that do not fully protect clients.
The Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) released Thursday a report to help broker-dealers safeguard confidential information from misuse, such as insider trading.
The report describes strengths and weaknesses identified in examinations into how broker-dealers keep material nonpublic information from being misused. It also highlights effective practices that examiners observed at some broker-dealers.
OCIE Director Carlo di Florio said in a statement that the report “illustrates the types of conflicts of interest that may arise between a broker-dealer’s obligations to clients that provide confidential information for business purposes and the potential misuse of such information for insider trading or other improper ends.” He said it also describes “various methods that broker-dealers use to identify and effectively manage such conflicts, including information barriers that limit the flow of sensitive information.”
The types of issues identified in the report “may be helpful to firms as they review their conflict of interest risk management programs,” di Florio said. “In particular, in any review of information barriers control programs, broker-dealers should be alert to changes in business practices and available compliance tools.”
Conflicts of interest and other issues of concern raised by the report include:
- A significant amount of informal, undocumented interaction occurred between groups that have material nonpublic information and internal and external groups with sales and trading responsibilities that might profit from the misuse of such material nonpublic information
- At some broker-dealers, a senior executive might have access to material nonpublic information from one business unit while overseeing a different unit that could potentially profit from misuse of that information, with few if any restrictions or monitoring to prevent such misuse
- Some broker-dealers did not have risk controls to address certain business units that possess material nonpublic information such as sales, trading or research personnel who receive confidential information for business purposes; institutional and retail customers or asset management affiliates with access to material nonpublic information, or firm personnel who receive information through business activities outside of investment banking, such as participation in bankruptcy committees or through employees serving on the boards of directors of public companies.
The report also highlights effective practices that examiners observed at some broker-dealers, such as:
- Broker-dealers sometimes adopted processes that differentiate between types of material nonpublic information based on the nature of the information or where it originated. In some cases, broker-dealers create tailored “exception” reports that take into account the different characteristics of the information
- Some broker-dealers expanded reviews for potential misuse of confidential information to include trading in credit default swaps, equity or total return swaps, loans, components of pooled securities such as unit investment trusts and exchange traded funds, warrants, and bond options
- Broker-dealers often considered electronic sources of confidential information and instituted monitoring to identify which employees had accessed the information
- Broker-dealers often monitored access rights for key cards and computer networks to confirm that only authorized personnel had access to sensitive areas.