Compliance Archives - Page 2 of 5

How to hide endorsements from your LinkedIn profile

Posted on October 5, 2012 by Bill Winterberg in Compliance

Advisers must hide LinkedIn Endorsements to avoid compliance violations

Update 01/21/2013! LinkedIn is rolling out completely new profile designs to users, changing the way Endorsements are managed. Go read How to hide LinkedIn Endorsements on the new LinkedIn profile design now and watch the screencast reflecting the new changes.

As a financial adviser, you’re well aware that you can’t use client testimonials in any of your marketing materials. SEC and FINRA regulations prohibit the use of client testimonials (see: Adviser Use of LinkedIn May Violate SEC Rules).

LinkedIn’s latest feature called Endorsements, opens up another issue for financial advisers with LinkedIn profiles. Anyone can visit an adviser’s LinkedIn profile and endorse specific skills and expertise. Considering the broad language against client testimonials, allowing such endorsements should be avoided.

So how do you remove or disable Endorsements from showing up on your profile?

In the screencast below, I walk you though two ways you can prevent Endorsements from showing up on your public profile.

Watch the screencast now and hide any public endorsements on your own profile to avoid triggering compliance violations.

RegEd announces agreement to acquire Arkovi: What financial advisers need to know

Posted on September 17, 2012 by Bill Winterberg in Compliance, Social Media

This morning, compliance and risk management solutions provider RegEd announced an agreement to acquire social media archiving vendor Arkovi.

Click here to view the full press release RegEd Announces Agreement to Acquire Arkovi, the Award-Winning Financial Services Provider of Social Media Archiving and Surveillance.

Terms of the acquisition were not disclosed.

To get more details on the announcement, I invited RegEd CEO John Schobel and Arkovi CEO Blane Warrene to a Google+ Hangout. Below is the replay of that Hangout so you can hear from each company’s CEO about the acquisition and respective plans for the future.

PODCAST: Smarsh president Stephen Marsh addresses Pinterest and compliance

Posted on August 29, 2012 by Bill Winterberg in Compliance, Podcast, Social Media

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Founder of email archiving provider says advisers can use Pinterest without skirting compliance requirements

I had the opportunity to connect with Stephen Marsh, Founder and CEO of Smarsh, Inc., a company well-known for its email and social media archiving services.

Smarsh Founder and CEO Stephen Marsh

By now, most advisers are aware of multiple archiving solutions for social media websites like Facebook, LinkedIn, and Twitter, but it’s not so clear whether updates to emerging social media sites like Pinterest can also be archived.

In this podcast, Marsh shares information on his company’s Web Archiving product and how it allows advisers to “pin” updates to Pinterest and archive them for compliance purposes.

Marsh also addresses the company’s annual Electronic Communications Compliance Survey report with key statistics.

After listening to the podcast, use the following link to download the free compliance survey: 2012 Electronic Communications Compliance Survey

Click to view/download the PDF podcast transcript.

Dropbox user accounts compromised, new security features to appear

Posted on August 1, 2012 by Bill Winterberg in Compliance, Software, Technology

Last night I posted this tweet about a TechCrunch.com article on several compromised Dropbox accounts.

[Two-factor auth is overdue -BW] Dropbox Reports User Accounts Were Hijacked, Adds New Security Features zite.to/Mi0aiE via @zite
— Bill Winterberg CFP® (@BillWinterberg) August 1, 2012

Unlike an issue last summer (see Bug Affects Dropbox Security: What Advisers Need To Know), you need to know that Dropbox’s security was not compromised.

Username and password credentials were stolen from a third-party website, which were then used to log in to associated Dropbox accounts.

In response, Dropbox said in a blog post that it will add new security features in the coming weeks, with two-factor authentication being the most noteworthy (see Boost your online security with two-factor authentication).

Events like this should be a lesson to you, even if you’re not a Dropbox user. Remember to follow good security practices to keep your account credentials safe, such as:

Avoid using the same username and password for multiple websites/accounts. Make each password unique for each account.
Avoid using unfamiliar or shared computers, as keystroke logging programs or other trojans may be installed without your knowledge.
Verify website addresses before typing in your login credentials. Look for the https:// address prefix and make sure you’re not redirected to a phishing website (see Cloud computing for financial advisers: How to stay safe)

In a few weeks, Dropbox should be rolling out the new security features. When they appear for your account, be sure to activate and use two-factor authentication. It’s one additional layer of protection you can add to better protect all the information you keep in your Dropbox account.

Smarsh releases Web Archiving, an automated solution to archive adviser websites

Posted on May 16, 2012 by Bill Winterberg in Compliance

New automated tool will help registered professionals eliminate tedious manual processes to meet FINRA and SEC requirements.

In a press release today, Smarsh, Inc., the Portland, Ore.-based company best known for email archiving, announced a new solution to help satisfy archiving and record-keeping requirements when it comes to adviser websites.

Web Archiving is the new solution, and Smarsh created a short explainer video to describe what it does, embedded below for your convenience.

(click to view on YouTube)

Web Archiving is designed to automatically crawl and capture the contents of an adviser’s website. In addition to archiving the full text of all website pages, Web Archiving also captures embedded media such as video, social media feeds, slideshows, and more.

According to the solution feature list, archived pages are rendered in their original format, preserving the “look and feel” of the website page as it originally appeared on the adviser’s site.

“Today’s Web is not static text, but rather an immersive multi-sensory experience. This complicates the critical need for organizations of all kinds to keep an accurate, uncompromised record of what has been published to the world via the Web,” said Stephen Marsh, Smarsh founder and CEO, in the release.

Without an automated tool, advisers may be forced to print individual website pages to PDF files and save them in a compliance file. This is a tedious, time-consuming process at best, and it doesn’t address media like embedded video or slideshows.

Website archiving is not very crowded with vendors. Alternate solutions can be found within the Advisor Websites platform (though an adviser’s website will need to be hosted with the company), Advisor Products (again, website hosting required), Arkovi, and a few others.

Should Financial Advisers use Google Drive?

Posted on April 26, 2012 by Bill Winterberg in Compliance

Broad terms of service language likely makes the latest cloud file storage service off limits for client files

Earlier this week, Google entered the increasingly-crowded market of cloud-based file storage services by introducing its own utility called Google Drive.

Google Drive offers convenient access to files from any device, but advisers may want to keep client files off the service

There are a number of popular cloud file storage services available today, with Dropbox, Box, SugarSync, and ShareFile generating the most buzz and interest among financial advisers. Generally, these cloud file storage services give users the ability to back up selected files and folders to servers in the cloud and enable remote access to those documents using mobile apps and web browser interfaces.

Ever since these services launched, financial advisers have questioned whether or not they’re safe to use for the storage of client files.

Last year I wrote Dropbox for Financial Advisers: Is it Safe? which continues to receive consistent traffic from advisers seeking opinions on whether or not using such services will violate any regulatory rules (the short answer is yes, but with conditions. Read the full post for details.).

Safe for Client Files?

With Google Drive, advisers want to know the same thing: is it ok to use to store files containing client information?

I believe the answer is no.

Google’s terms of service explain how the company may use files and information stored on a variety of its services, including Google Drive. Here is the relevant section for advisers:

Your Content in our Services: When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide licence to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes that we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights that you grant in this licence are for the limited purpose of operating, promoting and improving our Services, and to develop new ones. This licence continues even if you stop using our Services (for example, for a business listing that you have added to Google Maps).

The terms give Google the license to publish and publicly display content uploaded to their services. In addition, that license continues long after use of the services is discontinued.

Sure, for a listing on Google Maps, the terms make sense. But for files stored on Google Drive, applying the same terms can mean there is no limit to how long Google has the option to use your content.

Google Drive may ultimately prove to be the product that disrupts the cloud file storage market, but for now, financial advisers should stay clear of the service and never use it to store files containing client data.

Compliance automation solution Compliance11 now a part of The Charles Schwab Corporation

Posted on November 28, 2011 by Bill Winterberg in Compliance

Compliance11,Inc., a Chicago-based provider of compliance software and automation tools, was recently acquired by the Charles Schwab Corporation. The acquisition was announced in a November 16 press release you can read on Businesswire.com.

I reviewed Compliance11 in a recent column for Morningstar Advisor, Say Goodbye to Paper-Based Compliance Practices.

After speaking with Tad Mitchell, now VP of Compliance11 at Charles Schwab, I was very impressed with the depth of features offered by the platform. Knowing what it takes to monitor employees’ personal securities trading, update repetitive compliance tasks, and run reports of compliance activity, Compliance11 seems like a no-brainer purchase for growing advisory firms.

If you are still manually collecting portfolio holdings and trading records from employees, stop, and investigate how Compliance11 might save you not only money, but a bunch of your CCO’s time. And the icing on the cake is that advisers who custody with Schwab might get a great price on the Compliance11 platform.

How to address compliance deficiencies with technology: Part 2

Posted on October 17, 2011 by Bill Winterberg in Compliance

Last week I posted How to address compliance deficiencies with technology: Part 1, covering the first half of “Best Practices” provided by the North American Securities Administrators Association (NASAA) for investment advisers. NASAA’s full statement appears in Coordinated State Exams Identify Top Investment Adviser Deficiencies at nasaa.org.

Read Part 1 first, then continue with Part 2 below to see my thoughts on how to address each practice with technology.

Best Practice: Prepare and distribute a privacy policy initially and annually.

Solution: Document management software, Workflow, Email Newsletter Service, Document Valut

Imagine that, something so simple as delivering a privacy policy resulting in not one, but four technology solutions! You’re required to give new clients your privacy policy and deliver one to all clients annually. First, where do you keep the original copy of your privacy policy? A good place to keep it is in document management software. Not only can the software help you locate your current privacy policy, it also should maintain a history of previous versions of your policy should you ever need to review changes.

With respect to the steps you follow for new clients, workflow can eliminate the times you might forget to deliver the required document. Workflow for the new client process should define all the steps needed to bring on the client, including the delivery of your privacy policy. You’ll find workflow tools in some CRMs, document management software, or specific workflow applications.

Physical (or virtual) delivery of your privacy policy is fairly straightforward. For clients who elect to receive your privacy policy electronically, you can deliver your document via email or by uploading it to a client document vault. You can lighten the load of email delivery by using email newsletter services, allowing you to create just one email with custom mail merge fields for client names that includes your privacy policy as an attachment. A few, but not many, client document vaults allow you to upload your privacy policy once and then copy it to all of your clients’ folders.

For those clients who do not want electronic delivery, I suppose you’ll just have to print hard copies and send them the old fashioned way by mail.

Best Practice: Keep accurate financials. File timely with the jurisdiction.

Solution: Accounting software, Document management software, Compliance calendar

This best practice is straightforward, but enough advisers fail to do this NASAA feels compelled to address it. First of all, you likely already generate company financials out of your accounting and bookkeeping software (Quickbooks in most cases). When you generate your reports, why not file them to document management software in their own repository? That way you’ll have a secure, backed up location where financials are kept, spanning all the years you’ve been in business.

Add to that a compliance calendar system so that your Chief Compliance Officer receives gentle reminders regarding due dates for the submission of your financials. Compliance11 is one example of such calendar systems you can use to keep tabs on things (covered in Morningstar Advisor).

Best Practice: Maintain surety bond if required.

Solution: Document management software, Compliance calendar

There’s not a lot of technology needed to follow this best practice, but once you purchase your surety bond (when required), scan and file a copy of it into your document management software. You can also set a reminder in your compliance calendar to renew the bond when it reaches its due date.

Best Practice: Calculate and document fees correctly in accordance with contracts and ADV.

Solution: Portfolio accounting software, Custodian Accounting software

Calculating fees can be a simple or convoluted process for an advisory firm. Some firms charge a flat percentage of AUM with no breakpoints or discounts. Just value the client’s portfolio once a quarter, multiply by the fee percentage, send a fee debit request to the custodian, and copy the client with an invoice.

But for those who provide asset breakpoints, exclude certain investments from fee calculations, or aggregate households together to qualify for reduced fees, things get complicated. The lesson here is to leverage high-quality portfolio accounting software that can be programmed with your specific fee structure and be customized for the special discounts you offer. I’ve seen complicated fee structures implemented with Excel spreadsheets, but these are so fragile and susceptible to innocent errors that can result in embarrassing calls when the wrong fees are calculated.

In addition, a few of the portfolio accounting systems will also reconcile fee distributions received from custodians and cross-reference them with the original debits requested. Doing this manually is extremely time consuming, so adding automation wherever possible is desired.

Best Practice: Review all advertisements, including website and performance advertising, for accuracy.

Solution: Diligence, Compliance calendar

No technology solution can solve all your compliance requirements. Here, just ensure that any material you publish publicly featuring your firm and/or its investment performance is accurate and complies with reporting requirements.

Best Practice: Implement appropriate custody safeguards, if applicable.

Solution: Account aggregation services

You have custody of client assets when you have the ability to direct fund distributions or change an account’s address of record without requiring client approval. Not many advisers have custody, but some unknowingly do when they ask clients for their login and password to a held-away account like a 401(k) or 529 plan. Login credentials are typically used to access holding and transaction information in the accounts to provide performance reporting and comprehensive net worth reports for clients.

Instead, you should use account aggregation services to obtain balance, holding, and transaction information from held-away accounts without needed any knowledge of client login credentials. Keep those credentials out of your hands. Account aggregation delivers daily information on held-away accounts to most popular portfolio accounting systems. You can still report on those held-away assets, but you don’t need to tiptoe the line of custody by gathering clients’ login credentials.

Best Practice: Review solicitor agreements, disclosure, and delivery procedures.