SEC Archives - Page 2 of 4

ShareFile adds SEC and FINRA compliance capabilities with Archiving for Financial Services

Posted on April 2, 2013 by Bill Winterberg in Compliance, Technology

The popular online file sharing service meets regulatory record-keeping requirements with latest archiving functionality

ShareFile Archiving for Financial Services

In a press release today, ShareFile, the online file sharing service owned by Citrix, announced the availability of its Archiving for Financial Services compliance feature.

ShareFile, my 2012 Morningstar Advisor Best Back-Office Technology award winner, has been popular among financial advisers for its online file storage functionality much like Dropbox, Box, SugarSync, Google Drive, Microsoft SkyDrive, and many more.

But ShareFile’s focus on the specific needs and regulatory requirements of professionals in financial services has helped the company gain a sizable following relative to the generic competition.

According to the press release, ShareFile Archiving for Financial Services helps financial advisers satisfy SEC and FINRA record-keeping requirements “by offering retained, indexed, auditable and searchable records of client communications for the period required or longer.”

Below is a video from ShareFile with an overview of Archiving for Financial Services.

(Click to watch on YouTube)

Consolidating Two Systems

Typically, advisers who use online file sharing services to exchange documents with clients and prospects maintain two separate systems in their back office.

One system is the online file sharing service that does just that; facilitates file sharing with individuals outside the adviser’s network infrastructure.

But most advisers then maintain a second system that satisfies the record-keeping requirements imposed by the SEC and FINRA. Two systems are necessary, because consumer file sharing services (i.e. Dropbox) just aren’t built with the regulatory record-keeping requirements in mind.

For advisers using ShareFile Archiving for Financial Services, two systems should no longer be necessary to satisfy the record-keeping requirements.

A Document Management Solution?

With the addition of Archiving for Financial Services, is ShareFile now a contender among document management providers?

I believe the answer is no.

Archiving for Financial Services is a very useful addition, and it will eliminate the need to run two separate systems to facilitate file sharing and to maintain adequate record-keeping systems. But document management requires more than just indexed, auditable, and searchable records of client communications.

Document management systems offer metadata tagging and document profiling for every record stored in the system, and automated workflow is also frequently supported.

So for advisers who lack a true document management system (and surveys consistently show that there are a large number of such firms), ShareFile combined with Archiving for Financial Services is a convenient way to get two features from the same product.

But for firms already using document management systems with native record-keeping compliance, Archiving for Financial Services is unnecessary.

Nevertheless, ShareFile’s ease of use and mobile device compatibility still makes it a strong contender for online file sharing with clients, prospects, and colleagues.

For more details about Archiving for Financial Services, visit the ShareFile Blog and read New feature allows ShareFile to help financial firms achieve compliance

FPPad Bits and Bytes for March 8

Posted on March 8, 2013 by Bill Winterberg in Bits & Bytes

The Mobile Adviser, debuting at FPA Business Solutions 2013, March 7-9, Chicago

I’m in Chicago to wrap up the week, debuting my latest presentation The Mobile Adviser: Everything financial advisers need to stay safe, connected, and productive in the Mobile Age at FPA Business Solutions 2013. Follow the conference hashtag on Twitter, #FPASolutions.

But I still managed to take time to assemble this week’s top stories in financial adviser technology:

Newly Affluent Unimpressed With Advisors’ Use of Tech and Investment Strategy from AdvisorOne.com

[Guess what: if you haven’t upgraded your technology in the last 2-3 years, new clients will likely opt to work with a firm other than yours. Here’s what prospects are looking for: they’re checking out your “social cred,” or your presence on the web, including a compelling bio, video content about what makes you an ideal adviser for certain clients, social media interaction, and more. Then when prospects engage your firm, they want to work through digital channels, view reports on a tablet, exchange text messages with you, and sign documents electronically. So if you push pens and paper in front of them, they’ll likely be turned off by your “archaic” processes.] A large portion of up-and-coming affluent people around the world, though generally satisfied with their wealth managers’ use of technology, are unimpressed with the way advisors use that technology to show them how to invest their money, according to a new study.

How Black Diamond is working out — or not — as Advent’s agent of deliberate cannibalization from RIABiz.com

[While Orion has not-so-quietly surpassed $100 billion in assets managed under its platform (see: TD Ameritrade’s open technology helps push Orion Advisor Services over the $100 billion in platform assets mark), Black Diamond has been relatively quiet since its acquisition by Advent back in 2011. Why is that? RIABiz’s Brooke Southall gets some candid feedback from Advent chief executive Peter Hess about the company’s languishing growth. Want my opinion? Maybe it’s because Black Diamond hasn’t yet nailed down its data quality and customer service concerns expressed by advisers.] In one respect, Black Diamond Performance Reporting has not lived up to the expectations of executives of Advent Software Inc., which acquired it in 2011.

Review: AssetBook’s Radar Gets Stronger from Financial-Planning.com

[This is a very good review from Joel Bruckenstein about web-based portfolio management software provider AssetBook. If you’re in the market for a system that allows you to ditch your local servers and on-premises software, AssetBook is definitely worth a look now that it has rolled out Radar.] Radar, AssetBook’s new software as a service portfolio management system, was built to address [some existing] weaknesses. And it includes some new features that advisors are sure to like.

NerdWallet’s lead generation website has 20 Bay area advisors in beta, MIT, Wharton, Brown and Stanford folks running things and a Silicon Valley confidence from RIABiz.com

[Kudos to RIABiz’s freelance contributor Kelly O’Mara for highlighting NerdWallet. So if you are terrible at generating your own leads and prospects with your online marketing materials, maybe there’s a chance you can attract some new business with NerdWallet’s lead generation tools. Guess what: If you’re an adviser in Atlanta, GA (i.e. FPPad headquarters), there are zero, that’s right, ZERO advisers currently showing up in NerdWallet’s “Find an Advisor” search engine. Talk about a blue ocean!!] Acquiring useful leads that can be converted into actual clients — without spending too much money or wasting too much time — is a holy grail of the RIA business.

New from Balance: Digital Office & Solution Templates from BalanceFinancial.com

[Buried deep on my “companies-with-whom-I-should-connect” list is Balance Financial. So here’s a quick look at how they’re continually developing their product, now releasing Digital Office that is aimed to clean up problems with client portals. Again, my take: client portals will soon be dead, replaced by access to files and information via apps and desktop sync tools like Box and ShareFile.] Balance is excited to announce that today we … are launching a new suite of capabilities we are calling our Digital Office.

Erado Achieves the Largest Growth in Company History from Erado.com

[Remember Erado, the social media archiving provider for financial advisers (see: Six More Designate Erado as Their Social Media Compliance Provider)? Well they’ve evidently been on a tear with respect to growth, experiencing “the largest growth in their history” and being named “Cool Vendor” in Gartner’s Cool Vendors section. If you recall, they’re the preferred archiving provider for most of LPL’s reps using social media. How about that for a boring social media archiving company!] Erado, the nation’s leading compliance and archiving firm in electronic communication, announced their company milestone report for 2012.

Advisors Want Clarity On SEC Custody Complaints from FA-Mag.com

[While not specifically technology related, oh boy did the SEC just step up its rhetoric on custody. The problem is that custody continues to be an ambiguous term for compliance officers. Look, clients deserve to receive a complete picture of their wealth from their financial adviser, not just a slice that happens to be held with the adviser’s custodian of choice. So in comes held-away account monitoring and aggregation. Well often the easiest way to monitor held-away assets is to obtain client login credentials for those external assets and do some data gathering a dozen or so times a year. Whoops, turns out obtaining those credentials might (or might not, nobody has a definitive position) trigger custody! It’s a tangled web to navigate, and in many cases, not worth the hassle for advisers. So they give up and return to giving clients just a limited view of their overall wealth. Who is best served by that?] Leading figures in the financial advisor industry are asking the Securities and Exchange Commission for more clarity in the wake of new SEC complaints Monday about custody of client funds.

How to hide endorsements from your LinkedIn profile

Posted on October 5, 2012 by Bill Winterberg in Compliance

Advisers must hide LinkedIn Endorsements to avoid compliance violations

Update 01/21/2013! LinkedIn is rolling out completely new profile designs to users, changing the way Endorsements are managed. Go read How to hide LinkedIn Endorsements on the new LinkedIn profile design now and watch the screencast reflecting the new changes.

As a financial adviser, you’re well aware that you can’t use client testimonials in any of your marketing materials. SEC and FINRA regulations prohibit the use of client testimonials (see: Adviser Use of LinkedIn May Violate SEC Rules).

LinkedIn’s latest feature called Endorsements, opens up another issue for financial advisers with LinkedIn profiles. Anyone can visit an adviser’s LinkedIn profile and endorse specific skills and expertise. Considering the broad language against client testimonials, allowing such endorsements should be avoided.

So how do you remove or disable Endorsements from showing up on your profile?

In the screencast below, I walk you though two ways you can prevent Endorsements from showing up on your public profile.

Watch the screencast now and hide any public endorsements on your own profile to avoid triggering compliance violations.

Bug Affects Dropbox Security: What Advisers Need To Know

Posted on June 21, 2011 by Bill Winterberg in Compliance, Software, Technology

Just last week I wrote a post addressing Dropbox and its use by financial advisers. It’s worth reading, but the summary is:

If you are regulated by FINRA, don’t use Dropbox (or any web-based service where you place client information) without the approval of your broker-dealer’s compliance department. Even after approval, document what your policies and procedures are to keep client information safe.
If you are regulated by the SEC or state as a registered investment adviser, document the steps you take to protect the security and confidentiality of customer information placed on web-based services such as Dropbox. You may optionally apply your own encryption to files saved in Dropbox to better protect them from unauthorized access.

So what happened over the weekend?

During system maintenance on Sunday, June 19, Dropbox introduced a bug into its authentication mechanism. Click here to read Dropbox’s explanation of the issue.

In summary, for a period of about four hours, correct passwords were not needed to log in and access Dropbox accounts. All that was required was a valid email address associated with an active account.

Make no mistake, this is a serious security issue.

Anyone who might have guessed an adviser’s email address (or even look it up on the adviser’s website) which happens to be used for a Dropbox account storing client files would have been able to access, view, download, et. al. those files without needing a valid password.

However, for advisers who encrypt or otherwise protect documents stored on Dropbox with access passwords, unauthorized access to the Dropbox account would not have yielded access to the contents of the files; only the file names would be visible (for password-protected documents).

The security lapse should never have happened, but it did. I said last week that adding an extra layer of security and/or encryption was optional. I feel I must be more specific in my recommendation of Dropbox.

If you choose to use Dropbox to store and share documents with client information, encrypt and/or password protect those documents prior to placing them in Dropbox.

Yes, this extra security makes sharing documents a bit more convoluted, as clients with whom you share files must remember the password required to access documents. But consider the alternative without the use of the extra layer of security in Sunday’s scenario.

And really, you shouldn’t have to apply your own security, but Dropbox isn’t touting their service for the enterprise market or regulated industries like financial services. They’re first and foremost a company providing a product for consumers. Should you choose to use Dropbox for client documents, take the necessary steps to better protect client information from unauthorized access.

Also, consider alternatives to Dropbox such as SugarSync, Carbonite, Egnyte, Wuala, and more. They’re worth investigating and performing your own due diligence.

Dropbox for Financial Advisers: Is it Safe? Secure?

Posted on June 15, 2011 by Bill Winterberg in Compliance, Software, Technology

Update 6/21/2011: A bug affected Dropbox’s password authentication mechanism on June 19. Read my follow up post on what advisers need to know about the compromised security.

Financial advisers want to know: is Dropbox, the simple and convenient file storage service, safe and secure? The answer to that question may not be so clear.

Is Dropbox safe and secure?

Can I store and share client documents on Dropbox?

I get asked these questions about Dropbox, a simple and convenient file storage service based in the cloud, quite often at conferences and while consulting with financial advisers.

I’ve discussed Dropbox several times on FPPad (see The iPad for Financial Advisers and Wealth Managers, A Real Life Example of Productivity Tips in Action, and Dropbox Featured in Forbes; Tools Should “Just Work”), but have not specifically addressed security characteristics of the service as they apply to financial advisers and registered representatives.

Frankly, Dropbox’s security attributes of have been a moving target as of late. That’s not necessarily a bad thing for the wildly-popular service, used by more than 25 million people, but it is important that advisers take a close look at how Dropbox communicates regarding its security.

Is It Secure?

I won’t rehash the details of recent controversy over Dropbox’s changes to its statements on security here, but I do want to direct you to a resource that I feel fairly addresses the situation.

Over at TechRepublic, IT consultant Michael Kassner posted an interview with ChenLi Wang of Dropbox’s Business Operations. Read Kassner’s post to gain perspective on Dropbox’s changes to its security statements and how they apply to its users. Click the link below to read it first, then come back and continue reading this post.

TechRepublic: Dropbox: Convenient? Absolutely, but is it secure?

Security Discussion

Flickr: Grey Wind

Now that you have some background on the issue, let’s address security from the financial adviser’s perspective.

Without question, financial advisers collect and maintain personally identifiable information (PII) on clients in order to deliver financial advisory services. Both FINRA and the SEC have requirements in place that FINRA member firms and registered advisers must follow. SEC Regulation S-P, Privacy of Consumer Financial Information, is the primary rule by which advisers must abide to address the protection of client information and records.

With respect to Dropbox, what must advisers do to abide by the requirements?

If you operate under FINRA, you must first ask your broker-dealer’s compliance department what your options are when considering the use of cloud-based applications, including Dropbox. It’s likely your broker-dealer has performed due diligence on a select number of providers which likely include vendors of cloud-based CRM, portfolio management software, financial planning, and document management applications.

Empirically, some broker-dealers have approved the use of services like Dropbox for their registered representatives, while others prohibit its use. So I cannot provide specific guidance for those of you affiliated with a broker-dealer; check with them first.

If you are an SEC or state-registered investment adviser, you must have written policies and procedures in place that address the steps you follow to protect client information. If you elect to use Dropbox, document the steps you take that are designed to (taken directly from Reg S-P):

(i) insure the security and confidentiality of customer records and information;

(ii) protect against any anticipated threats or hazards to the security or integrity of customer records and information; and

(iii) protect against unauthorized access to or use of customer records or information that could result in substantial harm or inconvenience to any customer.

From Kassner’s post highlighted earlier, Dropbox acknowledges that, in “rare circumstances,” a “small number of employees” are able to access user data according to the provisions in Dropbox’s privacy policy (e.g., when legally required to do so). Aside from the rare circumstances, Dropbox’s Wang went on to say:

We have strict policy and technical access controls that prohibit employee access except in these rare circumstances. In addition, we employ a number of physical and electronic security measures to protect user information from unauthorized access.

So let me challenge you, the adviser, with this question: What steps do you have in place to insure the security of client information stored on other web-based services? Have you performed similar due diligence on your CRM provider, online financial planning software, or even your online e-newsletter service? If you feel those services adequately protect the security of client information, how does that align with your confidence in Dropbox’s ability to provide similar protection?

Encryption

Before concluding this post, let’s briefly address the option of using additional encryption. To better protect client information, records can be encrypted using third-party applications before they’re transferred to web-based services like Dropbox (though I know of no methods advisers can use to encrypt client data stored in, say, web-based CRM. Does that make it more vulnerable?).

Remember, Dropbox stated, “all files stored on Dropbox servers are encrypted (AES 256).” Is it necessary to add yet another layer of encryption to files stored on Dropbox? Perhaps. If additional encryption is applied to documents stored on Dropbox, even if the “small number” of Dropbox employees access files legally under “rare circumstances,” all they will see are encrypted files with no meaningful data.

So, yes, the use of third-party encryption such as TrueCrypt, SecretSync, and others mentioned in Kassner’s post, does add an additional layer of obfuscation to protect against information access by Dropbox employees. But does that mean it is required to comply with regulatory requirements?

I believe the answer is no.

Files are already stored encrypted on Dropbox. There’s a reasonable expectation that the files will remain protected from unauthorized access. Assuming select Dropbox employees do access stored files, citing the legal requirement to do so, that access is likely to be authorized, as it is in response to a request from law enforcement. If this were to happen to you, you probably would have more to be concerned about than Dropbox decrypting your files and providing them to law enforcement.

Best Practices

Let me close with what I believe to be best practices for the use of cloud-based storage services, including Dropbox.

If you’re a FINRA member, check with your broker-dealer’s compliance department before using any web-based service. Obtain approval before storing any client information on such services. Also, document your policies and procedures regarding the steps you take to protect client data when using web-based applications.

If you’re an independent registered investment adviser, document the policies and procedures you employ to protect client data when using any web-based service. For added protection, you may optionally apply third-party encryption where applicable, but I believe it is not a requirement to comply with SEC Regulation S-P rules.

Do you have practical information with respect to these best practices? Perhaps your broker-dealer has raised issues on web-based services that are not included here. Please leave comments and feedback below to help clarify what advisers need to do to protect client data stored in cloud-based services.

Full Disclosure: I use Dropbox every day; it significantly simplifies my life. I store both personal and company files on the service. However, I am neither SEC or state-registered nor am I a FINRA member.

For those files that contain private or sensitive information, like social security numbers and bank account numbers, I add individual file password protection. All of these files are in PDF format, so I use Adobe Acrobat to encrypt all document contents with 256-bit AES and require a password to open the document.

Even Adobe PDF document passwords are not a 100% guarantee against unauthorized access. No password-based security system is. But with a combination of mixed case, numbers, and punctuation, the time required to apply a brute-force attack to crack the password may deter unauthorized users from an attempt, and instead seek out more vulnerable targets for an attack. I feel that this level of protection is adequate for my personal situation and acknowledge that the benefits of using web-based services like Dropbox are compelling enough to accept the risk trade-off. Your situation may dictate different considerations.

BrightScope Launches Advisor Pages™, Aggregates SEC/FINRA Sources to Improve Adviser Search

Posted on April 26, 2011 by Bill Winterberg in Professional Development

One innovative company is attempting to change the way consumers search for financial advisers.

BrightScope, the San Diego, Calif.-based provider of independent investment research and financial data, today announced the release of BrightScope Advisor Pages™.

Click here to read the press release at MarketWire.com

Changing Search

In the past, consumers searching for financial advisers faced an uphill battle of gathering information from multiple disparate sources, including information publicly available from the Securities and Exchange Commission and the Financial Industry Regulatory Authority.

Often, consumers likely turned to search engines like Google and Bing to enter queries for advisers in their city, but the results offered no way to compare the basic information of one adviser to another.

Enter BrightScope Advisor Pages, where much of the public data is aggregated into one searchable database that supports filters to narrow search results. Adviser profiles include firm affiliation, contact information, registration type (Registered Representative of a Broker-Dealer, Registered Investment Adviser, or dually registered), and assets under management in addition to other information.

Adviser Search Legacy

Websites to search for financial advisers are not new. Roughly two years ago, a trio of sites were launched that provided a searchable database of financial professionals, including EvaluateMyAdvisor.com, FABeetle, and financeanswers.com. None of these sites are active today (hence the absence of hyperlinks). While we do not know the specifics of these sites’ reasons to shut down, we suspect that the controversial feature of allowing visitors to post ratings and reviews of advisers led to tricky compliance issues.

As many advisers subscribe to our blog, we recommend that you visit Advisor Pages and search for your own profile. If any data is incorrect, use the “Claim Your Profile” link to create a free account and contact BrightScope staff to correct the discrepancies.

What Advisers Can Expect on Examination Requests from the SEC

Posted on March 18, 2011 by Bill Winterberg in Compliance

Steelbridge Compliance, a compliance consulting firm to investment advisers based in Dallas, Tex. (located just a mile from FPPad world headquarters), yesterday released a copy of a recent examination request list from the SEC.

The request document is 28 pages and covers much of the standard areas for inspection including trading history, itemized lists of all client accounts, and two years of all email history.

Notably absent from the February 2011 document is a request for the adviser’s use of social media, including Facebook, Twitter, and LinkedIn.

Click here to visit the Steelbridge Compliance blog and download the notice.

Independent Broker/Dealers Warming Up To Social Media

Posted on June 18, 2010 by Bill Winterberg in Compliance

Like it or not, social media in financial services has been a recurring topic in the industry this year. The big question for FINRA-regulated registered representatives and SEC-regulated investment advisers is how to engage in social media activities without violating compliance rules (even after FINRA released its guidance on using social networking websites).

In the first significant step in the broker/dealer environment, Cambridge Investment Research announced that it plans to support their representatives’ use of social media by adopting compliance and monitoring software from Socialware.

Click here to read the announcement from Financial Planning Magazine online.

FPPad subscribers have read about Austin, Tx. based Socialware before and their tools that help advisers and representatives satisfy compliance requirements when using social media websites.

The fact that Cambridge is stepping up to the plate and giving the tentative green light to its reps means more and more financial professionals will be able to manage social media profiles to engage in conversations with clients and prospects.

← Previous 1 2 3 4 Next →

FPPad