CT BANK Use Of Client User Names
On Aug. 12, CT BANK issued guidance on using client user names.
- Securities, business investment division received inquiries from investment advisory personnel on account access via client own information such as username, password.
- Deems using client unique identifying information to access account dishonest or unethical practice under 36b-5(f) of the Connecticut uniform securities act.
- Scenario distinct from advisory personnel that access client electronic accounts through adviser’s own, unique log-in information following client authorization.
- Using client’s own unique identifying information to access account presents both operational and regulatory risks, hinders pinpointing who is accessing the account.
- Advisers engaging in the practice impersonate client, and, in extreme situations, this raises red flag more egregious conduct, such as misappropriation, could be occurring.
- Concerns cybersecurity, custody, recordkeeping, potential client agreement violation.
- Custody issues arise because adviser can transfer monies or securities from account.
- Agreement violation may prompt deny reimbursement for unauthorized withdrawals.
- Any convenience to the client is overshadowed by the risk of harm to the client, to the investment adviser’s operations, and to the reputation for integrity of the adviser.
- Division incorporated this position into its enforcement and examination programs.
- Investment advisory personnel out of compliance immediately should notify affected clients in writing to change custodial account user name, password, security questions.
- Should also notify affected clients to ask that custodian or platform provider provide the adviser with own unique log-in information to use as a standard business practice.
||Bank; Fiduciary; IA; Inv Co; Thrift
||PR, 8/12/2019; Conn Gen Stat 36b-5;
||Compliance; Exams; Legal; Operations; Privacy; Technology
||United States of America
||Banking; Custody; Loan
Last substantive update on 08/13/2019