The North American Securities Administrators Association, Inc. ("NASAA") requested comments on a rule proposal related to investment adviser access to client accounts.
According to NASAA, many investment advisers access the accounts of clients by logging in with clients' usernames and passwords instead of using discrete login information created specifically for the advisers. As a result, NASAA contended, potential compliance issues could arise in relation to custody and recordkeeping requirements. Such arrangements might cause clients to violate user agreements that forbid customers from sharing usernames and passwords.
NASAA proposed amending the NASAA Model Rules on Unethical Business Practices of Investment Advisers, Investment Adviser Representatives, and Federal Covered Advisers to prohibit the practice of "Accessing a client's account by using the client's own unique identifying information (such as username and password)."
Comments from interested parties must be received by August 25, 2017.
Commentary / Dorothy Mehta
This sensible proposal implements a most basic cybersecurity measure. Advisers who are aware of their clients' usernames and passwords should promptly instruct their clients to change this login information.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.