Mandates Beyond the Advisers Act: Anti-Money Laundering and Data Security
April 29, 2014
Tuesday 1:00 PM - 3:00 PM (ET)
1) The first half of this session will focus on anti-money laundering.
The SEC and FINRA have made it clear that a Bank Secrecy Act Anti-Money Laundering (AML) compliance program should be designed commensurate with the organization’s unique risk profile. Two of the goals in creating a BSA/AML risk assessment are to:
a) Identify vulnerable areas that could be used to facilitate the movement of illegally gotten or used funds; and
b) Develop processes and procedures to mitigate that risk.
The same risk management principles that your organization uses in traditional compliance and operational areas should be applied to assessing and managing BSA/AML risk. Understanding the risk profile enables an organization to apply appropriate risk management processes to its BSA/AML compliance program and to better identify and mitigate gaps in its controls.
AML experts will help you get the basics right and aid you in evaluating the comprehensiveness of your current BSA/AML risk assessment by suggesting areas that may have been overlooked; helping you understand how due diligence and documentation lend credibility to your risk assessment; and providing guidance in creating a sound written risk assessment summary.
After completing the AML section, attendees should be able to:
- Assess how anti-money laundering rules affect your firm
- Identify resources and implement systems that alert firms to industry requirements and best practices
- Identify AML examination priorities and develop policies and procedures to avoid common deficiencies
2) The second half of this session will focus on data security.
Investment advisers and broker-dealers cannot conduct business without gathering and maintaining customer information. Federal and state regulators are mandating strict controls and procedures to help ensure that this information does not fall into the wrong hands. In its examinations, SEC staff focuses heightened attention on a firm’s information security or “safeguarding” controls for protecting client information. Businesses would also be well-served to heed the increasingly strict state laws setting minimum criteria for information security.
In 2013 the SEC and CFTC each jointly adopted identity theft red flags rules applicable to regulated entities reporting to the SEC and the CFTC, respectively. Certain investment advisers may be subject to the rules depending on the type of authority they are provided by their individual clients or private fund investors. Covered firms are required to adopt policies and procedures for detection of and response to identity theft.
This session will discuss the core principles of information security and how to map a firm’s policies and procedures to its particular risk profile.
After completing the data security section, attendees should be able to:
- Identify Regulation S-P requirements concerning privacy notice delivery and create firm-wide policies and procedures concerning privacy practices
- Decipher the safeguarding requirements under Regulation S-P
- Outline strong internal controls to identify and assess the red flags of identity theft and data breaches, effective safeguards for controlling these risks, responses to information breaches and recommended steps for preventing them, and reasonable monitoring and testing of your safeguarding program
- List information security areas of current SEC focus that are likely to surface during an SEC examination
Examine the efforts on the part of the states and the SEC to impose broader and more specific requirements on firms that collect personal information
For Whom: Designed to increase the professional competence of investment adviser professionals with legal, compliance, operations and management responsibilities
Suggested Skill Level: Intermediate
Instructional Method: Group Internet-Based
Pre-requisites for participation: No prerequisites are required.
Advanced Preparation: None
Order this Desktop on Demand