Mandates Beyond the Adviser Act: Anti-Money Laundering and Data Security
May 21, 2013
Tuesday 1:00 PM - 3:00 PM (ET)
While the Investment Advisers Act of 1940 includes most of the rules and regulations an advisory firm needs to abide by to be compliant, other regulations affect advisory firms in significant ways and must be considered. This course surveys anti-money laundering and data security, two mandates that every advisory firm needs to understand and incorporate into its compliance program.
The first half of this session will focus on anti-money laundering. The SEC and FINRA have made it clear that a Bank Secrecy Act Anti-Money Laundering (AML) compliance program should be designed commensurate with the organization’s unique risk profile. Two of the goals in creating a BSA/AML risk assessment are to:
a) Identify vulnerable areas that could be used to facilitate the movement of illegally gotten or used funds
b) Develop processes and procedures to mitigate that risk.
The same risk management principles that your organization uses in traditional compliance and operational areas should be applied to assessing and managing BSA/AML risk. Understanding the risk profile enables an organization to apply appropriate risk management processes to its BSA/AML compliance program and to better identify and mitigate gaps in its controls.
AML experts will help you get the basics right and aid you in evaluating the comprehensiveness of your current BSA/AML risk assessment by suggesting areas that may have been overlooked; helping you understand how due diligence and documentation lend credibility to your risk assessment; and providing guidance in creating a sound written risk assessment summary.
After completing the AML section, attendees should be able to:
- Assess how anti-money laundering rules affect your firm
- Identify resources and implement systems that alert firms to industry requirements and best practices
- Identify AML examination priorities and develop policies and procedures to avoid common deficiencies
The second half of this session will focus on data security.
Investment advisers and broker-dealers cannot conduct business without gathering and maintaining customer information. Federal and state regulators are mandating strict controls and procedures to help ensure that this information does not fall into the wrong hands. In its examinations, SEC staff focuses heightened attention on a firm’s information security or “safeguarding” controls for protecting client information.
Businesses would also be well-served to heed the increasingly strict state laws setting minimum criteria for information security. Approximately forty-six states and the District of Columbia have enacted data breach-notification laws. The proliferation of state data breach notification laws, substantive state information security laws (such as the Massachusetts data security standards), and private lawsuits on information security matters has led to heightened attention to information security in both IT budgets and staffing and in terms of compliance resources.
Most recently on April 10, 2013, the SEC and CFTC each jointly adopted identity theft red flags rules applicable to regulated entities reporting to the SEC and the CFTC, respectively. The rules will be effective May 20, 2013 and the compliance date of the rules will be November 20, 2013. Certain investment advisers may be subject to the rules depending on the type of authority they are provided by their individual clients or private fund investors. Covered firms will be required to adopt policies and procedures for detection of and response to identity theft.
This session will discuss the core principles of information security and how to map a firm’s policies and procedures to its particular risk profile.
After completing the data security section, attendees should be able to:
- Identify Regulation S-P requirements concerning privacy notice delivery and create firm-wide policies and procedures concerning privacy practices
- Decipher the safeguarding requirements under Regulation S-P
- Outline strong internal controls to identify and assess the red flags of identity theft and data breaches, effective safeguards for controlling these risks, responses to information breaches and recommended steps for preventing them, and reasonable monitoring and testing of your safeguarding program
- List information security areas of current SEC focus that are likely to surface during an SEC examination
- Examine the efforts on the part of the states and the SEC to impose broader and more specific requirements on firms that collect personal information
For Whom: Chief Compliance Officers, Internal Auditors, IA and BD Compliance Staff at all levels, Marketing Personnel, Legal counsel, Management, Information Officers
Suggested Skill Level: Intermediate
Instructional Method: Group Internet-Based
Pre-requisites for participation: No prerequisites are required.
Advanced Preparation: None
Order this Desktop on Demand