Broker-dealer firms are well advised to review and update their privacy policies, in light of the Securities and Exchange Commission’s (“SEC”) recent enforcement and investigation activities arising from Regulation S-P.
According to trade press, recently the SEC informed one independent broker-dealer firm, Next Financial Group, Inc. of Houston, Texas, that it may file a “privacy” suit under Regulation S-P. The suit would be based on the practice, which Next maintains is common among independent broker-dealer firms, of requiring broker recruits from other firms to provide Next with customer information in anticipation of the move. According to the press, the SEC contends that before the brokers left their firms to join Next, they should have asked clients for their consent to use any information at the new firm. Alternatively, Next should have only required brokers to provide this information if the brokers’ prior firms had stated in their privacy policies that departing brokers may take certain customer information to competing firms (and the particular consumers had not opted-out of this policy). The SEC is reportedly considering suing Next for violations of Regulation S-P, as well as for aiding and abetting the violations by the brokers it recruited.
Regulation S-P contains the privacy rules promulgated by the SEC under section 504 of the Gramm-Leach-Blilely Act. Section 504 requires the Commission and other federal agencies to adopt rules implementing notice requirements and restrictions on a financial institution’s ability to disclose non-public personal information about consumers. Under the Gramm-Leach-Blilely Act, a financial institution must provide its customers with a notice of its privacy policies and practices, and must not disclose nonpublic personal information about a consumer to nonaffiliated third parties unless the institution provides certain information to the consumer and the consumer has not elected to opt out of the disclosure.
You can find more on Regulation S-P on the SEC’s website here.