On October 18, the U.S. Securities and Exchange Commission (SEC) announced the launch of the agency’s Strategic Hub for Innovation and Financial Technology (FinHub). But what is the “FinHub”?
As you may remember from our earlier blogs on registered investment advisers (RIAs), whether a firm should be registered as an investment adviser with the U.S. Securities and Exchange Commission (SEC) or with a state is typically determined by the amount of regulatory assets the firm has that receive continuous and regular supervision or management (collectively known as a firm’s “regulatory assets under management” or “regulatory AUM”); with some exceptions, firms that have over $100 million of regulatory AUM must register with the SEC, while smaller advisers must register with state securities authorities instead. But, what if a new investment adviser doesn’t currently have over $100 million of regulatory AUM, but expects to soon? Is the firm required to wait until it has over $100 million of regulatory AUM to register with the SEC?
As you may remember from our earlier post on the subject, under SEA Rules 17a-3 and 17a-4, a broker-dealer is required to make and keep books and records relating to its business and may maintain and preserve records by means of “electronic storage media.” The Securities and Exchange Commission (SEC) recently released guidance in response to a letter received from FINRA regarding contractual arrangements between broker-dealers and third-party recordkeeping service providers – more specifically, contractual arrangements that include provisions permitting the third-party recordkeeping service providers to delete or discard the broker-dealer’s records, typically due to non-payment by the broker-dealer of fees due under the contract. FINRA recapped the guidance received from the SEC in its Regulatory Notice 18-31.
[Continued from Customer Identification Program (CIP): Common Questions – Part I]
What Is A “Reasonable Time” To Verify Customers’ Identities?
A customer’s identity must be verified within a “reasonable time” before or after the customer’s account is opened. The rule does not specify what counts as a “reasonable time,” and the Adopting Release for the Broker-Dealer CIP Rule emphasizes that broker-dealers must be reasonably flexible when undertaking such verification. The broker-dealer must be able to undertake verification before or after an account if opened, as the amount of time needed may depend on various factors, which is part of the firm’s risk assessment. A firm’s CIP procedures must enable the broker-dealer to form a reasonable belief that it knows the true identity of each customer. Read More…
In our previous post on customer identification programs, “Customer Identification Program (CIP): Definitions and Requirements,” we defined “account” and “customer” and went over the minimum requirements for CIP procedures and verification, including touching on non-documentary means of identity verification. This post will get a little more specific, addressing common questions firms have when developing and implementing their customer identification programs. Read More…
The North American Securities Administrators Association, Inc. (“NASAA”) is requesting public comment regarding a proposed model rule for information security and privacy for registered investment advisers (RIAs) under the Uniform Securities Acts Of 1956 And 2002. NASSA has been actively working on addressing various investment adviser-related cybersecurity concerns and desires for several years and has identified a significant need for more information and tools regarding cybersecurity.
How Does Risk Assessment Affect a Firm’s CIP?
Appropriate verification procedures for a CIP are governed by a risk-based assessment. A CIP must include risk-based procedures for verifying the identity of each customer to a reasonable and practicable extent. These procedures must be based on the broker-dealer’s assessment of the relevant risks, including those presented by the types of accounts maintained by the broker-dealer, the methods of opening accounts, and the types of identification information available. Additionally, this risk-based assessment should take into consideration the broker-dealer’s size, location, and customer base.
A broker-dealer must establish, document, and maintain a written Customer Identification Program (CIP) as a part of the broker-dealer’s anti-money laundering (AML) compliance program (31 CFR 1023.220) as required by FINRA Rule 3310. The CIP must be appropriate for the broker-dealer’s size and business, and it must outline the following procedures: Read More…