Galvin fine on Summit Equities raises questions over all adviser technology

Massachusetts Secretary of the Commonwealth cites violation of state law requiring firms to protect investors' private information

Jan 4, 2019 @ 2:24 pm

By Ryan W. Neal

Broker-dealers may need to re-evaluate policies regarding third-party adviser technology following a recent action by Massachusetts Secretary of the Commonwealth William Galvin.

Mr. Galvin's securities division fined Summit Equities, a New Jersey-based broker-dealer, $100,000 on Dec. 27, for failing to supervise registered representatives who mishandled information of Massachusetts clients held within third-party customer relations management software.

According to a consent order, Summit allowed advisers affiliated with the firm to select their own third-party CRM system. Four advisers opted to use Redtail CRM to store clients' private information, including names, addresses, phone numbers, dates of birth, social security numbers, account details, communication histories and adviser notes.

(More:Finra updates cybersecurity best practices report)

Summit had no access to or control over the data that advisers put into Redtail and the firm was unable to monitor the data and who had access to it. After the advisers terminated their relationship to Summit, they were still able to access the client data through their CRM.

Though Summit has a policy to wipe all client personal data from a departing rep's devices, the policy was not in place for third-party technologies like Redtail. Mr. Galvin's office decided this violated the Massachusetts law requiring firms to protect investors' private information.

"The security of personal information is a very serious issue for me and my office," Mr. Galvin said. "It is more important than ever that companies gathering personal information keep that information as secure as possible."

Summit Equities did not respond to a request for comment.

Terry Lister, a legal consultant and former Waddell & Reed chief regulatory officer, believes this is the first enforcement action of its kind, and is a "shot across the bow" to IBDs to re-evaluate how policies regarding client data are being applied to third-party technologies.

Most IBDs allow for, and even encourage, advisers to select their own CRM systems, Mr. Lister said. But the technology is ultimately owned by the adviser and not the firm. As a result, there is no oversight in place for what data goes into the technology and no plan for an adviser leaving firm.

"In the current environment we work in, the reps are going to have to recognize the fact that they can't just automatically assume that they can take that CRM data with them," Mr. Lister said.

(More: Retirement plans see rise in cyberattacks)

Mr. Lister recommends firms take time to inventory every third-party technology used by advisers, what data those platforms store, and whether or not the data will need to be retrieved if an adviser leaves the firm. Part of the reason Summit was fined was the firm simply wasn't following its own rules, he said.

If this is the first case of its kind, Mr. Lister wonders if it'll slow technology adoption in the IBD space.

"Instead of having a plethora of different CRM systems … rethink that business model and think more about providing a CRM system for the firm that all reps will use and the firm will control," Mr. Lister said.

For Paul Ewing, CEO of Prosperity Advisory Group, the case raises questions about who ultimately has sovereignty over client data.

"In the IBD space, it's a long held tradition that it's owned by the adviser," Mr. Ewing said.

The CRM has more than just identifying information, he said. It also contains meeting notes, financial planning information and records of client interactions, so how can the broker-dealer demand that information gets deleted, Mr. Ewing asked.

"Advisers have to ask the question: what are the rules at my firm?" Mr. Ewing said. "What does Cetera require? What does LPL require? Could we be in violation of the same rule?"

But what's most interesting to Mr. Ewing is that the broker-dealer has authority over information on a technology paid for and owned by the adviser, not the firm. What does this mean for third-party technologies like Redtail and how it works with IBD advisers going forward?

Redtail said it doesn't comment on client engagements.

Mr. Lister said he expects this is only the first case of regulators looking at how firms are governing advisers' third-party technologies.

"You're going to see more of this. Advisers either don't know or chose not to pay attention," Mr. Lister added. "Firms need to make sure that their advisers understand what the policies are in these areas and how it applied in all situations."

0
Comments

What do you think?

View comments

Recommended for you

Upcoming Event

Sep 10

Conference

Denver Women Adviser Summit

The InvestmentNews Women Adviser Summit, a one-day workshop now held in six cities due to popular demand, is uniquely designed for the sophisticated female adviser who wants to take her personal and professional self to the next level.... Learn more

Featured video

INTV

Why a #MeToo story about the financial advice industry was important to do

Reporter Greg Iacurci and editorial director Fred Gabriel discuss the survey behind our cover story on sexual harassment in the workplace.

Video Spotlight

We started as a boutique firm with huge ambitions. Schwab was a perfect fit.

Sponsored by Schwab Advisor Services

Recommended Video

Keys to a successful deal

Latest news & opinion

10 millennials making their mark in Washington — and beyond

These next-generation leaders are raising their voices and gaining influence over financial advice regulation and legislation.

Warburg Pincus among private equity managers interested in acquiring Kestra Financial

Sources say Kestra is being valued at between $600 million and $800 million, about eight to 10 times EBITDA.

10 highest paid professions in America today

These are the top-paying jobs in the U.S., according to Glassdoor.

Former Merrill Lynch star broker Thomas Buck sentenced to 40 months in prison

He pleaded guilty to securities fraud in 2017; charged clients excessive commissions.

Rules for claiming Social Security at 70

Some individuals' benefits will begin automatically; others have to take action.

X

Hi! Glad you're here and we hope you like all the great work we do here at InvestmentNews. But what we do is expensive and is funded in part by our sponsors. So won't you show our sponsors a little love by whitelisting investmentnews.com? It'll help us continue to serve you.

Yes, show me how to whitelist investmentnews.com

Ad blocker detected. Please whitelist us or give premium a try.

X

Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print