Financial firms, broker-dealers, investment companies and advisers, and transfer agents, beware: The SEC recently issued Regulation S-AM: Limitations on Affiliate Marketing which will significantly step up scrutiny on your marketing practices. This regulation stipulates that the SEC, together with the Federal Trade Commission (FTC) and the federal banking agencies, can limit the utilization of a person's contact information for consumer marketing purposes unless the consumer fully discloses that, such information may be used specifically for the said purposes. Regulation S-AM will give the Fed broad and far reaching enforcement power. It’s imperative that you understand the “ins and outs” of this bill in order to protect your company from serious fines and penalties.
Register today and learn more about Regulation S-AM and its underlying provisions. Given the potential seriousness damages resulting from enforcement activity, this is a webcast that you cannot afford to miss.
Course Level: Intermediate
Prerequisite: None
Method Of Presentation: Group-Based-Internet
Developer: The Knowledge Conference
Recommended CLE/CPE Hours: 2.0
Important Note: Your State Bar or Accounting Board will make the final determination with respect to continuing education credit. If you are applying for CLE credit in Texas you must register 20 days before the event date or you will not be able to obtain CLE credit.
Advance Preparation: Print and review course materials
Course Code: 083809
Brice Prince
Special Counsel, Division of Trading and Markets
Clifford E. Kirsch
Partner
Maureen A. Young, Esq.
Partner, Financial Institutions Corporate and Regulatory Group
Co-Chair, Privacy and Security Group
Sven C. Collins
Partner
Brice Prince, Special Counsel, Division of Trading and Markets, U.S. Securities and Exchange Commission
- Background and Overview of the Regulation
- Rule making process
Maureen A. Young, Esq., Partner, Financial Institutions Corporate and Regulatory Group Co-Chair, Privacy and Security Group, Bingham McCutchen LLP
Technical Requirements of the Opt-Out Notice
A. Definition of "Eligibility Information"
B. Content of notice
C. "Reasonable" opportunity to opt out
D. Reasonable and simple method of opting out
E. Delivery of the notice
F. Scope of opt out
G. Duration of opt out
H. Renewal of opt out
I. Timing of opt out
J. Consolidated and Equivalent Notices
K. Affiliates who may provide notice
L. Role of Model Notices
M. Definition of Solicitation for Marketing Purposes
N. Available Exceptions
O. Definition of Pre-Existing Business Relationship
Sven C. Collins, Partner, Holme Roberts & Owen LLP
Regulatory and Civil Liability Under Regulation S-AM
I. Enforcement Authority Under Reg S-AM
a. The SEC has authority to enforce Regulation S-AM
i. The Securities and Exchange Commission (“SEC”) may not have enforcement authority under the Fair Credit Reporting Act (“FCRA”).
1. Section 621(a)(1) of the FCRA grants enforcement authority to the FTC for all persons subject to the FCRA “except to the extent that enforcement . . . is specifically
committed to some other government agency under subsection (b)” of Section 621. 15 U.S.C. 1681s(a)(1). The SEC is not one of the agencies included under
subsection (b). However, the SEC was added to the list of federal agencies required by Section 214(b) to adopt regulations implementing Section 624 of the FCRA.
2. Section 621(a)(2)(A) of the FCRA provides that the maximum civil penalty the FTC may impose per violation is $2,500.
ii. However, under Section 21B(a) of the Securities Exchange Act of 1934 (“Exchange Act”), the SEC may assess a civil monetary penalty against any person who has
willfully violated or willfully aided and abetted any violations of the Exchange Act or the rules or regulations thereunder.
b. Evaluation of SEC’s Recent Stepped-Up Enforcement Action Under Companion Reg S-P. SEC has brought enforcement actions in three distinct scenarios: (i) willful
solicitation of nonpublic customer information; (ii) failure to implement reasonable electronic measures and protocols to protect against security breaches; and (iii)
negligence in handling customer records containing nonpublic personal information.
i. Soliciting Nonpublic Personal Customer Information In Broker Transfer Process – NEXT Financial Group, Inc.
1. NEXT encouraged recruits to fill out spreadsheets with customer names, contact information, account numbers, social security numbers or tax IDs, account types, net
worth, income, bank names, and driver’s license numbers. NEXT went so far as to ask recruits to provide passwords and user identifications of their current
brokerage firm to obtain nonpublic customer information
2. SEC administrative law judge ordered NEXT to stop asking recruits to bring with them nonpublic customer information for account transfers and to stop allowing
departing reps to take such information.
3. $125,000 civil monetary penalty for disclosing nonpublic personal information about its customers to nonaffiliated third parties without notice or a reasonable
opportunity to opt out of such disclosure, asking recruits to bring with them nonpublic customer information for account transfers, and allowing departing reps to take
such information.
4. Civil penalty imposed under Section 21B(a) of the Exchange Act. (Order available at http://sec.gov/litigation/aljdec/2008/id349 jtk.pdf)
ii. Failure to Implement Reasonable Protective Electronic Measures to Protect Nonpublic Personal Customer Information – Commonwealth Equity Services, LLP
1. $100,000 civil monetary penalty for failure to require antivirus software on company computers and providing procedures to follow up on potential security issues
uncovered during branch audits or when employees reported issues. Intruder gained access to ;customer accounts through use of a computer virus. (Order available
at http://www.sec.gov/litigation/admin/2009/34-60733.pdf)
2. Civil penalty imposed pursuant to Sections 15(b) and 21C of the Exchange Act and Sections 203(e) and 203(k) of the Investment Advisers Act of 1940.
iii. Negligence In Handling Customer Records With Nonpublic Personal Information – J.P.Turner & Company, LLC
1. J.P. Turner failed to adopt and implement policies and procedures designed to safeguard customer records and information as required by Rule 30(a) of Reg S-P.
(Order available at http://www.sec.gov/litigation/admin/2009/34-60325-o.pdf)
2. Because it never complied with Reg S-P, J.P Turner never gave its employees guidance on how to protect and dispose of customer records. As a result, the account
records of over 5,000 brokerage customers of were left abandoned for several weeks at the curbside of the former home of a registered representative.
3. Commission issued an order pursuant to Sections 15(b) and 21C of the Exchange Act instituting administrative cease and desist proceedings.
II. Potential Private Right of Action for Violations of Reg S-AM Under FCRA
a. Although Reg S-AM does not expressly provide a private right of action, its enabling statute, the FCRA provides a private right of action.
i. Section 616 of the FCRA – Civil Liability for Willful Noncompliance
1. Liable for any actual damages, punitive damages, and reasonable attorney’s fees in the case of a successful action.
ii. Section 617 of the FCRA – Civil Liability for Negligent Noncompliance
1. Liable for any actual damages and reasonable attorney’s fees in the case of a successful action.
Clifford E. Kirsch, Partner, Sutherland Asbill & Brennan LLP
Compliance Considerations for Registered BDs and IAs
- What can we expect from the SEC and FINRA 2010 Exam Program
- Implementing Regulation S-AM in the Context of a Firm’s Overall Privacy Program
- Reacting to the SEC’s Enforcement Cases
- Steps to Take Today
- Brokers
- Dealers
- Transfer agents
- Investment companies
- Investment advisers
This is a must attend event for anyone interested in understanding Regulation S-AM
- New guidance explained by the most qualified key leaders & experts
- Interact directly with panel during Q&A