Using Client Usernames and Passwords
Most advisers don’t think about how the custody rule can be triggered by a variety of different actions they take in their business. One such action? Keeping and using your client’s username and password. Many advisers keep track of this information so they can quickly and efficiently view statements and effect trades. Clients are happy because they receive excellent service and advisers don’t have to keep going back to their clients every time they need access to the client’s account. However, online access where the adviser has the ability to withdraw funds and securities from the client’s accounts meets the definition of custody. Advisers must obtain surprise examinations conducted by independent public accountants where they have custody of client funds and securities. SEC registered firms may maintain and utilize client login information so long as they meet custody requirements. However, some states do not agree with the SEC’s position.
On September 25, 2018, the State of Pennsylvania issued its position on the use of client login information to access client custodial accounts. The State found that using client usernames and passwords may meet the definition of custody. A Pennsylvania registered investment adviser with custody must be in compliance with all custody rules as outlined in the Pennsylvania Securities Act of 1972. This generally requires notification to the Pennsylvania Department of Banking and Securities (the “Department”), a net worth of $35,000, an annual audited balance sheet, completion of an internal control report that includes an opinion of an independent certified public accountant, and an annual surprise examination of client funds or securities by and independent certified public accountant.
However, the State of Pennsylvania also found that the use of client usernames and passwords may cause clients to violate their own custodial user agreements or could void the custodian’s policies that allow for reimbursement for unauthorized withdrawals. Engaging in such practices means the registered investment adviser is misrepresenting themselves as their client to the custodian. As such, the State considers the use of client usernames and passwords to access client custodial accounts as a dishonest and unethical practice. The State’s Bureau of Securities Compliance and Examinations will recommend administrative action unless remedial action is taken by the investment adviser. The following remedial action would need to be taken:
- Cease all use of client usernames and passwords to access client custodial accounts.
- Notify affected clients to change their login information and security questions.
- Notification must be in writing.
Most investment advisers don’t want to deal with the additional cost and headache of having custody. So what is the solution? There are a number of applications that allows advisers to login using their own credentials to view client accounts or that consolidate a client’s account information (even for accounts the adviser is not actively managing) so that the adviser can view this important information without having to retain the client’s login information to access it.
Do you have questions about whether you have custody? Give us a call today at (770) 462-2118