Standards of Practice Guidance 2014
Standard III(E) Preservation of Confidentiality
Updated March 2018
Members and Candidates must keep information about current, former, and prospective clients confidential unless:
- The information concerns illegal activities on the part of the client;
- Disclosure is required by law; or
- The client or prospective client permits disclosure of the information.
- Status of Client
- Compliance with Laws
- Vulnerable Investors (Added March 2018)
- Electronic Information and Security (Updated March 2018)
- Professional Conduct Investigations by CFA Institute
- Recommended Procedures for Compliance
- Application of the Standard
Standard III(E) requires that members and candidates preserve the confidentiality of information communicated to them by their clients, prospective clients, and former clients. This standard is applicable when (1) the member or candidate receives information because of his or her special ability to conduct a portion of the client’s business or personal affairs and (2) the member or candidate receives information that arises from or is relevant to that portion of the client’s business that is the subject of the special or confidential relationship. If disclosure of the information is required by law or the information concerns illegal activities by the client, however, the member or candidate may have an obligation to report the activities to the appropriate authorities.
Status of Client
This standard protects the confidentiality of client information even if the person or entity is no longer a client of the member or candidate. Therefore, members and candidates must continue to maintain the confidentiality of client records even after the client relationship has ended. If a client or former client expressly authorizes the member or candidate to disclose information, however, the member or candidate may follow the terms of the authorization and provide the information.
Compliance with Laws
As a general matter, members and candidates must comply with applicable law. If applicable law requires disclosure of client information in certain circumstances, members and candidates must comply with the law. Similarly, if applicable law requires members and candidates to maintain confidentiality, even if the information concerns illegal activities on the part of the client, members and candidates should not disclose such information. Additionally, applicable laws, such as inter-departmental communication restrictions within financial institutions, can impose limitations on information flow about a client within an entity that may lead to a violation of confidentiality. When in doubt, members and candidates should consult with their employer’s compliance personnel or legal counsel before disclosing confidential information about clients.
(Added March 2018)
Members and candidates diligently work to safeguard the interests of all clients, including potentially vulnerable investors, and faithfully exercise their professional responsibilities. Actions involving dishonesty and fraud damage securities markets beyond the financial losses of some investors by undermining the faith and confidence of every participant in the investment industry. Understanding the obligations and how to recognize the red flags of diminished capacity and financial exploitation by others is critical to protecting the interests of potentially vulnerable investors.
Standard III(E) establishes a duty for members and candidates to keep client information confidential from third parties. This can become problematic if the member or candidate suspects that the client’s faculties are failing and thus believes it is necessary to consult with outside parties. A best practice for members and candidates is to establish a secondary contact at the beginning of the client arrangement. This could be a trusted family member, legal adviser, or other third-party intermediary the client permits contacting should concerns arise about his or her ability to make informed decisions about his or her finances. The nominated secondary contact provides members and candidates an avenue to prevent and/or address potential financial abuse of the client.
Without such an agreement, requirements placed on members and candidates in regard to maintaining the confidentiality of client relationships and accounts may prevent discussing concerns with anyone other than the direct account holders. The myriad of local and national regulations may not provide clarity about the circumstances under which the investment professional can consult with others about the client’s account. Previously agreed upon parameters with the client and appropriate compliance policies, procedures, and training by employers are important to determine the best course of action.
As long as it is legally permissible, members and candidates may make limited disclosures pertaining to the existence of a client account and concerns about the vulnerability of the client may be made as directed by applicable law. Often regulatory or governmental agencies provide resources for intervening when such concerns arise. These services have the authority to properly investigate the situation of the investor. Members and candidates following applicable law on permitted disclosures do not conflict with the obligations of Standard III(E).
All conversations with the client and any outside parties should be fully documented and retained in the client files as to the reasons for disclosing the sensitive information.
Electronic Information and Security
Because of the ever-increasing volume of electronically stored information, members and candidates need to be particularly aware of possible accidental disclosures. Many employers have strict policies about how to electronically communicate sensitive client information and store client information on personal laptops, mobile devices, or external storage devices or systems. In recent years, regulatory authorities have imposed stricter data security laws applying to the use of mobile remote digital communication, including the use of social media, that must be considered. Standard III(E) does not require members or candidates to become experts in information security technology, but they should have a thorough understanding of the policies of their employer. The size and operations of the firm will lead to differing policies for ensuring the security of confidential information maintained within the firm. Members and candidates should encourage their firm to conduct regular periodic training on confidentiality procedures for all firm personnel, including portfolio associates, receptionists, and other non-investment staff who have routine direct contact with clients and their records.(Updated March 2018)
Professional Conduct Investigations by CFA Institute
The requirements of Standard III(E) are not intended to prevent members and candidates from cooperating with an investigation by the CFA Institute Professional Conduct Program (PCP). When permissible under applicable law, members and candidates shall consider the PCP an extension of themselves when requested to provide information about a client in support of a PCP investigation into their own conduct. Members and candidates are encouraged to cooperate with investigations into the conduct of others. Any information turned over to the PCP is kept in the strictest confidence. Members and candidates will not be considered in violation of this standard by forwarding confidential information to the PCP.Back to top
Recommended Procedures for Compliance
The simplest, most conservative, and most effective way to comply with Standard III(E) is to avoid disclosing any information received from a client except to authorized fellow employees who are also working for the client. In some instances, however, a member or candidate may want to disclose information received from clients that is outside the scope of the confidential relationship and does not involve illegal activities. Before making such a disclosure, a member or candidate should ask the following:
- In what context was the information disclosed? If disclosed in a discussion of work being performed for the client, is the information relevant to the work?
- Is the information background material that, if disclosed, will enable the member or candidate to improve service to the client?
Members and candidates need to understand and follow their firm’s electronic information communication and storage procedures. If the firm does not have procedures in place, members and candidates should encourage the development of procedures that appropriately reflect the firm’s size and business operations.
Communicating with Clients
Technological changes are constantly enhancing the methods that are used to communicate with clients and prospective clients. Members and candidates should make reasonable efforts to ensure that firm-supported communication methods and compliance procedures follow practices designed for preventing accidental distribution of confidential information. Given the rate at which technology changes, a regular review of privacy protection measures is encouraged.
Members and candidates should be diligent in discussing with clients the appropriate methods for providing confidential information. It is important to convey to clients that not all firm-sponsored resources may be appropriate for such communications.
Providing Services to Vulnerable Investors
(Added March 2018)
Members and candidates should encourage their firms to take steps to protect the interests of vulnerable investors, including the growing number of senior investors, by:
- Establishing policies and procedures specifically dealing with vulnerable clients;
- Asking for a secondary contact during the establishment of every account. Clients declining to provide this information would need to authorize an opt-out portion of the documents;
- Identifying issues related to vulnerable investors to increase awareness for employees;
- Training and educating employees on how to interact and address issues with clients who may exhibit diminished mental capacity;
- Establishing internal reporting procedures when concerns are raised; and
- Implementing additional compliance review for the accounts of vulnerable investors.
Application of the Standard
Example 1 (Possessing Confidential Information):
Sarah Connor, a financial analyst employed by Johnson Investment Counselors, Inc., provides investment advice to the trustees of City Medical Center. The trustees have given her a number of internal reports concerning City Medical’s needs for physical plant renovation and expansion. They have asked Connor to recommend investments that would generate capital appreciation in endowment funds to meet projected capital expenditures. Connor is approached by a local businessman, Thomas Kasey, who is considering a substantial contribution either to City Medical Center or to another local hospital. Kasey wants to find out the building plans of both institutions before making a decision, but he does not want to speak to the trustees.
Comment: The trustees gave Connor the internal reports so she could advise them on how to manage their endowment funds. Because the information in the reports is clearly both confidential and within the scope of the confidential relationship, Standard III(E) requires that Connor refuse to divulge information to Kasey.
Example 2 (Disclosing Confidential Information):
Lynn Moody is an investment officer at the Lester Trust Company. She has an advisory customer who has talked to her about giving approximately US$50,000 to charity to reduce her income taxes. Moody is also treasurer of the Home for Indigent Widows (HIW), which is planning its annual giving campaign. HIW hopes to expand its list of prospects, particularly those capable of substantial gifts. Moody recommends that HIW’s vice president for corporate gifts call on her customer and ask for a donation in the US$50,000 range.
Comment: Even though the attempt to help the Home for Indigent Widows was well intended, Moody violated Standard III(E) by revealing confidential information about her client.
Example 3 (Disclosing Possible Illegal Activity):
Government officials approach Casey Samuel, the portfolio manager for Garcia Company’s pension plan, to examine pension fund records. They tell her that Garcia’s corporate tax returns are being audited and the pension fund is being reviewed. Two days earlier, Samuel had learned in a regular investment review with Garcia officers that potentially excessive and improper charges were being made to the pension plan by Garcia. Samuel consults her employer’s general counsel and is advised that Garcia has probably violated tax and fiduciary regulations and laws.
Comment: Samuel should inform her supervisor of these activities, and her employer should take steps, with Garcia, to remedy the violations. If that approach is not successful, Samuel and her employer should seek advice of legal counsel to determine the appropriate steps to be taken. Samuel may well have a duty to disclose the evidence she has of the continuing legal violations and to resign as asset manager for Garcia.
Example 4 (Disclosing Possible Illegal Activity):
David Bradford manages money for a family-owned real estate development corporation. He also manages the individual portfolios of several of the family members and officers of the corporation, including the chief financial officer (CFO). Based on the financial records of the corporation and some questionable practices of the CFO that Bradford has observed, Bradford believes that the CFO is embezzling money from the corporation and putting it into his personal investment account.
Comment: Bradford should check with his firm’s compliance department or appropriate legal counsel to determine whether applicable securities regulations require reporting the CFO’s financial records.
Example 5 (Accidental Disclosure of Confidential Information):
Lynn Moody is an investment officer at the Lester Trust Company (LTC). She has stewardship of a significant number of individually managed taxable accounts. In addition to receiving quarterly written reports, about a dozen high-net-worth individuals have indicated to Moody a willingness to receive communications about overall economic and financial market outlooks directly from her by way of a social media platform. Under the direction of her firm’s technology and compliance departments, she established a new group page on an existing social media platform specifically for her clients. In the instructions provided to clients, Moody asked them to “join” the group so they may be granted access to the posted content. The instructions also advised clients that all comments posted would be available to the public; thus, the platform was not an appropriate method for communicating personal or confidential information.
Six months later, in early January, Moody posted LTC’s year-end “Market Outlook.” The report outlined a new asset allocation strategy that the firm is adding to its recommendations in the new year. Moody introduced the publication with a note informing her clients that she would be discussing the changes with them individually in their upcoming meetings.
One of Moody’s clients responded directly on the group page that his family recently experienced a major change in their financial profile. The client described highly personal and confidential details of the event. Unfortunately, all clients that were part of the group were also able to read the detailed posting until Moody was able to have the comment removed.
Comment: Moody has taken reasonable steps to protect the confidentiality of client information while using the social media platform. She provided instructions clarifying that all information posted to the site would be publicly viewable to all group members and warned against using this method for communicating confidential information. The accidental disclosure of confidential information by a client is not under Moody’s control. Her actions to remove the information promptly once she became aware further align with Standard III(E).
In understanding the potential sensitivity clients express surrounding the confidentiality of personal information, this event highlights a need for further training. Moody might advocate for additional warnings or controls for clients when they consider using social media platforms for two-way communications.