No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Featured

Protecting Privacy Rights While Preventing Financial Exploitation

Broker-Dealer Concerns

by Josh Jones
August 20, 2019
in Featured, Financial Services
credit card on fish hook

Financial institutions must balance the desire to protect vulnerable clients from financial exploitation with their clients’ rightful expectation that their privacy interests will be respected. Bressler, Amery & Ross’ Josh Jones discusses reporting and disclosure issues.

The financial exploitation of senior investors and vulnerable adults is a growing problem. Brokerage firms are facing increased scrutiny over their effort to protect at-risk investors from those who prey on the weak. Baby boomers are targeted daily with more sophisticated scams. Because of the number of potential victims and the dollars involved (boomers are the most invested generation in the history of the markets), a near perfect storm looms for compliance personnel. And regulators, legislators and investors’ attorneys already have taken notice.

At the same time, the industry is grappling with the safekeeping of private client information. Whether it is hackers seeking to exploit system vulnerabilities, regulators looking into companies’ efforts to safeguard their clients’ personal information or the general public’s outrage at what it views as breaches of trust, privacy issues are in the news on a daily basis.

Efforts to protect against senior financial exploitation and the safekeeping of client data have a natural intersection.  Specifically, how does a firm report suspected financial exploitation or take other steps to protect at risk investors while still complying with the laws and regulations governing disclosure of such information?

Legislative and Regulatory Framework

A thorough discussion of the laws and regulations governing client privacy would require more space than is available here. Suffice it to say that there are myriad legal requirements brokerage firms must abide by in protecting their clients’ information. Most notably, these include the Gramm-Leach-Bliley Act (GLBA) and applicable self-regulatory organization rules.

In addition, there has been a recent flurry of new federal and state legislation that permits and/or requires reports of suspected financial exploitation. On the federal level, in May 2018, the President signed into law the Senior Safe Act, which encourages (but does not require) certain financial institutions to disclose suspected financial exploitation by providing limited immunity under certain circumstances with regard to such disclosures. On the state level, 26 states have passed so-called “report and hold” legislation that either requires or permits – there are variances state to state – a report of suspected exploitation to state adult protective services (APS), securities divisions or other agencies. Some states also permit disbursement or transactional holds when financial exploitation is suspected. FINRA last year implemented Rule 2165, which permits reporting and disbursement holds when exploitation is suspected.

It cannot be emphasized enough that the federal law, various state laws and the FINRA rule have unique and differing requirements. Finally, all states have APS statutes and have for some time. Some APS statutes have provisions like the new federal and state laws and FINRA’s rule.

Disclosures to Regulators and/or Law Enforcement

The analysis about reporting to governmental agencies tasked with protecting senior investors is the simplest. As a general matter, disclosure of suspected exploitation to relevant federal, state and local authorities does not violate the privacy provisions of the GLBA. Interagency guidance issued by the U.S. Securities and Exchange Commission (SEC) and federal banking regulators makes clear that “disclosure of nonpublic personal information about consumers to local, state or federal agencies for the purpose of reporting suspected financial abuse of older adults will fall within one or more of the exceptions” set forth in GLBA and that such disclosures “may be made on the financial institution’s initiative.” Indeed, the Consumer Financial Protection Bureau’s Office for Older Americans issued a report to financial institutions recommending disclosure of all cases of suspected exploitation to relevant federal, state and local authorities, “regardless of whether reporting is mandatory or voluntary under state or federal law.” Such reporting could occur pursuant to the Senior Safe Act, APS regulations, the report and hold laws discussed above and/or a SAR filing with FinCEN.

Disclosures to Third Parties

A trickier issue involves disclosures to third parties such as relatives, other financial institutions or those who may have a professional relationship with clients. Firms often have a legitimate interest in involving a third party who may be in a better position to assist the vulnerable client in understanding that they were or are being exploited. Study after study demonstrates that victims do not appreciate the risks of exploitation and tend not to suspect the likely culprits (most frequently, someone they know very well). Firms may also need to correspond with other firms about exploitation, because it often involves the transfer of funds from one institution to another.

As an initial matter, GLBA contains an exception that would allow disclosure to anyone with the client’s consent (or the consent of the consumer’s legal representative). In addition, GLBA provides for disclosure to persons “holding a legal or beneficial interest relating to the consumer” and to those “acting in a fiduciary or representative capacity on behalf of the consumer….”

GLBA also provides that financial institutions may make a disclosure “to protect against or prevent actual or potential fraud, unauthorized transactions, claims or other liability….” This fraud exception, coupled with the public’s overwhelming interest in preventing exploitation of the vulnerable, could provide firms with a sufficient basis to disclose an investor’s confidential information to someone other than a regulator, particularly if faced with an imminent risk of loss. Firms could also choose to rely on disclosure to the appropriate authorities in an effort to prevent such a loss.

In an effort to “build in” a reliable third party to contact in the case of suspected exploitation, FINRA recently amended Rule 4512 to require that broker-dealers request contact information for “a trusted contact person age 18 or older who may be contacted about the customer’s account” from clients during the account opening process. Securing client permission to discuss potential exploitation with a trusted contact pursuant to Rule 4512 addresses any reasonable privacy concerns for firms.

In addition, firms may consider amending their client agreements to allow them, as a matter of contract with the client, to aid the client’s best interest if exploitation arises. As noted above, broker-dealers are now required under amended FINRA Rule 4512 to address the trusted contact issue in writing at account opening. Firms should consider using additional language in client agreements to give them the right to make disclosures above and beyond those contemplated in the FINRA rule.

Another possibility for consideration includes the adoption of laws or regulations directly authorizing sharing of such information among financial institutions. In the anti-money laundering space, Section 314(b) of the USA PATRIOT Act permits sharing of information on a voluntary basis when financial institutions suspect that a transaction involves proceeds from a “specified unlawful activity” under the federal money-laundering statute. Financial exploitation of elderly or vulnerable persons is not a “specified unlawful activity;” therefore, 314(b) is not applicable.

Although 314(b) does not apply to financial exploitation of elderly and vulnerable persons, it could serve as a potential model for a new statutory provision permitting such sharing. Specifically, a provision could be enacted allowing for the sharing of such information when a financial institution has a reasonable belief that financial exploitation of an elderly or vulnerable client is occurring, will occur or has occurred. A statutory provision analogous to 314(b) could further the brokerage industries’ and public’s interest in protecting the elderly and vulnerable while also properly respecting clients’ interests in protecting the privacy of their confidential information.


Tags: AMLConsumer Financial Protection Bureau (CFPB)Financial Crimes Enforcement Network (FinCEN)FINRASEC
Previous Post

ICO to Issue More Than $350M in Fines for GDPR Data Breaches

Next Post

The Antitrust Division Guidance on an Effective Compliance Program

Josh Jones

Josh Jones

Josh Jones is a Principal in Bressler, Amery & Ross’ Securities Litigation Department and the Managing Principal of the firm’s Alabama Office. His litigation practice encompasses the defense of brokerage firms and financial institutions in securities litigation, arbitration, criminal and regulatory investigations and providing counsel to corporate clients who confront issues affecting seniors and vulnerable investors. Jones also advises clients on business and commercial litigation matters in connection with bankruptcies and reorganizations, workouts and litigated insolvency matters.

Related Posts

disruption concept logs split

The Devil You Know …

by Carrie Pallardy
June 4, 2025

With compliance processes driven largely by regulatory requirements, the financial services sector could be forgiven for breathing a sigh of...

sec building sign

What to Expect From Atkins-Led SEC

by Jaclyn Jaeger
May 6, 2025

Former Bush-era commissioner returns with mission to streamline regulations and enhance capital markets

monies illustrating money laundering

Power Shift: What Happens When America Steps Back From Global AML Enforcement?

by Joe Biddle
April 15, 2025

EU's new anti-money laundering authority emerges as potential counterweight amid uncertain US priorities

news roundup new

Bang for the Buck: Regulators Pivot to Fewer But Higher-Value Enforcement Actions

by Staff and Wire Reports
April 11, 2025

CCI staff share recent surveys, reports and analysis on risk, compliance, governance, infosec and leadership issues. Share details of your...

Next Post
The Antitrust Division Guidance on an Effective Compliance Program

The Antitrust Division Guidance on an Effective Compliance Program

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights