CUSTOMER IDENTIFICATION AND KEEPING THEIR INFORMATION SECURE
A massive part of giving a customer the correct advice when it comes to what they should be investing in revolves around finding out the right kinds of information about them.
That information, much of it which is not only private but can be extremely sensitive, will help us to understand their exact investment needs.
It should always be treated with the greatest of care not only to protect customers but also to help keep a strong bond of trust with them.
There’s another critical aspect to this as well and that’s determining if customers are who they say they are.
In this section, we will look specifically at how customer information is collected as well as how it should be stored to ensure that it’s kept safe and what to do if a customer isn’t who they portray themselves to be.
Customer identification program
The Customer Identification Program (CIP) must be instituted by all broker-dealers as per the USA Patriot Act.
The main purpose of this is to ensure that a customer is who they say they are by verifying their identity.
It’s the first step in trying to spot criminals and/or terrorists that might be trying to invest money for nefarious purposes.
It’s pretty simple to initiate as well and potential new customers don’t have to jump through any hoops to prove they are who they say they are.
For example, they will just need to produce some form of government-issued identification.
This must be valid (in other words, not have expired) and can be any of the following:
- State ID
- Military ID
- Driver’s license
For customers that are an entity and not an individual, that’s obviously not going to work.
In this case, showing that the entity exists must be proved as a way of identifying it.
This is easily done by providing relevant documents which include:
- Certified articles of incorporation
- A business license that’s issued by the government
- A partnership agreement
- A trust instrument
Whatever way a broker-dealer verifies an individual or an entity, a record must be kept as to how this was carried out.
They must also take the time to check the individual or entity against lists of suspected terrorist or terrorist organizations.
As for the information that must be provided, the minimum requirements are as follows:
- The name of the customer
- If it is an individual, their date of birth
- Address. For individuals, this can be a business address or a residential address. If they don’t have one, for example, they are in the military forces, then a Fleet Post Office box or an Army Post Office box will suffice. A next of kin or another individual’s address can be used as well.
- Individual social security number or a business entity tax number. If the individual is waiting for their social security number, the broker-dealer must obtain it from them once they have it (and within a reasonable time frame).
- If the individual is a non-US citizen, additional information is required. This includes one or more of: their passport number, the country that issued it, a taxpayer identification number, alien identification card number.
A CIP will include provisions that cover the situation when broker-dealers don’t believe that they know the customer’s true identity.
These provisions will outline:
- In what circumstances a BD should not open an account
- Conditions in which the customer can carry out transactions while their identity is verified by the broker-dealer
- If these attempts at determining their identity fail, when a customer account should the be closed
- If, in accordance with various regulations and laws, a suspicious activity report should be filed
Knowing your customer
Rule 2090 or the know your customer rule (KYC) obligates the broker-dealer and their registered representatives to get information from their customers.
Note, however, that even if a registered representative asks for this information, a customer doesn’t have to provide all of it.
When some of the information asked for is not available, the KYC rule allows for some leeway.
In situations like this, the recommendations that a registered representative makes to a customer regarding the products on offer, or the investments they make, can be narrowed down, if need be.
Based on what the firm knows about a customer through the information they offer, the firm can make recommendations in the absence of certain information.
That’s as long as they believe they know enough about the customer and that their recommendation remains suitable for them.
While understanding a customer’s financial situation is important in making the right recommendations, there’s more to it than that.
Registered representatives need to dig deeper than that and find out about the circumstances of each individual and not only their financial needs but their nonfinancial ones as well (something we will cover in more detail a little later in this study guide).
Suitable recommendations are easier to make when a registered representative knows the objectives, circumstances, and needs of each individual.
Not only that but it works from the other side too with customers trusting their registered representative and the recommendations that are made to them.
Regulation S-P, which comes from the privacy rules as set out under the Gramm-Leach-Bliley Act is necessary for registered representatives to understand.
Part of the act covers “nonpublic personal information” or NPI and advocates the importance of financial institutions’ responsibility in protecting the NPI of their customers.
Some of the information collected when a customer signs up for a new account is considered as NPI including their social security number, driver’s license number, any account numbers (from a bank, for example), and others.
Safeguards have to be put in place as required by Regulation S-P to ensure that no one without the proper authority is privy to this information.
This information must be kept by the broker-dealer as well and without proper disclosures in place, can never be passed on to third parties that are not affiliated.
Usually, when a customer opens an account, or a customer relationship is established a broker-dealer’s procedures and policies that cover the privacy of the customer must be conveyed to them.
From that point on, this should happen every year after as well.
Guidelines for this include:
- Customers must be told, either in writing, electronically, or on other permitted methods that some of the information they provided to the broker-dealer could be disclosed to a third party.
- Before this information is disclosed for the first time, customers should be given the chance to request that the third party does not receive the information
- The ways in which a customer can choose to opt of having their information passed on must be explained to the customer
A customer’s right to opt-out
The opportunity to opt-out of the sharing of NPI must be given to customers as required by federal law.
When a customer is given the information about the opt-out process, it must include the applicable products or services to which this is applicable.
The notice will also show the procedure a customer will need to follow that allows them to exercise the opt-out option.
These methods should be simple.
Requesting that customers write their own letter and send it to the company is not simple.
Sending them a postage-paid reply card that they just need to fill in and pop in the post is, however.
Payment and delivery instructions will be established between the registered representative and a new customer once their account has been opened.
There are numerous options that a customer can select in this regard but these can change for single transactions if need be or at any point in the future.
The options are:
- Transfer and ship: The securities are shipped to a customer once they are registered in their name
- Transfer and hold in safekeeping: The broker-dealer will hold onto the securities once they are registered in the customer’s name.
- Hold in street name: The securities are not only held by the broker-dealer but registered in their name as well. In this situation, the customer is the beneficial owner while the broker-dealer is the nominal owner.
- Delivery versus payment (DVP): A cash on delivery settlement that’s often used for institutional accounts, DVP securities are delivered to either a depository or a bank. There are a few steps that need to take place, however. The arrangement between the bank and the customer has to be confirmed by the broker-dealer. Also, for each sale or purchase, the bank or depository has to be advised that it’s taken place by the customer. Lastly, if the broker-dealer should forward the cash balance or hold it is designated by the customer.
When they open a new account a customer will be asked to provide certain mailing instructions to the broker-dealer.
Customers can request that statements and confirmations be forwarded to someone who holds power of attorney on their behalf.
This cannot be verbally agreed upon, however.
For this to happen, the customer must place a request in writing.
Should they wish to receive duplicates of the confirmations, the customer can request that too.
Again, that request will need to be in writing.
AUTHORIZATIONS FOR THIRD PARTIES
When it comes to business accounts, or any others that belong to legal entities, there could be more than one person that will trade on that account.
Often, it’s a third party that has received authorization from the account owners to make trades for them and even to manage their account overall.
Let’s look at some of the most common third-party authorizations that may come up on the Series 6 exam.
Discretionary trading authority
This one is pretty popular.
Discretionary trading authority sees the owner of the account allow someone to trade with it by giving them what is termed discretionary power.
More often than not, this person is a registered representative at the broker-dealer where they opened their account.
For this to happen, the customer will have to put their signature on a discretionary trading authorization and it needs to be signed by the principal too.
Should the correction authorization not appear in the customer file, then no discretionary trading will be allowed on their account.
A very serious breach of security regulations would have taken place should a trade take place without the necessary authorization.
Any trades made by a person that has received discretionary powers on the customer’s account will have to be accepted by that customer.
That doesn’t mean that they cannot trade.
If they want to enter their own orders for trades, they can do so as well.
At any time that they see fit, a customer may remove the discretionary trading authority order on their account.
Again, this cannot be done verbally, and there must always be a record added to the customer file, so they will have to do it in writing.
There are certain rules that are applied to discretionary accounts.
- When a trade is entered for discretion by a registered representative with discretionary authorization, the order must be identified as such.
- While they don’t need to be approved before the order entry, a principal of the broker-dealer does need to provide approval for each discretionary order. This must be done in writing.
- All transactions made by a registered representative with discretionary authorization must have a record kept of them
- Churning, or excessive trading based on the relative size of the account is not allowed. This is based on the investment objectives of the customer as well.
- As another level of protection against churning, discretionary accounts must have trading activity reviewed systematically as well as frequently. This must be carried out by a designated supervisor.
One final thing to note about discretionary accounts is that when a client gives discretionary authorization, it’s never to the broker-dealer.
Instead, it’s for the registered representative who deals with the account.
Should they leave the firm, or the customer dies, for example, that discretionary power will come to an end.
An explanation of what discretionary trade is
We’ve covered a fair amount of what discretionary trading authority is, let’s focus on what actually happens when a registered representative with this authority places a discretionary trade.
The first thing to note is that it’s a serious violation of regulations if this type of trade is not marked as such when it happens.
Discretion in a trade covers these critical elements which are known as the three A’s of discretion.
- The action of buying or selling the securities
- The dollar or share amount of the trade
- The traded asset that is being bought or sold
They are not the only things to consider.
Added to this are time and pricing elements.
They aren’t as important as the first three, however, as they do not require discretionary power.
So when is a trade considered discretionary?
Well, a trade is considered to be discretionary when any one of the three A’s that we covered above is the decision of the registered representative.
It’s not a discretionary trade when the customer has made or agreed to all of the three A elements.
Power of attorney
Power of attorney or POA for short is when a third party is given the authority to take part in an account by the person that holds that account.
Is this different from discretion?
Well, yes it is.
The main difference is the fact that the person who handed POA over a customer account doesn’t necessarily have to be a registered representative, but they can be.
Generally, POA is not only about trading but covers broader powers related to the account as well.
POAs must always be granted to the other party in writing and there are two types: limited power of attorney and full power of attorney.
Full power of attorney (FPOA) grants the following powers:
- Cash or securities deposit and withdrawal
- On behalf of the owner make investment decisions
- Changing account information, for example, changing the address linked to the account
Limited power of attorney (LPOA) doesn’t allow for full control over the customer account.
Instead, that control is somewhat limited as the name suggests.
For example, they won’t be able to withdraw assets from the account but can enter buy or sell orders.
An excellent example of LPOA is when a customer account is managed by an investment adviser firm.
In this situation, the control they have over the account is limited to the ability to place trades.
Note, it won’t be an individual that can carry out these trades like the case is with discretion.
Instead, the limited control over the account is given to the actual firm.
Can an account holder remove the POA if they choose to?
Yes, it can be revoked at any time.
POAs also ended when the person granting it dies or they become incapacitated (unless it’s a durable power of attorney which will continue through the incapacitation).
It will also fall away should the person given the power of attorney pass away as well.
What about other third-party authorizations?
When we speak of other types of third-party authorizations, it’s mainly fiduciaries that we are speaking about.
When a registered representative has trading authority on a customer’s account, whenever they place trades, it must always be done in the best interests of that customer.
In other words, their own interest, for example, earning a commission on the sale of a security that isn’t best suited for the customer, must always be placed last.