Virtual Staff Cybersecurity Requirements: Compliance Issues When Adding New Employees Or Contractors

Virtual Staff Cybersecurity Requirements: Compliance Issues When Adding New Employees Or Contractors

The owners of solo advisory firms often find themselves splitting their time between client-facing duties and the administrative work of running their business; yet, as the firm’s business increases, advisor-owners will inevitably reach the limits of their capacity. This can lead many advisors to hire support staff to handle more of the administrative work to free up their time so that they can focus on what they truly love – giving advice and managing client relationships. When making the decision to hire a candidate, though, it is not only necessary to put careful thought into how that person will help the advisor, but also to consider how the new hire will affect the firm from a compliance standpoint. Because, depending on the tasks that the new hire is expected to perform, they may be subject to different types of regulatory oversight based on whether the work they do actually constitutes providing advice to clients (even if offered indirectly, through a back-office role) and/or involves them having access to sensitive client information.

Though it is ultimately up to the advisory firm owner to decide what types of job duties to outsource to new personnel, and whether to hire an employee or independent contractor, it is necessary to know what these duties will be before going into the process of vetting and hiring a candidate. Because adding personnel to assist with developing or delivering investment advice to clients could significantly add to the firm’s oversight and reporting responsibilities (possibly undermining the firm owner’s goal of having more time to spend advising clients)!

For instance, if a new hire will be delivering investment advice to clients, that person may also need to register as an Investment Adviser Representative (IAR), requiring them to pass a qualifying examination such as the Series 65 exam or to hold a professional designation such as the CFP, which can supersede the requirement to pass a qualifying exam. Furthermore, a new hire who provides advice will likely be considered a “supervised person” by the SEC or state regulatory authorities and would be subject to the firm’s compliance and ethics policies (requiring the firm owner to meet certain oversight and reporting requirements for supervised persons under SEC or state regulations). Supervised persons with access to clients’ securities trading activity or the investment recommendations made to clients can also be considered “access persons” subject to additional personal securities account reporting requirements (which also must be reviewed by the firm’s owner or Chief Compliance Officer). Even if the role is one that does not entail the delivery of advice or access to securities trading information or investment recommendations, such as a client service associate or administrative assistant, the firm will still need to implement safeguards to control the employee or independent contractor’s access to clients’ Nonpublic Personal Information (NPI).

Ultimately, whether the new role is meant to be filled by an employee or independent contractor, the best practices are to assess the level of advice delivery and access to client information the role would entail, perform due diligence on candidates and understand what actions would need to be taken upon hiring (such as registering them as an IAR) to remain in compliance, plan for training and supervision on an ongoing basis, and have a plan of action if the arrangement is eventually terminated. And, as with all compliance tasks, it’s best to put all procedures in writing and document any actions along the way. As while the ultimate goal of hiring support staff is often to allow the owner more time for revenue-generating and advisory activities, being able to trust that their new hire will remain in compliance with laws and regulations will allow the firm owner to focus on their own advisory duties.

Read More…


Leave a Reply

Your email address will not be published.